From d9693c1be36d7f5ca4b44ddeacc4b9bd98e7c00e Mon Sep 17 00:00:00 2001
From: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
Date: Wed, 15 Oct 2025 16:14:10 +0200
Subject: [PATCH] ci: check generated seccomp files match

Check that the *.seccomppolicy and *_seccomp.h files match.
---
 .github/workflows/check_seccomp.yml | 33 +++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 .github/workflows/check_seccomp.yml

diff --git a/.github/workflows/check_seccomp.yml b/.github/workflows/check_seccomp.yml
new file mode 100644
index 00000000000..cdc7e5b5417
--- /dev/null
+++ b/.github/workflows/check_seccomp.yml
@@ -0,0 +1,33 @@
+name: Check Generated Seccomp Files
+on:
+  pull_request:
+
+permissions: {}
+
+jobs:
+  check-seccomp:
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+
+    steps:
+      - name: Checkout current commit
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python environment
+        run: |
+          python -m venv venv && venv/bin/pip install edn_format
+
+      - name: Check generated seccomp files
+        run: |
+          set -e
+          source venv/bin/activate
+          make seccomp-policies
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "Generated seccomp files are out of date. Please run 'make seccomp-policies' and commit the changes."
+            git --no-pager diff
+            exit 1
+          else
+            echo "All generated seccomp files are up to date."
+          fi