Merge remote-tracking branch 'origin/pylint'

[kconfig-hardened-check.git] / .github / workflows / functional_test.yml

diff --git a/.github/workflows/functional_test.yml b/.github/workflows/functional_test.yml
index 90324f230b95cf70911dc1e6252a48cd65251a3c..e197bacb6b8f2ce866b7aac0b2e86731d4eb8207 100644 (file)
--- a/.github/workflows/functional_test.yml
+++ b/.github/workflows/functional_test.yml
@@ -3,55 +3,57 @@ name: functional test
 on:
   push:
     branches: [ master ]
-  pull_request:
-    branches: [ master ]
 
 jobs:
   functional_test:
 
+    if: github.repository == 'a13xp0p0v/kernel-hardening-checker'
+
     runs-on: ubuntu-latest
 
     strategy:
-      max-parallel: 3
+      max-parallel: 1
       fail-fast: false
       matrix:
         # Current ubuntu-latest (Ubuntu 22.04) provides the following versions of Python:
-        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
+        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
 
     steps:
 
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
 
     - name: Install package
       run: |
         python -m pip install --upgrade pip
-        pip install coverage
-        pip --verbose install git+https://github.com/a13xp0p0v/kconfig-hardened-check
-        echo ">>>>> first start <<<<<"
-        kconfig-hardened-check
+        echo "Install the package via pip..."
+        pip --verbose install git+https://github.com/a13xp0p0v/kernel-hardening-checker
+        echo "Run the installed tool..."
+        kernel-hardening-checker
 
     - name: Check all configs with the installed tool
       run: |
-        echo ">>>>> check all configs <<<<<"
+        echo "Check all configs with the installed tool..."
+        sysctl -a > /tmp/sysctls
         CONFIG_DIR=`find /opt/hostedtoolcache/Python/ -name config_files`
         KCONFIGS=`find $CONFIG_DIR -type f | grep -e "\.config" -e "\.gz"`
         COUNT=0
         for C in $KCONFIGS
         do
                 COUNT=$(expr $COUNT + 1)
-                echo -e "\n>>>>> checking config number $COUNT <<<<<"
-                kconfig-hardened-check -c $C -l /proc/cmdline
+                echo -e "\n>>>>> checking kconfig number $COUNT <<<<<"
+                kernel-hardening-checker -c $C -l /proc/cmdline -s /tmp/sysctls
         done
-        echo -e "\n>>>>> checking $COUNT configs is done <<<<<"
+        echo -e "\nHave checked $COUNT kconfigs"
 
     - name: Get source code for collecting coverage
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Run the functional tests and collect the coverage
       run: |
+        pip install coverage
         sh .github/workflows/functional_test.sh
 
     - name: Prepare final coverage report
@@ -59,7 +61,9 @@ jobs:
         coverage xml -i -o coverage.xml
 
     - name: Handle coverage
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@v4
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
       with:
         files: ./coverage.xml
         flags: functional_test