Task 60007136968

security: harden CI actions and subprocess calls

2026-01-10 13:23:35 completed security-hardening-ci-scripts 6cc01c12b2e93b5c28ec5461ba8af25a2371b59e

configure_duration:11s
docker_build_cached:true
docker_build_duration:10s

Commands that took longer than 1 second (total 10m47s)

line	duration	percentage	command
951	10s	1%	`docker buildx build --file=/home/admin/actions-runner/_work/bitcoin/bitcoin/ci/test_imagefile --build-arg=CI_IMAGE_NAME_TAG=mirror.gcr.io/debian:trixie --build-arg=FILE_ENV=./ci/test/00_setup_env_native_iwyu.sh --build-arg=BASE_ROOT_DIR=/home/admin/actions-runner/_work/_temp --platform=linux --label=bitcoin-ci-test --tag=ci_native_iwyu --cache-from type=gha,url=http://127.0.0.1:12321/,url_v2=http://127.0.0.1:12321/,scope=ci_native_iwyu --load /home/admin/actions-runner/_work/bitcoin/bitcoin`
1128	3s	0%	`retry -- apt-get install curl -y`
1523	2s	0%	`g++-14`
1755	11s	1%	`amd64 4:14.2.0-1 [1344 B]`
2534	12s	1%	`(4:14.2.0-1) ...`
3284	1s	0%	`- skipped`
3331	19s	2%	`make -C /iwyu-build/ install -j8`
3389	57s	8%	`echo -n done`
3419	1s	0%	docker run --rm --interactive --detach --tty --cap-add=LINUX_IMMUTABLE --mount=type=bind,src=/home/admin/actions-runner/_work/bitcoin/bitcoin,dst=/home/admin/actions-runner/_work/bitcoin/bitcoin,readonly --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/ccache_dir,dst=/home/admin/actions-runner/_work/_temp/ccache_dir --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/depends/built,dst=/home/admin/actions-runner/_work/_temp/depends/built --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/depends/sources,dst=/home/admin/actions-runner/_work/_temp/depends/sources --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/previous_releases,dst=/home/admin/actions-runner/_work/_temp/previous_releases --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/build,dst=/home/admin/actions-runner/_work/_temp/build --env-file=/tmp/env-admin-ci_native_iwyu --name=ci_native_iwyu --network=ci-ip6net --platform=linux ci_native_iwyu
3600	11s	1%	`cmake -S /home/admin/actions-runner/_work/_temp -B /home/admin/actions-runner/_work/_temp/build -DBUILD_BENCH=ON -DBUILD_FUZZ_BINARY=ON -DWERROR=ON -DCMAKE_INSTALL_PREFIX=/home/admin/actions-runner/_work/_temp/ci/scratch/out -Werror=dev -DCMAKE_EXPORT_COMPILE_COMMANDS=ON --preset dev-mode -DBUILD_GUI=OFF -DCMAKE_C_COMPILER=clang-21 -DCMAKE_CXX_COMPILER=clang++-21`
4070	14s	2%	`tee /tmp/iwyu_ci.out`
4298	7m38s	70%	`tee /tmp/iwyu_ci.out`
35935	1s	0%	`python3 /include-what-you-use/fix_includes.py --nosafe_headers`
36772	11s	1%	`./contrib/devtools/clang-format-diff.py -binary=clang-format-21 -p1 -i -v`
60626	7s	1%	`docker container kill ed58537f6028690ff130e175c8be578a0bf1b02ff68882867ef8c907735d80c2`

Tags

security-hardening-ci-scripts