-
Notifications
You must be signed in to change notification settings - Fork 201
84 lines (84 loc) · 3.18 KB
/
baseline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Github Action for midnight baseline releases
# Notes
# - This action MUST run every night, but ONLY AFTER midnight, or the business logic will not work correctly
# - This action no longer generates a release, since that is now the task of the CVE Release action (release.yml)
# - Currently, we fail this job if it runs before midnight
name: CVE Midnight Baseline
on:
# at midnight (UTC) every night
schedule:
- cron: '0 0 * * *'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: false
default: 'debug'
params:
description: 'command line arguments to build a baseline'
required: false
default: ''
jobs:
generate-name:
environment: development
runs-on: ubuntu-latest
outputs:
v_current_run_timestamp: ${{ steps.get-timestamp.outputs.out }}
steps:
- name: generate-name
id: get-timestamp
run: echo "out=$(date '+%Y-%m-%d')" >> $GITHUB_OUTPUT
create_artifacts:
needs: generate-name
environment: development
runs-on: ubuntu-latest
steps:
- name: clone cves
uses: actions/checkout@v3
- name: tag repository
run: |
git tag ${{ needs.generate-name.outputs.v_current_run_timestamp }}_baseline
git push origin ${{ needs.generate-name.outputs.v_current_run_timestamp }}_baseline
- name: build cves for zip download
run: |
pwd
ls -al
zip -r cves.zip ./cves -x "*/\.*"
# do a subset
# zip -r cves.zip ./cves/1999 -x "*/\.*"
- name: Use the Upload Artifact GitHub Action
uses: actions/upload-artifact@v4
with:
name: ${{ needs.generate-name.outputs.v_current_run_timestamp }}_all_CVEs_at_midnight.zip
path: ./cves.zip
overwrite: true
# create_release:
# needs: [generate-name, create_artifacts]
# environment: development
# runs-on: ubuntu-latest
# steps:
# # - name: create release
# # id: create_release
# # uses: actions/create-release@v1
# # env:
# # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# # with:
# # tag_name: cve_${{ needs.generate-name.outputs.v_current_run_timestamp }}
# # release_name: CVE Release ${{ needs.generate-name.outputs.v_current_run_timestamp }}
# # draft: false
# # prerelease: false
# # # make_latest: true
# # - name: Update release notes
# # run: echo "CVEs updated" > release_notes.md
# - name: create release with source code as artifacts
# uses: softprops/action-gh-release@v1
# with:
# name: CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }}
# # body: Descriptions for CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }} goes here
# body_path: ./release_notes.md
# tag_name: cve_${{ needs.generate-name.outputs.v_current_run_timestamp }}
# files: |
# release_notes.md
# ${{ needs.generate-name.outputs.v_current_run_timestamp }}_all_CVEs_at_midnight.zip
# recent_activities.json