Skip to content

Update the GitHub advisories CSV #21

Update the GitHub advisories CSV

Update the GitHub advisories CSV #21

Workflow file for this run

---
name: Update the GitHub advisories CSV
on:
workflow_dispatch: {}
schedule:
- cron: 0 11 * * WED
jobs:
update-advisories:
runs-on: ubuntu-latest
steps:
# Checkout and build parser
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
cache: 'gradle'
distribution: 'temurin'
java-version: '17'
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
- name: Run build with Gradle Wrapper
run: ./gradlew build deps
# Update advisories
- name: Checkout advisory-database
uses: actions/checkout@v4
with:
repository: github/advisory-database
path: advisory-database
- name: Update advisories
run: java -classpath "build/deps/*:build/libs/*" org.openrewrite.java.dependencies.github.ParseAdvisories advisory-database src/main/resources/advisories.csv
- name: Sort advisories
run: sort --output=src/main/resources/advisories.csv src/main/resources/advisories.csv
# Create pull request
- name: Timestamp
run: echo "NOW=$(date +'%Y-%m-%dT%H%M')" >> $GITHUB_ENV
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v5
with:
base: main
branch: advisories/${{ env.NOW }}
title: "[Auto] GitHub advisories as of ${{ env.NOW }}"
body: |
[Auto] GitHub advisories as of ${{ env.NOW }}.
commit-message: "[Auto] GitHub advisories as of ${{ env.NOW }}"
labels: enhancement
- name: Check outputs
if: ${{ steps.cpr.outputs.pull-request-number }}
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"