Task 60032533833

security: harden CI actions and subprocess calls

2026-01-11 06:14:39 completed security-hardening-ci-scripts a60858a820c15a7f07d39501add6de2b1618936b

build_duration:17s
ccache_hitrate:1m36s
docker_build_cached:true
docker_build_duration:7s

Commands that took longer than 1 second (total 58m49s)

line	duration	percentage	command
978	7s	0%	docker buildx build --file=/home/admin/actions-runner/_work/bitcoin/bitcoin/ci/test_imagefile --build-arg=CI_IMAGE_NAME_TAG=mirror.gcr.io/ubuntu:24.04 --build-arg=FILE_ENV=./ci/test/00_setup_env_native_fuzz_with_msan.sh --build-arg=BASE_ROOT_DIR=/home/admin/actions-runner/_work/_temp --platform=linux --label=bitcoin-ci-test --tag=ci_native_fuzz_msan --cache-from type=gha,url=http://127.0.0.1:12321/,url_v2=http://127.0.0.1:12321/,scope=ci_native_fuzz_msan --load /home/admin/actions-runner/_work/bitcoin/bitcoin
1142	1s	0%	`retry -- apt-get update`
1163	5s	0%	`retry -- apt-get install curl -y`
1462	2s	0%	`g++-13 g++-13-x86-64-linux-gnu`
1573	4s	0%	`amd64 4:13.2.0-7ubuntu1 [1100 B]`
1921	5s	0%	`(4:13.2.0-7ubuntu1) ...`
2252	42s	1%	`retry -- git clone --depth=1 https://github.com/llvm/llvm-project -b llvmorg-21.1.5 /llvm-project`
2383	3s	0%	`- skipped`
2515	1s	0%	`testing configuration: /llvm-project/libcxx/test/configs/llvm-libc++-shared.cfg.in`
2551	23s	0%	`ninja -C /cxx_build/ -j8`
4552	3s	0%	`rm -rf /llvm-project`
4557	39s	1%	`echo -n done`
4587	1s	0%	docker run --rm --interactive --detach --tty --cap-add=LINUX_IMMUTABLE --mount=type=bind,src=/home/admin/actions-runner/_work/bitcoin/bitcoin,dst=/home/admin/actions-runner/_work/bitcoin/bitcoin,readonly --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/ccache_dir,dst=/home/admin/actions-runner/_work/_temp/ccache_dir --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/depends/built,dst=/home/admin/actions-runner/_work/_temp/depends/built --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/depends/sources,dst=/home/admin/actions-runner/_work/_temp/depends/sources --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/previous_releases,dst=/home/admin/actions-runner/_work/_temp/previous_releases --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/build,dst=/home/admin/actions-runner/_work/_temp/build --env-file=/tmp/env-admin-ci_native_fuzz_msan --name=ci_native_fuzz_msan --network=ci-ip6net --platform=linux ci_native_fuzz_msan
4767	52s	1%	`1].Add(stats);`
5154	2m18s	3%	`-`
5295	11s	0%	`- skipped`
5611	17s	0%	`cmake --build /home/admin/actions-runner/_work/_temp/build -j8 --target all`
6147	51m23s	87%	`/home/admin/actions-runner/_work/_temp/build/test/fuzz/test_runner.py -j8 -l DEBUG /home/admin/actions-runner/_work/_temp/ci/scratch/qa-assets/fuzz_corpora/ --empty_min_time=60`
6600	9s	0%	`docker container kill 0981de5a35f9aeacd739b7991f55ecc699a2f5147e7156d385f8eaf0972d9734`

Tags

security-hardening-ci-scripts