name: Ubuntu on: [push, pull_request, workflow_dispatch] jobs: build: runs-on: ${{ matrix.os }} strategy: matrix: os: - ubuntu-24.04 - ubuntu-22.04 mode: - default - full-system-policy steps: - name: Check out repository code uses: actions/checkout@v4 - name: Install Build dependencies run: | sudo apt-get update -q sudo apt-get install -y \ devscripts debhelper config-package-dev \ auditd apparmor-profiles apparmor-utils sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real - name: Build the apparmor.d package run: | if [[ ${{ matrix.mode }} == full-system-policy ]]; then echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules fi VERSION="0.$(git rev-list --count HEAD)-1" dch --newversion="$VERSION" --urgency=medium --distribution=stable --controlmaint "Release $VERSION" dpkg-buildpackage -b -d --no-sign - name: Install apparmor.d run: sudo dpkg --install ../apparmor.d_*_amd64.deb || true - name: Reload AppArmor run: | sudo systemctl restart apparmor.service || true sudo systemctl status apparmor.service - name: Ensure compatibility with some AppArmor userspace tools run: | if [[ ${{ matrix.os }} != ubuntu-24.04 ]]; then sudo aa-enforce /etc/apparmor.d/aa-notify fi - name: Show AppArmor log and rules run: | sudo aa-log sudo aa-log -s sudo aa-log -r - name: Show Number of loaded profile run: sudo aa-status --profiled