summaryrefslogtreecommitdiffstats
path: root/.github/workflows/check.yml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:25:25 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:25:25 +0000
commit7eecd0464223b1bf79351c8f29cb3da5ee31d936 (patch)
tree7e5deff77c13c92858808181794568f2d49c6f62 /.github/workflows/check.yml
parentInitial commit. (diff)
downloadspectre-meltdown-checker-3ac6b4d99dd4560f8a1bfe33d3c99920601c8c4c.tar.xz
spectre-meltdown-checker-3ac6b4d99dd4560f8a1bfe33d3c99920601c8c4c.zip
Adding upstream version 0.45.upstream/0.45upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github/workflows/check.yml')
-rw-r--r--.github/workflows/check.yml73
1 files changed, 73 insertions, 0 deletions
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
new file mode 100644
index 0000000..c928dd5
--- /dev/null
+++ b/.github/workflows/check.yml
@@ -0,0 +1,73 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+ build:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v1
+ - name: install prerequisites
+ run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
+ - name: shellcheck
+ run: shellcheck -s sh spectre-meltdown-checker.sh
+ - name: check indentation
+ run: |
+ if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then
+ echo "Badly indented lines found:"
+ grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh
+ exit 1
+ else
+ echo "Indentation seems correct."
+ fi
+ - name: check direct execution
+ run: |
+ expected=15
+ nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
+ if [ "$nb" -ne "$expected" ]; then
+ echo "Invalid number of CVEs reported: $nb instead of $expected"
+ exit 1
+ else
+ echo "OK $nb CVEs reported"
+ fi
+ - name: check docker-compose run execution
+ run: |
+ expected=15
+ docker-compose build
+ nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
+ if [ "$nb" -ne "$expected" ]; then
+ echo "Invalid number of CVEs reported: $nb instead of $expected"
+ exit 1
+ else
+ echo "OK $nb CVEs reported"
+ fi
+ - name: check docker run execution
+ run: |
+ expected=15
+ docker build -t spectre-meltdown-checker .
+ nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
+ if [ "$nb" -ne "$expected" ]; then
+ echo "Invalid number of CVEs reported: $nb instead of $expected"
+ exit 1
+ else
+ echo "OK $nb CVEs reported"
+ fi
+ - name: check fwdb update
+ run: |
+ nbtmp1=$(find /tmp 2>/dev/null | wc -l)
+ ./spectre-meltdown-checker.sh --update-fwdb; ret=$?
+ if [ "$ret" != 0 ]; then
+ echo "Non-zero return value: $ret"
+ exit 1
+ fi
+ nbtmp2=$(find /tmp 2>/dev/null | wc -l)
+ if [ "$nbtmp1" != "$nbtmp2" ]; then
+ echo "Left temporary files!"
+ exit 1
+ fi
+ if ! [ -e ~/.mcedb ]; then
+ echo "No .mcedb file found after updating fwdb"
+ exit 1
+ fi