diff options
Diffstat (limited to '.github/workflows/check.yml')
-rw-r--r-- | .github/workflows/check.yml | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..c928dd5 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,73 @@ +name: CI + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + - name: install prerequisites + run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool + - name: shellcheck + run: shellcheck -s sh spectre-meltdown-checker.sh + - name: check indentation + run: | + if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then + echo "Badly indented lines found:" + grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh + exit 1 + else + echo "Indentation seems correct." + fi + - name: check direct execution + run: | + expected=15 + nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l) + if [ "$nb" -ne "$expected" ]; then + echo "Invalid number of CVEs reported: $nb instead of $expected" + exit 1 + else + echo "OK $nb CVEs reported" + fi + - name: check docker-compose run execution + run: | + expected=15 + docker-compose build + nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) + if [ "$nb" -ne "$expected" ]; then + echo "Invalid number of CVEs reported: $nb instead of $expected" + exit 1 + else + echo "OK $nb CVEs reported" + fi + - name: check docker run execution + run: | + expected=15 + docker build -t spectre-meltdown-checker . + nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) + if [ "$nb" -ne "$expected" ]; then + echo "Invalid number of CVEs reported: $nb instead of $expected" + exit 1 + else + echo "OK $nb CVEs reported" + fi + - name: check fwdb update + run: | + nbtmp1=$(find /tmp 2>/dev/null | wc -l) + ./spectre-meltdown-checker.sh --update-fwdb; ret=$? + if [ "$ret" != 0 ]; then + echo "Non-zero return value: $ret" + exit 1 + fi + nbtmp2=$(find /tmp 2>/dev/null | wc -l) + if [ "$nbtmp1" != "$nbtmp2" ]; then + echo "Left temporary files!" + exit 1 + fi + if ! [ -e ~/.mcedb ]; then + echo "No .mcedb file found after updating fwdb" + exit 1 + fi |