forked from bromite/bromite
-
Notifications
You must be signed in to change notification settings - Fork 88
71 lines (60 loc) · 1.9 KB
/
check_nist.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: 'Check NIST database'
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
permissions:
issues: write
pull-requests: write
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout 'uazo/cromite' ${{ env.BRANCH }}
uses: actions/checkout@v2
with:
repository: 'uazo/cromite'
ref: ${{ github.event.inputs.rtag }}
path: 'cromite'
fetch-depth: 1
- name: Get data
run: |
sudo apt update
DEBIAN_FRONTEND=noninteractive sudo apt install -y sed
export HOME=$GITHUB_WORKSPACE
cd ~/cromite/tools
test -d cves || mkdir -p cves
cd cves
CY=$(date +%Y)
for i in $(seq 2020 $CY)
do
echo Asking for $i year
docker run --rm --name tapir stratosphereips/tapir:latest \
bash -c "python3 tapir.py -y $i libjxl -s" >>libjxl.ansi
done
sed -e 's/\x1b\[[0-9;]*m//g' <libjxl.ansi >libjxl.txt
rm libjxl.ansi
- name: Check differences
run: |
export HOME=$GITHUB_WORKSPACE
cd ~/cromite
CHANGES=0 && git diff --quiet || CHANGES=1
echo "CHANGES=$CHANGES" >> $GITHUB_ENV
if [[ CHANGES -eq 1 ]]; then
git add tools/cves/*.txt
git diff --name-only --staged
fi
- name: Create Pull Request
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0
if: env.CHANGES == '1'
with:
token: ${{ secrets.CROMITE_PULLS }}
path: cromite
base: ${{ env.BRANCH }}
#push-to-fork: uazo/cromite
add-paths: |
tools/cves/*.txt
commit-message: 'AUTOMATED - CVE results'
title: New CVE results
delete-branch: true
branch-suffix: short-commit-hash