name: Ubuntu

on: [push, pull_request, workflow_dispatch]

jobs:
  build:
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        mode:
          - default
          - full-system-policy
    steps:

      - name: Check out repository code
        uses: actions/checkout@v3

      - name: Install Build dependencies 
        run: |
          sudo apt-get update -q
          sudo apt-get install -y \
            devscripts debhelper config-package-dev \
            auditd apparmor-profiles apparmor-utils
          sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real

      - name: Build the apparmor.d package
        run: |
          if [[ ${{ matrix.mode }} == full-system-policy ]]; then
            echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules
          fi
          VERSION="0.$(git rev-list --count HEAD)-1"
          dch --newversion="$VERSION" --urgency=medium --distribution=stable --controlmaint "Release $VERSION"
          dpkg-buildpackage -b -d --no-sign

      - name: Install apparmor.d
        run: sudo dpkg --install ../apparmor.d_*_amd64.deb

      - name: Reload AppArmor
        run: | 
          sudo systemctl restart apparmor.service || true
          sudo systemctl status apparmor.service

      - name: Ensure compatibility with some AppArmor userspace tools
        run: sudo aa-enforce /etc/apparmor.d/aa-notify

      - name: Show AppArmor log and rules
        run: |
          sudo aa-log
          sudo aa-log -s
          sudo aa-log -r

      - name: Show Number of loaded profile
        run: sudo aa-status --profiled