# .woodpecker.yml
-pipeline:
+steps:
installation-test:
image: python:3
pull: true
- ls -la
- python --version
- echo "Install the package via pip..."
- - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kconfig-hardened-check
+ - pip --verbose install --no-cache-dir git+https://github.com/a13xp0p0v/kernel-hardening-checker
- echo "Run the installed tool..."
- - which kconfig-hardened-check
- - kconfig-hardened-check
+ - which kernel-hardening-checker
+ - kernel-hardening-checker
- echo "Check all configs with the installed tool..."
+ - sysctl -a > /tmp/sysctls
- CONFIG_DIR=`find /usr/local/lib/ -name config_files`
- KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"`
- COUNT=0
- - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kconfig-hardened-check -c $C -l /proc/cmdline; done
- - echo ">>>>> have checked $COUNT kconfigs <<<<<"
+ - for C in $KCONFIGS; do COUNT=$(expr $COUNT + 1); echo ">>>>> checking kconfig number $COUNT <<<<<"; kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls; done
+ - echo "Have checked $COUNT kconfigs"
functional-test-with-coverage:
image: python:3
pull: true
- pip install --no-cache-dir coverage
- echo "Run the functional tests and collect the coverage..."
- sh .github/workflows/functional_test.sh
+ - echo "Show the coverage report..."
- coverage report
projects / kconfig-hardened-check.git / blobdiff