Update the GitHub advisories CSV #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Update the GitHub advisories CSV | |
on: | |
workflow_dispatch: {} | |
schedule: | |
- cron: 0 11 * * WED | |
jobs: | |
update-advisories: | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout and build parser | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/setup-java@v3 | |
with: | |
cache: 'gradle' | |
distribution: 'temurin' | |
java-version: '17' | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
- name: Run build with Gradle Wrapper | |
run: ./gradlew build deps | |
# Update advisories | |
- name: Checkout advisory-database | |
uses: actions/checkout@v4 | |
with: | |
repository: github/advisory-database | |
path: advisory-database | |
- name: Update advisories | |
run: java -classpath "build/deps/*:build/libs/*" org.openrewrite.java.dependencies.github.ParseAdvisories advisory-database src/main/resources/advisories.csv | |
- name: Sort advisories | |
run: sort --output=src/main/resources/advisories.csv src/main/resources/advisories.csv | |
# Create pull request | |
- name: Timestamp | |
run: echo "NOW=$(date +'%Y-%m-%dT%H%M')" >> $GITHUB_ENV | |
- name: Create Pull Request | |
id: cpr | |
uses: peter-evans/create-pull-request@v5 | |
with: | |
base: main | |
branch: advisories/${{ env.NOW }} | |
title: "[Auto] GitHub advisories as of ${{ env.NOW }}" | |
body: | | |
[Auto] GitHub advisories as of ${{ env.NOW }}. | |
commit-message: "[Auto] GitHub advisories as of ${{ env.NOW }}" | |
labels: enhancement | |
- name: Check outputs | |
if: ${{ steps.cpr.outputs.pull-request-number }} | |
run: | | |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" |