CVE Midnight Baseline #623
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Github Action for midnight baseline releases | |
# Notes | |
# - This action MUST run every night, but ONLY AFTER midnight, or the business logic will not work correctly | |
# - This action no longer generates a release, since that is now the task of the CVE Release action (release.yml) | |
# - Currently, we fail this job if it runs before midnight | |
name: CVE Midnight Baseline | |
on: | |
# at midnight (UTC) every night | |
schedule: | |
- cron: '0 0 * * *' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
logLevel: | |
description: 'Log level' | |
required: false | |
default: 'debug' | |
params: | |
description: 'command line arguments to build a baseline' | |
required: false | |
default: '' | |
jobs: | |
generate-name: | |
environment: development | |
runs-on: ubuntu-latest | |
outputs: | |
v_current_run_timestamp: ${{ steps.get-timestamp.outputs.out }} | |
steps: | |
- name: generate-name | |
id: get-timestamp | |
run: echo "out=$(date '+%Y-%m-%d')" >> $GITHUB_OUTPUT | |
create_artifacts: | |
needs: generate-name | |
environment: development | |
runs-on: ubuntu-latest | |
steps: | |
- name: clone cves | |
uses: actions/checkout@v3 | |
- name: tag repository | |
run: | | |
git tag ${{ needs.generate-name.outputs.v_current_run_timestamp }}_baseline | |
git push origin ${{ needs.generate-name.outputs.v_current_run_timestamp }}_baseline | |
- name: build cves for zip download | |
run: | | |
pwd | |
ls -al | |
zip -r cves.zip ./cves -x "*/\.*" | |
# do a subset | |
# zip -r cves.zip ./cves/1999 -x "*/\.*" | |
- name: Use the Upload Artifact GitHub Action | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ needs.generate-name.outputs.v_current_run_timestamp }}_all_CVEs_at_midnight.zip | |
path: ./cves.zip | |
overwrite: true | |
# create_release: | |
# needs: [generate-name, create_artifacts] | |
# environment: development | |
# runs-on: ubuntu-latest | |
# steps: | |
# # - name: create release | |
# # id: create_release | |
# # uses: actions/create-release@v1 | |
# # env: | |
# # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# # with: | |
# # tag_name: cve_${{ needs.generate-name.outputs.v_current_run_timestamp }} | |
# # release_name: CVE Release ${{ needs.generate-name.outputs.v_current_run_timestamp }} | |
# # draft: false | |
# # prerelease: false | |
# # # make_latest: true | |
# # - name: Update release notes | |
# # run: echo "CVEs updated" > release_notes.md | |
# - name: create release with source code as artifacts | |
# uses: softprops/action-gh-release@v1 | |
# with: | |
# name: CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }} | |
# # body: Descriptions for CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }} goes here | |
# body_path: ./release_notes.md | |
# tag_name: cve_${{ needs.generate-name.outputs.v_current_run_timestamp }} | |
# files: | | |
# release_notes.md | |
# ${{ needs.generate-name.outputs.v_current_run_timestamp }}_all_CVEs_at_midnight.zip | |
# recent_activities.json |