From 54760aadb4d237ccf29bcfde17cd6cc4008b2b5b Mon Sep 17 00:00:00 2001
From: ColorfulRhino <131405023+ColorfulRhino@users.noreply.github.com>
Date: Sat, 16 Mar 2024 19:10:46 +0100
Subject: [PATCH] GH Actions: Kernel hardening analysis: Exclude RISC-V configs

RISC-V is not yet supported by kernel-hardening-checker. See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
---
 .github/workflows/kernel-security-analysis-pr.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/kernel-security-analysis-pr.yml b/.github/workflows/kernel-security-analysis-pr.yml
index a968b36bcdfe..572d6db1c5d6 100644
--- a/.github/workflows/kernel-security-analysis-pr.yml
+++ b/.github/workflows/kernel-security-analysis-pr.yml
@@ -44,9 +44,11 @@ jobs:
            path: kconfig-hardened-check
 
        - name: Check kernel config for security issues
+         # Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
+         # See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
          run: |
            for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
-               if [[  "${file}" = config/kernel/*.config ]]; then
+               if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
                    kconfig-hardened-check/bin/kernel-hardening-checker -m show_fail -c $file | sed -e 's/^/    /' >> $GITHUB_STEP_SUMMARY
                fi
            done