chore: add github check workflow

2025-10-31 20:50:55 +01:00 · 2019-11-18 10:48:52 -08:00
parent f724f94085
commit 3e757b6177
2 changed files with 57 additions and 1 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -0,0 +1,56 @@
+name: CI
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: install prerequisites
+      run: sudo apt-get install -y shellcheck jq
+    - name: shellcheck
+      run: shellcheck -s sh spectre-meltdown-checker.sh
+    - name: check indentation
+      run: |
+        if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then
+          echo "Badly indented lines found:"
+          grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh
+          exit 1
+        else
+          echo "Indentation seems correct."
+        fi
+    - name: check direct execution
+      run: |
+        expected=13
+        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
+        if [ "$nb" -ne "$expected" ]; then
+          echo "Invalid number of CVEs reported: $nb instead of $expected"
+          exit 1
+        else
+          echo "OK $nb CVEs reported"
+        fi
+    - name: check docker-compose run execution
+      run: |
+        expected=13
+        docker-compose build
+        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
+        if [ "$nb" -ne "$expected" ]; then
+          echo "Invalid number of CVEs reported: $nb instead of $expected"
+          exit 1
+        else
+          echo "OK $nb CVEs reported"
+        fi
+    - name: check docker run execution
+      run: |
+        expected=13
+        docker build -t spectre-meltdown-checker .
+        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
+        if [ "$nb" -ne "$expected" ]; then
+          echo "Invalid number of CVEs reported: $nb instead of $expected"
+          exit 1
+        else
+          echo "OK $nb CVEs reported"
+        fi
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@@ -2446,7 +2446,7 @@ check_cpu()
 		_info_nol "    * CPU indicates SSBD capability: "
 		read_cpuid 0x80000008 $EBX 24 1 1; ret24=$?
 		read_cpuid 0x80000008 $EBX 25 1 1; ret25=$?
-		
+
 		if [ $ret24 -eq 0 ]; then
 			cpuid_ssbd='HYGON SSBD in SPEC_CTRL'
 			#hygon cpuid_ssbd_spec_ctrl=1