[kconfig-hardened-check.git] / .github / workflows / main.yml

name: functional test

on:
  push:
    branches: [ master ]
  pull_request:
    branches: [ master ]

jobs:
  check_all_configs:

    runs-on: ubuntu-latest

    strategy:
      max-parallel: 4
      fail-fast: false
      matrix:
        python-version: [3.6, 3.7, 3.8, 3.9]
        # github runner with python 3.5 currently fails to install this package

    steps:

    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v1
      with:
        python-version: ${{ matrix.python-version }}

    - name: Install package
      run: |
        python -m pip install --upgrade pip
        pip install coverage
        pip --verbose install git+https://github.com/a13xp0p0v/kconfig-hardened-check
        echo ">>>>> first start <<<<<"
        kconfig-hardened-check

    - name: Check all configs
      run: |
        echo ">>>>> check all configs <<<<<"
        CONFIG_DIR=`find /opt/hostedtoolcache/Python/ -name config_files`
        CONFIGS=`find $CONFIG_DIR -type f | grep "\.config"`
        COUNT=0
        for C in $CONFIGS
        do
                COUNT=$(expr $COUNT + 1)
                echo -e "\n>>>>> checking config number $COUNT <<<<<"
                kconfig-hardened-check -c $C
        done
        echo -e "\n>>>>> checking $COUNT configs is done <<<<<"

    - name: Get source code
      uses: actions/checkout@v2

    - name: Collect coverage
      run: |
        echo ">>>>> get help <<<<<"
        coverage run -a --branch bin/kconfig-hardened-check
        coverage run -a --branch bin/kconfig-hardened-check -h

        echo ">>>>> get version <<<<<"
        coverage run -a --branch bin/kconfig-hardened-check --version

        echo ">>>>> print the security hardening preferences <<<<<"
        coverage run -a --branch bin/kconfig-hardened-check -p X86_64
        coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m verbose
        coverage run -a --branch bin/kconfig-hardened-check -p X86_64 -m json

        coverage run -a --branch bin/kconfig-hardened-check -p X86_32
        coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m verbose
        coverage run -a --branch bin/kconfig-hardened-check -p X86_32 -m json

        coverage run -a --branch bin/kconfig-hardened-check -p ARM64
        coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m verbose
        coverage run -a --branch bin/kconfig-hardened-check -p ARM64 -m json

        coverage run -a --branch bin/kconfig-hardened-check -p ARM
        coverage run -a --branch bin/kconfig-hardened-check -p ARM -m verbose
        coverage run -a --branch bin/kconfig-hardened-check -p ARM -m json

        echo ">>>>> check the example kconfig files <<<<<"
        CONFIG_DIR=`find . -name config_files`
        CONFIGS=`find $CONFIG_DIR -type f | grep "\.config"`
        COUNT=0
        for C in $CONFIGS
        do
                COUNT=$(expr $COUNT + 1)
                echo -e "\n>>>>> checking config number $COUNT <<<<<"
                coverage run -a --branch bin/kconfig-hardened-check -c $C
                coverage run -a --branch bin/kconfig-hardened-check -c $C -m verbose > /dev/null
                coverage run -a --branch bin/kconfig-hardened-check -c $C -m json
                coverage run -a --branch bin/kconfig-hardened-check -c $C -m show_ok
                coverage run -a --branch bin/kconfig-hardened-check -c $C -m show_fail
        done
        echo -e "\n>>>>> checking $COUNT configs is done <<<<<"
        coverage xml -i -o coverage.xml

    - name: Handle coverage
      uses: codecov/codecov-action@v1
      with:
        file: ./coverage.xml
        flags: functional_test
        name: codecov-umbrella
        fail_ci_if_error: true