From ec49cfb6170532d6b293a15ecefcfa2b56b4315b Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 18:30:33 +0200 Subject: Adding upstream version 0.46. Signed-off-by: Daniel Baumann --- .github/workflows/check.yml | 73 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/check.yml (limited to '.github/workflows/check.yml') diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..7e5afbe --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,73 @@ +name: CI + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + - name: install prerequisites + run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool + - name: shellcheck + run: shellcheck -s sh spectre-meltdown-checker.sh + - name: check indentation + run: | + if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then + echo "Badly indented lines found:" + grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh + exit 1 + else + echo "Indentation seems correct." + fi + - name: check direct execution + run: | + expected=16 + nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l) + if [ "$nb" -ne "$expected" ]; then + echo "Invalid number of CVEs reported: $nb instead of $expected" + exit 1 + else + echo "OK $nb CVEs reported" + fi + - name: check docker-compose run execution + run: | + expected=16 + docker-compose build + nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) + if [ "$nb" -ne "$expected" ]; then + echo "Invalid number of CVEs reported: $nb instead of $expected" + exit 1 + else + echo "OK $nb CVEs reported" + fi + - name: check docker run execution + run: | + expected=16 + docker build -t spectre-meltdown-checker . + nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) + if [ "$nb" -ne "$expected" ]; then + echo "Invalid number of CVEs reported: $nb instead of $expected" + exit 1 + else + echo "OK $nb CVEs reported" + fi + - name: check fwdb update + run: | + nbtmp1=$(find /tmp 2>/dev/null | wc -l) + ./spectre-meltdown-checker.sh --update-fwdb; ret=$? + if [ "$ret" != 0 ]; then + echo "Non-zero return value: $ret" + exit 1 + fi + nbtmp2=$(find /tmp 2>/dev/null | wc -l) + if [ "$nbtmp1" != "$nbtmp2" ]; then + echo "Left temporary files!" + exit 1 + fi + if ! [ -e ~/.mcedb ]; then + echo "No .mcedb file found after updating fwdb" + exit 1 + fi -- cgit v1.2.3