GH Actions: Kernel hardening analysis: Exclude RISC-V configs

RISC-V is not yet supported by kernel-hardening-checker. See a13xp0p0v/kernel-hardening-checker#56
Dangku · Jun 16, 2024 · eb42154 · eb42154
1 parent 60bd16c
commit eb42154
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/kernel-security-analysis-pr.yml b/.github/workflows/kernel-security-analysis-pr.yml
@@ -44,9 +44,11 @@ jobs:
            path: kconfig-hardened-check
 
        - name: Check kernel config for security issues
+         # Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
+         # See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
          run: |
            for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
-               if [[  "${file}" = config/kernel/*.config ]]; then
+               if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
                    kconfig-hardened-check/bin/kernel-hardening-checker -m show_fail -c $file | sed -e 's/^/    /' >> $GITHUB_STEP_SUMMARY
                fi
            done