Task 60521891665

security: harden CI actions and subprocess calls

2026-01-15 13:30:39 completed security-hardening-ci-scripts cb4f2b3b5b8d1a4c1acd46a5434c018e3af34975

build_duration:1m40s
ccache_hitrate:1m20s
docker_build_cached:true
docker_build_duration:26s
functional_test_duration:16m27s
unit_test_duration:3m16s

Commands that took longer than 1 second (total 22m38s)

line	duration	percentage	command
23	23s	1%	`LSan + UBSan + integer`
981	26s	1%	`docker buildx build --file=/home/admin/actions-runner/_work/bitcoin/bitcoin/ci/test_imagefile --build-arg=CI_IMAGE_NAME_TAG=mirror.gcr.io/ubuntu:24.04 --build-arg=FILE_ENV=./ci/test/00_setup_env_native_asan.sh --build-arg=BASE_ROOT_DIR=/home/admin/actions-runner/_work/_temp --platform=linux --label=bitcoin-ci-test --tag=ci_native_asan --cache-from type=gha,url=http://127.0.0.1:12321/,url_v2=http://127.0.0.1:12321/,scope=ci_native_asan --load /home/admin/actions-runner/_work/bitcoin/bitcoin`
1068	1s	0%	docker run --rm --interactive --detach --tty --cap-add=LINUX_IMMUTABLE --privileged -v /sys/kernel:/sys/kernel:rw --mount=type=bind,src=/home/admin/actions-runner/_work/bitcoin/bitcoin,dst=/home/admin/actions-runner/_work/bitcoin/bitcoin,readonly --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/ccache_dir,dst=/home/admin/actions-runner/_work/_temp/ccache_dir --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/depends/built,dst=/home/admin/actions-runner/_work/_temp/depends/built --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/depends/sources,dst=/home/admin/actions-runner/_work/_temp/depends/sources --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/previous_releases,dst=/home/admin/actions-runner/_work/_temp/previous_releases --mount=type=bind,src=/home/admin/actions-runner/_work/_temp/build,dst=/home/admin/actions-runner/_work/_temp/build --env-file=/tmp/env-admin-cinativeasan --name=ci_native_asan --network=ci-ip6net --platform=linux ci_native_asan
1166	1s	0%	`retry -- apt-get update`
1338	10s	0%	`- skipped`
1682	1m40s	7%	`cmake --build /home/admin/actions-runner/_work/_temp/build -j8 --target all install`
2904	3m16s	14%	`ctest --test-dir /home/admin/actions-runner/_work/_temp/build --stop-on-failure -j8 --timeout 2400`
3221	16m27s	72%	`/home/admin/actions-runner/_work/_temp/build/test/functional/test_runner.py -j8 --tmpdirprefix /home/admin/actions-runner/_work/_temp/ci/scratch/test_runner/ --ansi --combinedlogslen=99999999 --timeout-factor=40 --quiet --failfast`
4602	6s	0%	`docker container kill 5181e7830c542624b39d0f920ea890d316963972f2a2aa281e4cb4f2f148554d`

Tags

ASan + LSan + UBSan + integer

security-hardening-ci-scripts