Skip to content

Update the GitHub advisories CSV #85

Update the GitHub advisories CSV

Update the GitHub advisories CSV #85

Workflow file for this run

---
name: Update the GitHub advisories CSV
on:
workflow_dispatch: {}
schedule:
- cron: 0 11 * * MON
jobs:
update-advisories:
if: github.event_name != 'schedule' || github.repository_owner == 'openrewrite'
runs-on: ubuntu-latest
steps:
# Checkout and build parser
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-java@v4
with:
cache: 'gradle'
distribution: 'temurin'
java-version: '17'
# Update advisories
- name: Checkout advisory-database
uses: actions/checkout@v4
with:
repository: github/advisory-database
path: advisory-database
# Commit and push Maven advisories here
- name: configure-git-user
run: |
git config --global user.email "[email protected]"
git config --global user.name "team-moderne[bot]"
- name: Create commit message
run: |
echo "MSG=[Auto] GitHub advisories as of $(date +'%Y-%m-%dT%H%M')" >> $GITHUB_ENV
- name: Commit and push Maven dependency vulnerabilities to rewrite-java-dependencies
run: |
./gradlew parseGithubAdvisoryDatabase --args="./advisory-database Maven src/main/resources/advisories-maven.csv"
sort --output=src/main/resources/advisories-maven.csv src/main/resources/advisories-maven.csv
git diff-index --quiet HEAD src/main/resources/advisories-maven.csv || (git commit --message "${{ env.MSG }} for Maven" src/main/resources/advisories-maven.csv && git push origin main)
- name: Commit and push Nuget dependency vulnerabilities to rewrite-java-dependencies
run: |
./gradlew parseGithubAdvisoryDatabase --args="./advisory-database Nuget src/main/resources/advisories-nuget.csv"
sort --output=src/main/resources/advisories-nuget.csv src/main/resources/advisories-nuget.csv
git diff-index --quiet HEAD src/main/resources/advisories-nuget.csv || (git commit --message "${{ env.MSG }} for NuGet" src/main/resources/advisories-nuget.csv && git push origin main)
# Load SSH deploy-key
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.REWRITE_NODEJS_DEPLOY_KEY }}
# Commit and push NPM advisories to rewrite-nodejs
- name: Commit and push Npm dependency vulnerabilities to rewrite-nodejs
run: |
git clone --depth 1 [email protected]:openrewrite/rewrite-nodejs.git
./gradlew parseGithubAdvisoryDatabase --args="./advisory-database NPM rewrite-nodejs/src/main/resources/advisories-npm.csv"
cd rewrite-nodejs/
sort --output=src/main/resources/advisories-npm.csv src/main/resources/advisories-npm.csv
git diff-index --quiet HEAD src/main/resources/advisories-npm.csv || (git commit --message "${{ env.MSG }} for NPM" src/main/resources/advisories-npm.csv && git push origin main)