Try dynamic-use #26

Workflow file for this run

.github/workflows/integration-tests.yml at 837640a

	name: Integration Tests

	on:
	push:
	branches:
	- main
	- larose/use-action-by-name

	pull_request:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}

	jobs:
	audit:
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-22.04, ubuntu-24.04]
	timeout-minutes: 2

	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

	- name: Enable egress filtering
	uses: ./
	with:
	allowed-domains: \|
	*.google.com

	- name: Make HTTP requests
	run: \|
	curl https://www.google.com --output /dev/null
	curl https://www.bing.com --max-time 3 --output /dev/null

	block:
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-22.04, ubuntu-24.04]
	timeout-minutes: 2

	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

	- name: Enable egress filtering
	uses: ./
	with:
	allowed-domains: \|
	*.google.com
	egress-policy: block

	- name: Make HTTP requests
	run: source test/make_http_requests.sh

	- name: Make DNS requests
	run: \|
	if dig example.com; then
	echo 'Expected 'dig example.com' to fail, but it succeeded';
	exit 1;
	fi;

	if dig www.wikipedia.org; then
	echo 'Expected 'dig www.wikipedia.org' to fail, but it succeeded';
	exit 1;
	fi;

	block-but-allow-any-dns-requests:
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-22.04, ubuntu-24.04]
	timeout-minutes: 2

	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

	- name: Enable egress filtering
	uses: ./
	with:
	allowed-domains: \|
	*.google.com
	dns-policy: any
	egress-policy: block

	- name: Make HTTP requests
	run: source test/make_http_requests.sh

	- name: Make DNS requests
	run: \|
	dig example.com
	dig www.wikipedia.org

	docker:
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-22.04, ubuntu-24.04]
	timeout-minutes: 2

	steps:
	- name: Checkout
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332

	- name: Enable egress filtering
	uses: ./
	with:
	allowed-ips: \|
	172.17.0.0/16
	allowed-domains: \|
	production.cloudflare.docker.com
	docker.io
	*.docker.io
	www.google.com
	egress-policy: block

	- name: Test curl calls within Docker
	run: \|
	docker run --rm --entrypoint sh alpine/curl:8.7.1 -c "
	if ! curl https://www.google.com --max-time 5 --output /dev/null; then
	echo 'Expected curl to www.google.com to succeed, but it failed';
	exit 1;
	fi;

	if curl https://www.bing.com --max-time 5 --output /dev/null; then
	echo 'Expected curl to www.bing.com to fail, but it succeeded';
	exit 1;
	fi;
	"

	- name: Nginx
	run: source test/docker_nginx.sh

	- name: Nginx with port forwarding
	run: source test/docker_nginx_port_forwarding.sh

	use-by-name:
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-22.04, ubuntu-24.04]
	timeout-minutes: 2

	steps:
	# DO NOT use `actions/checkout`, we should run as if it was used in another workflow. This is to make sure the action doesn't assume its source code is at the root of the working directory. See https://github.com/bullfrogsec/bullfrog/commit/3a3e5e03112ef726b3079d402415760c9021fa39

	- uses: jenseng/dynamic-uses@02f544690a931f3967153cd5f14679cfeb61f830
	with:
	uses: bullfrogsec/bullfrog@${{ github.sha }}
	with: '{"allowed-domains": "www.google.com", "egress-policy": "block"}'

	- name: Make HTTP requests
	run: \|
	if ! curl https://www.google.com --output /dev/null; then
	echo 'Expected curl to www.google.com to succeed, but it failed';
	exit 1;
	fi;

	if curl https://www.bing.com --max-time 5 --output /dev/null; then
	echo 'Expected curl to www.bing.com to fail, but it succeeded';
	exit 1;
	fi;

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Try dynamic-use #26

Workflow file

Try dynamic-use #26

Jobs

Run details

Workflow file for this run