peter/spectre-meltdown-checker
1
0
Fork 0
mirror of https://github.com/speed47/spectre-meltdown-checker.git synced 2026-04-01 12:47:07 +02:00
Code Issues Projects Releases Wiki Activity

chore: adjust workflow for dev-build

Browse Source
This commit is contained in:
Stéphane Lesimple
2026-03-30 21:24:34 +02:00
parent 6eb70ab52d
commit a0032a44ef
2 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
.github/workflows/dev-build.yml vendored
View File

@@ -17,10 +17,13 @@ jobs:
- name: install prerequisites - name: install prerequisites
run: sudo apt-get update && sudo apt-get install -y shellcheck shfmt jq sqlite3 iucode-tool make run: sudo apt-get update && sudo apt-get install -y shellcheck shfmt jq sqlite3 iucode-tool make
- name: build and check - name: build and check
run: make build fmt-check shellcheck run: |
make build fmt-check shellcheck
mv spectre-meltdown-checker.sh dist/
- name: check direct execution - name: check direct execution
run: | run: |
expected=$(cat .github/workflows/expected_cve_count) expected=$(cat .github/workflows/expected_cve_count)
cd dist
nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l) nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then if [ "$nb" -ne "$expected" ]; then
echo "Invalid number of CVEs reported: $nb instead of $expected" echo "Invalid number of CVEs reported: $nb instead of $expected"
@@ -31,6 +34,7 @@ jobs:
- name: check docker compose run execution - name: check docker compose run execution
run: | run: |
expected=$(cat .github/workflows/expected_cve_count) expected=$(cat .github/workflows/expected_cve_count)
cd dist
docker compose build docker compose build
nb=$(docker compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) nb=$(docker compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then if [ "$nb" -ne "$expected" ]; then
@@ -42,6 +46,7 @@ jobs:
- name: check docker run execution - name: check docker run execution
run: | run: |
expected=$(cat .github/workflows/expected_cve_count) expected=$(cat .github/workflows/expected_cve_count)
cd dist
docker build -t spectre-meltdown-checker . docker build -t spectre-meltdown-checker .
nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
if [ "$nb" -ne "$expected" ]; then if [ "$nb" -ne "$expected" ]; then
@@ -52,6 +57,7 @@ jobs:
fi fi
- name: check fwdb update (separated) - name: check fwdb update (separated)
run: | run: |
cd dist
nbtmp1=$(find /tmp 2>/dev/null | wc -l) nbtmp1=$(find /tmp 2>/dev/null | wc -l)
./spectre-meltdown-checker.sh --update-fwdb; ret=$? ./spectre-meltdown-checker.sh --update-fwdb; ret=$?
if [ "$ret" != 0 ]; then if [ "$ret" != 0 ]; then
@@ -69,6 +75,7 @@ jobs:
fi fi
- name: check fwdb update (builtin) - name: check fwdb update (builtin)
run: | run: |
cd dist
nbtmp1=$(find /tmp 2>/dev/null | wc -l) nbtmp1=$(find /tmp 2>/dev/null | wc -l)
./spectre-meltdown-checker.sh --update-builtin-fwdb; ret=$? ./spectre-meltdown-checker.sh --update-builtin-fwdb; ret=$?
if [ "$ret" != 0 ]; then if [ "$ret" != 0 ]; then
@@ -83,12 +90,19 @@ jobs:
- name: push artifact to the dev-build branch - name: push artifact to the dev-build branch
run: | run: |
tmpdir=$(mktemp -d) tmpdir=$(mktemp -d)
cp ./spectre-meltdown-checker.sh $tmpdir/ mv ./dist/* $tmpdir/
cp -va ./dist/* $tmpdir/ rm -rf ./dist
if ! git checkout -f dev-build; then git fetch origin dev-build
git checkout -B dev-build; git checkout -f dev-build
fi
mv $tmpdir/* . mv $tmpdir/* .
git add * git add *
echo =#=#= DIFF CACHED
git diff --cached
echo =#=#= STATUS
git status git status
git branch echo =#=#= COMMIT
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git log ${{ github.ref }} -1 --format=format:'%s%n%n built from commit %H%n dated %ai%n by %an (%ae)%n%n %b'
git log ${{ github.ref }} -1 --format=format:'%s%n%n built from commit %H%n dated %ai%n by %an (%ae)%n%n %b' | git commit -F -
git push

0
dist/UNSUPPORTED_CVE_LIST.md → UNSUPPORTED_CVE_LIST.md
View File