summaryrefslogtreecommitdiffstats
path: root/.github/workflows/check.yml
blob: 7e5afbeeaec3adf8b6af5fc752e8871405b10ae6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

name: CI

on: [push, pull_request]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1
    - name: install prerequisites
      run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool
    - name: shellcheck
      run: shellcheck -s sh spectre-meltdown-checker.sh
    - name: check indentation
      run: |
        if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then
          echo "Badly indented lines found:"
          grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh
          exit 1
        else
          echo "Indentation seems correct."
        fi
    - name: check direct execution
      run: |
        expected=16
        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
        else
          echo "OK $nb CVEs reported"
        fi
    - name: check docker-compose run execution
      run: |
        expected=16
        docker-compose build
        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
        else
          echo "OK $nb CVEs reported"
        fi
    - name: check docker run execution
      run: |
        expected=16
        docker build -t spectre-meltdown-checker .
        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
        else
          echo "OK $nb CVEs reported"
        fi
    - name: check fwdb update
      run: |
        nbtmp1=$(find /tmp 2>/dev/null | wc -l)
        ./spectre-meltdown-checker.sh --update-fwdb; ret=$?
        if [ "$ret" != 0 ]; then
          echo "Non-zero return value: $ret"
          exit 1
        fi
        nbtmp2=$(find /tmp 2>/dev/null | wc -l)
        if [ "$nbtmp1" != "$nbtmp2" ]; then
          echo "Left temporary files!"
          exit 1
        fi
        if ! [ -e ~/.mcedb ]; then
          echo "No .mcedb file found after updating fwdb"
          exit 1
        fi
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 07:50:45 +0000