Skip to content

Build geoip files

Build geoip files #300

Workflow file for this run

name: Build geoip files
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * 4"
push:
branches:
- master
paths-ignore:
- ".gitignore"
- "config-example.json"
- "LICENSE"
- "README.md"
- ".github/dependabot.yml"
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout codebase
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
- name: Set variables
run: |
echo "TAG_NAME=$(date +%Y%m%d%H%M)" >> $GITHUB_ENV
echo "RELEASE_NAME=$(date +%Y%m%d%H%M)" >> $GITHUB_ENV
shell: bash
- name: Fetch lists from ripe.net
run: |
chmod +x asn.sh
./asn.sh
- name: Append more CIDRs
run: |
curl -sSL https://www.gstatic.com/ipranges/goog.json | jq --raw-output '.prefixes[].ipv4Prefix,.prefixes[].ipv6Prefix | select(. != null)' >> data/google
curl -sSL https://www.gstatic.com/ipranges/cloud.json | jq --raw-output '.prefixes[].ipv4Prefix,.prefixes[].ipv6Prefix | select(. != null)' >> data/google
curl -sSL https://api.fastly.com/public-ip-list | jq --raw-output '.addresses[],.ipv6_addresses[]' >> data/fastly
curl -sSL https://ip-ranges.amazonaws.com/ip-ranges.json | jq --raw-output '.prefixes[],.ipv6_prefixes[] | select(.service == "CLOUDFRONT") | .ip_prefix,.ipv6_prefix' | grep "/" >> data/cloudfront
- name: Get GeoLite2
env:
LICENSE_KEY: ${{ secrets.MAXMIND_GEOLITE2_LICENSE }}
run: |
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=${LICENSE_KEY}&suffix=zip" -o GeoLite2-Country-CSV.zip
unzip GeoLite2-Country-CSV.zip
rm -f GeoLite2-Country-CSV.zip
mv GeoLite2* geolite2
- name: Build geoip files
run: |
go build ./
./geoip convert -c ./config.json
- name: Verify mmdb files
run: |
cd ./output/maxmind || exit 1
go install -v github.com/maxmind/mmdbverify@latest
for name in $(ls *.mmdb); do
$(go env GOPATH)/bin/mmdbverify -file ${name}
done
- name: Generate sha256 checksum for dat files
run: |
cd ./output/dat || exit 1
for name in $(ls *.dat); do
sha256sum ${name} > ./${name}.sha256sum
done
- name: Generate sha256 checksum for mmdb files
run: |
cd ./output/maxmind || exit 1
for name in $(ls *.mmdb); do
sha256sum ${name} > ./${name}.sha256sum
done
- name: Download GeoLite2
env:
LICENSE_KEY: ${{ secrets.MAXMIND_GEOLITE2_LICENSE }}
run: |
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=${LICENSE_KEY}&suffix=tar.gz" -o GeoLite2-ASN.tar.gz
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN-CSV&license_key=${LICENSE_KEY}&suffix=zip" -o GeoLite2-ASN-CSV.zip
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${LICENSE_KEY}&suffix=tar.gz" -o GeoLite2-Country.tar.gz
curl -L "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=${LICENSE_KEY}&suffix=zip" -o GeoLite2-Country-CSV.zip
- name: Move files to publish directory
run: |
mkdir -p publish
mv ./output/dat/*.dat ./output/dat/*.sha256sum ./output/maxmind/*.mmdb ./output/maxmind/*.sha256sum *.gz *.zip ./publish/
cp -fpPR ./output/text ./publish
cp -fpPR ./output/srs ./publish
- name: Git push assets to "release" branch
run: |
cd publish || exit 1
git init
git config --local user.name "github-actions[bot]"
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git checkout -b release
git add -A
git commit -m "${{ env.RELEASE_NAME }}"
git remote add geoip "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}"
git push -f -u geoip release
- name: Purge jsdelivr CDN
run: |
cd publish || exit 1
for file in $(ls); do
curl -i "https://purge.jsdelivr.net/gh/${{ github.repository }}@release/${file}"
done
- name: Remove some files to avoid publishing to GitHub release
run: rm -rf ./publish/*.{gz,zip} ./publish/text ./publish/srs
- name: Upload files to GitHub release
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file_glob: true
file: ./publish/*
tag: ${{ env.TAG_NAME }}