name: CI on: [push, pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: install prerequisites run: sudo apt-get update && sudo apt-get install -y shellcheck jq sqlite3 iucode-tool - name: shellcheck run: shellcheck -s sh spectre-meltdown-checker.sh - name: check indentation run: | if [ $(grep -cPv "^\t*\S|^$" spectre-meltdown-checker.sh) != 0 ]; then echo "Badly indented lines found:" grep -nPv "^\t*\S|^$" spectre-meltdown-checker.sh exit 1 else echo "Indentation seems correct." fi - name: check direct execution run: | expected=14 nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l) if [ "$nb" -ne "$expected" ]; then echo "Invalid number of CVEs reported: $nb instead of $expected" exit 1 else echo "OK $nb CVEs reported" fi - name: check docker-compose run execution run: | expected=14 docker-compose build nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) if [ "$nb" -ne "$expected" ]; then echo "Invalid number of CVEs reported: $nb instead of $expected" exit 1 else echo "OK $nb CVEs reported" fi - name: check docker run execution run: | expected=14 docker build -t spectre-meltdown-checker . nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l) if [ "$nb" -ne "$expected" ]; then echo "Invalid number of CVEs reported: $nb instead of $expected" exit 1 else echo "OK $nb CVEs reported" fi - name: check fwdb update run: | nbtmp1=$(find /tmp 2>/dev/null | wc -l) ./spectre-meltdown-checker.sh --update-fwdb; ret=$? if [ "$ret" != 0 ]; then echo "Non-zero return value: $ret" exit 1 fi nbtmp2=$(find /tmp 2>/dev/null | wc -l) if [ "$nbtmp1" != "$nbtmp2" ]; then echo "Left temporary files!" exit 1 fi if ! [ -e ~/.mcedb ]; then echo "No .mcedb file found after updating fwdb" exit 1 fi