12 runs-on: ubuntu-latest
18 # Current ubuntu-latest (Ubuntu 22.04) provides the following versions of Python:
19 python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
23 - name: Set up Python ${{ matrix.python-version }}
24 uses: actions/setup-python@v5
26 python-version: ${{ matrix.python-version }}
28 - name: Install package
30 python -m pip install --upgrade pip
31 echo "Install the package via pip..."
32 pip --verbose install git+https://github.com/a13xp0p0v/kernel-hardening-checker
33 echo "Run the installed tool..."
34 kernel-hardening-checker
36 - name: Check all configs with the installed tool
38 echo "Check all configs with the installed tool..."
39 sysctl -a > /tmp/sysctls
40 CONFIG_DIR=`find /opt/hostedtoolcache/Python/ -name config_files`
41 KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"`
45 COUNT=$(expr $COUNT + 1)
46 echo -e "\n>>>>> checking kconfig number $COUNT <<<<<"
47 kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls
49 echo -e "\nHave checked $COUNT kconfigs"
51 - name: Get source code for collecting coverage
52 uses: actions/checkout@v4
54 - name: Run the functional tests and collect the coverage
57 sh .github/workflows/functional_test.sh
59 - name: Prepare final coverage report
61 coverage xml -i -o coverage.xml
63 - name: Handle coverage
64 uses: codecov/codecov-action@v3
67 flags: functional_test
68 name: functional_test_upload
69 fail_ci_if_error: true
projects / kconfig-hardened-check.git / blob