spectre-meltdown-checker/.github/workflows/check.yml

name: CI

on: [push]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v1
    - name: install prerequisites
      run: sudo apt-get install -y shellcheck jq
    - name: shellcheck
      run: shellcheck -s sh spectre-meltdown-checker.sh
    - name: check indentation
      run: |
        if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then
          echo "Badly indented lines found:"
          grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh
          exit 1
        else
          echo "Indentation seems correct."
        fi
    - name: check direct execution
      run: |
        expected=14
        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
        else
          echo "OK $nb CVEs reported"
        fi
    - name: check docker-compose run execution
      run: |
        expected=14
        docker-compose build
        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
        else
          echo "OK $nb CVEs reported"
        fi
    - name: check docker run execution
      run: |
        expected=14
        docker build -t spectre-meltdown-checker .
        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
          exit 1
        else
          echo "OK $nb CVEs reported"
        fi
chore: add github check workflow 2019-11-18 19:48:52 +01:00			`name: CI`

			`on: [push]`

			`jobs:`
			`build:`

			`runs-on: ubuntu-latest`

			`steps:`
			`- uses: actions/checkout@v1`
			`- name: install prerequisites`
			`run: sudo apt-get install -y shellcheck jq`
			`- name: shellcheck`
			`run: shellcheck -s sh spectre-meltdown-checker.sh`
			`- name: check indentation`
			`run: \|`
			`if [ $(grep -cPv "^\t*\S\|^$" spectre-meltdown-checker.sh) != 0 ]; then`
			`echo "Badly indented lines found:"`
			`grep -nPv "^\t*\S\|^$" spectre-meltdown-checker.sh`
			`exit 1`
			`else`
			`echo "Indentation seems correct."`
			`fi`
			`- name: check direct execution`
			`run: \|`
feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207) 2019-11-24 19:25:56 +01:00			`expected=14`
chore: add github check workflow 2019-11-18 19:48:52 +01:00			`nb=$(sudo ./spectre-meltdown-checker.sh --batch json \| jq '.[]\|.CVE' \| wc -l)`
			`if [ "$nb" -ne "$expected" ]; then`
			`echo "Invalid number of CVEs reported: $nb instead of $expected"`
			`exit 1`
			`else`
			`echo "OK $nb CVEs reported"`
			`fi`
			`- name: check docker-compose run execution`
			`run: \|`
feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207) 2019-11-24 19:25:56 +01:00			`expected=14`
chore: add github check workflow 2019-11-18 19:48:52 +01:00			`docker-compose build`
			`nb=$(docker-compose run --rm spectre-meltdown-checker --batch json \| jq '.[]\|.CVE' \| wc -l)`
			`if [ "$nb" -ne "$expected" ]; then`
			`echo "Invalid number of CVEs reported: $nb instead of $expected"`
			`exit 1`
			`else`
			`echo "OK $nb CVEs reported"`
			`fi`
			`- name: check docker run execution`
			`run: \|`
feat: add detection of iTLB Multihit vuln/mitigation (CVE-2018-12207) 2019-11-24 19:25:56 +01:00			`expected=14`
chore: add github check workflow 2019-11-18 19:48:52 +01:00			`docker build -t spectre-meltdown-checker .`
			`nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json \| jq '.[]\|.CVE' \| wc -l)`
			`if [ "$nb" -ne "$expected" ]; then`
			`echo "Invalid number of CVEs reported: $nb instead of $expected"`
			`exit 1`
			`else`
			`echo "OK $nb CVEs reported"`
			`fi`