sbat: Add grub.peimage,2 to latest (CVE-2024-2312) #773
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: pull-request | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
cross-build-pull-request: | |
runs-on: ubuntu-20.04 | |
container: vathpela/efi-ci:${{ matrix.distro }}-x64 | |
name: ${{ matrix.distro }} ${{ matrix.efiarch }} cross-build | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- arch: amd64 | |
efiarch: aa64 | |
gccarch: aarch64 | |
makearch: aarch64 | |
distro: f36 | |
- arch: amd64 | |
efiarch: aa64 | |
gccarch: aarch64 | |
makearch: aarch64 | |
distro: f35 | |
- arch: amd64 | |
efiarch: arm | |
gccarch: arm | |
makearch: arm | |
distro: f36 | |
- arch: amd64 | |
efiarch: arm | |
gccarch: arm | |
makearch: arm | |
distro: f35 | |
- arch: amd64 | |
efiarch: arm | |
gccarch: arm | |
makearch: arm | |
distro: f34 | |
- arch: amd64 | |
efiarch: x64 | |
gccarch: x86_64 | |
makearch: x86_64 | |
distro: f36 | |
- arch: amd64 | |
efiarch: x64 | |
gccarch: x86_64 | |
makearch: x86_64 | |
distro: f35 | |
- arch: amd64 | |
efiarch: x64 | |
gccarch: x86_64 | |
makearch: x86_64 | |
distro: f34 | |
- arch: amd64 | |
efiarch: ia32 | |
gccarch: x86_64 | |
makearch: ia32 | |
distro: f36 | |
- arch: amd64 | |
efiarch: ia32 | |
gccarch: x86_64 | |
makearch: ia32 | |
distro: f35 | |
- arch: amd64 | |
efiarch: ia32 | |
gccarch: x86_64 | |
makearch: ia32 | |
distro: f34 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
# otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
submodules: recursive | |
- name: Update submodules on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: update-submodules | |
run: | | |
make update | |
- name: Make a build directory for ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: builddir | |
run: | | |
rm -rf build-${{ matrix.distro }}-${{ matrix.efiarch }} | |
mkdir build-${{ matrix.distro }}-${{ matrix.efiarch }} | |
cd build-${{ matrix.distro }}-${{ matrix.efiarch }} | |
- name: Do the build on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: build | |
run: | | |
pwd | |
cd build-${{ matrix.distro }}-${{ matrix.efiarch }} | |
make TOPDIR=.. -f ../Makefile CROSS_COMPILE=${{ matrix.gccarch }}-linux-gnu- ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true all | |
- name: Install on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: install | |
run: | | |
pwd | |
cd build-${{ matrix.distro }}-${{ matrix.efiarch }} | |
make TOPDIR=.. -f ../Makefile CROSS_COMPILE=${{ matrix.gccarch }}-linux-gnu- ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install | |
echo 'results:' | |
find /destdir -type f | |
build-pull-request-intel: | |
runs-on: ubuntu-20.04 | |
container: vathpela/efi-ci:${{ matrix.distro }}-x64 | |
name: ${{ matrix.distro }} ${{ matrix.efiarch }} build | |
strategy: | |
matrix: | |
include: | |
- arch: amd64 | |
efiarch: x64 | |
makearch: x86_64 | |
distro: f36 | |
- arch: amd64 | |
efiarch: x64 | |
makearch: x86_64 | |
distro: f35 | |
- arch: amd64 | |
efiarch: x64 | |
makearch: x86_64 | |
distro: f34 | |
- arch: amd64 | |
efiarch: x64 | |
makearch: x86_64 | |
distro: centos9 | |
- arch: amd64 | |
efiarch: x64 | |
makearch: x86_64 | |
distro: centos8 | |
- arch: amd64 | |
efiarch: ia32 | |
makearch: ia32 | |
distro: f36 | |
- arch: amd64 | |
efiarch: ia32 | |
makearch: ia32 | |
distro: f35 | |
- arch: amd64 | |
efiarch: ia32 | |
makearch: ia32 | |
distro: f34 | |
- arch: amd64 | |
efiarch: ia32 | |
makearch: ia32 | |
distro: centos8 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
# otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
submodules: recursive | |
- name: Update submodules on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: update-submodules | |
run: | | |
make update | |
- name: Do 'make clean' on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: clean | |
run: | | |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean | |
- name: Run tests on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: test | |
run: | | |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true test | |
- name: Do the build on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: build | |
run: | | |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true all | |
- name: Install on ${{ matrix.distro }} for ${{ matrix.efiarch }} | |
id: install | |
run: | | |
make ARCH=${{ matrix.makearch }} PREFIX=/usr DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install | |
echo 'results:' | |
find /destdir -type f |