[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2024-49854 CVE-2024-43849 CVE-2024-43846 CVE-2024-43841 CVE-2024-43834 CVE-2024-43839 CVE-2024-43835 #29809
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) Microsoft Corporation. | |
# Licensed under the MIT License. | |
name: Spec files check | |
on: | |
push: | |
branches: [main, dev, 1.0*, 2.0*, fasttrack/*] | |
pull_request: | |
branches: [main, dev, 1.0*, 2.0*, fasttrack/*] | |
permissions: read-all | |
jobs: | |
spec-check: | |
name: Spec files check | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout the branch of our repo that triggered this action | |
- name: Workflow trigger checkout | |
uses: actions/checkout@v4 | |
# For consistency, we use the same major/minor version of Python that CBL-Mariner ships | |
- name: Setup Python 3.9 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.9 | |
- name: Get Python dependencies | |
run: python3 -m pip install -r toolkit/scripts/requirements.txt | |
- name: Get base commit for PRs | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
git fetch origin ${{ github.base_ref }} | |
echo "base_sha=$(git rev-parse origin/${{ github.base_ref }})" >> $GITHUB_ENV | |
echo "Merging ${{ github.sha }} into ${{ github.base_ref }}" | |
- name: Get base commit for Pushes | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
git fetch origin ${{ github.event.before }} | |
echo "base_sha=${{ github.event.before }}" >> $GITHUB_ENV | |
echo "Merging ${{ github.sha }} into ${{ github.event.before }}" | |
- name: Get the changed files | |
run: | | |
echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" | |
changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; }) | |
echo "Files to validate: '${changed_specs}'" | |
echo "updated-specs=$(echo ${changed_specs})" >> $GITHUB_ENV | |
- name: Main branch checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: 'main' | |
path: 'main-checkout' | |
- name: Verify .spec files | |
if: ${{ env.updated-specs != '' }} | |
run: python3 toolkit/scripts/check_spec_guidelines.py ${{ env.updated-specs }} |