max-parallel: 4
fail-fast: false
matrix:
- python-version: [3.6, 3.7, 3.8]
+ python-version: [3.6, 3.7, 3.8, 3.9]
# github runner with python 3.5 currently fails to install this package
steps:
with:
python-version: ${{ matrix.python-version }}
- - name: Install
+ - name: Install package
run: |
python -m pip install --upgrade pip
pip install coverage
pip --verbose install git+https://github.com/a13xp0p0v/kconfig-hardened-check
+ echo ">>>>> first start <<<<<"
kconfig-hardened-check
- name: Check all configs
run: |
echo ">>>>> check all configs <<<<<"
CONFIG_DIR=`find /opt/hostedtoolcache/Python/ -name config_files`
- CONFIGS=`find $CONFIG_DIR -type f|grep "\.config"`
+ CONFIGS=`find $CONFIG_DIR -type f | grep "\.config"`
COUNT=0
for C in $CONFIGS
do
done
echo -e "\n>>>>> checking $COUNT configs is done <<<<<"
- - uses: actions/checkout@v2
+ - name: Get source code
+ uses: actions/checkout@v2
- name: Collect coverage
run: |
+ echo ">>>>> get help <<<<<"
coverage run -a --branch bin/kconfig-hardened-check
+ coverage run -a --branch bin/kconfig-hardened-check -h
+ echo ">>>>> get version <<<<<"
+ coverage run -a --branch bin/kconfig-hardened-check --version
+
+ echo ">>>>> print the security hardening preferences <<<<<"
coverage run -a --branch bin/kconfig-hardened-check -p X86_64
+ coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m verbose
+ coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m json
+
coverage run -a --branch bin/kconfig-hardened-check -p X86_32
+ coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m verbose
+ coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m json
+
coverage run -a --branch bin/kconfig-hardened-check -p ARM64
+ coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m verbose
+ coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m json
+
coverage run -a --branch bin/kconfig-hardened-check -p ARM
- coverage run -a --branch bin/kconfig-hardened-check -p X86_64 --debug
- coverage run -a --branch bin/kconfig-hardened-check -p X86_64 --json
+ coverage run -a --branch bin/kconfig-hardened-check -p ARM -m verbose
+ coverage run -a --branch bin/kconfig-hardened-check -p ARM -m json
- CONFIG_DIR=`find /opt/hostedtoolcache/Python/ -name config_files`
- CONFIGS=`find $CONFIG_DIR -type f|grep "\.config"`
+ echo ">>>>> check the example kconfig files <<<<<"
+ CONFIG_DIR=`find . -name config_files`
+ CONFIGS=`find $CONFIG_DIR -type f | grep "\.config"`
+ COUNT=0
for C in $CONFIGS
do
+ COUNT=$(expr $COUNT + 1)
+ echo -e "\n>>>>> checking config number $COUNT <<<<<"
coverage run -a --branch bin/kconfig-hardened-check -c $C
- coverage run -a --branch bin/kconfig-hardened-check -c $C --debug
- coverage run -a --branch bin/kconfig-hardened-check -c $C --json
+ coverage run -a --branch bin/kconfig-hardened-check -c $C -m verbose > /dev/null
+ coverage run -a --branch bin/kconfig-hardened-check -c $C -m json
+ coverage run -a --branch bin/kconfig-hardened-check -c $C -m show_ok
+ coverage run -a --branch bin/kconfig-hardened-check -c $C -m show_fail
done
+ echo -e "\n>>>>> checking $COUNT configs is done <<<<<"
coverage xml -i -o coverage.xml
- name: Handle coverage