Update cve-annotate.yml

2023-03-27 00:20:56 +05:30 · 2023-03-27 00:20:56 +05:30 · 6491fe19e2
parent 1d3f792d38
commit 6491fe19e2
1 changed files with 30 additions and 18 deletions
--- a/.github/workflows/cve-annotate.yml
+++ b/.github/workflows/cve-annotate.yml
@ -1,11 +1,12 @@
-name: ✍🏻 CVE Annotate
+name: TemplateMan

 on:
  push:
    branches:
      - main
+  pull_request:
    paths:
-      - 'cves/**.yaml'
+      - '**.yaml'
  workflow_dispatch:

 jobs:
@ -16,32 +17,43 @@ jobs:
        with: 
          fetch-depth: 0

-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: 1.19
-
-      - name: cve-annotate install
-        run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest
-
-      - name: Generate CVE Annotations
-        id: cve-annotate
+      - name: Install dependencies
        run: |
-          cve-annotate -i . -d .
-          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
+          sudo apt-get update
+          sudo apt-get install -y python3-pip
+          pip3 install pyyaml
+
+      - name: Send YAML to endpoint and check response
+        id: templateman-enhance
+        run: |
+          API_ENDPOINT="https://orca-app-65k3t.ondigitalocean.app/enhance?resp_format=plain"
+          FILENAME="${GITHUB_WORKSPACE}/${{ github.event.pull_request.head.repo.full_name }}/${{ github.event.pull_request.head.ref }}/${{ github.event.pull_request.changed_files }}"
+          for file in $(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" --diff-filter=AM | grep "\.yaml$"); do
+            echo "Sending file: $file"
+            response=$(curl -X POST -H "Content-Type: application/x-yaml" --data-binary "@$file" "$API_ENDPOINT")
+            if python -c "import yaml, sys; yaml.safe_load(sys.stdin)" <<< "$response"; then
+              echo "Response is valid YAML, updating file..."
+              printf "%s\n" "$response" > "$file.tmp"
+              mv "$file.tmp" "$file"
+            else
+              echo "Error: invalid YAML in response for $file"
+              printf "%s\n" "$response" > "${file}.debug.txt"
+              exit 1
+            fi
+          done

      - name: Commit files
-        if: steps.cve-annotate.outputs.CHANGES > 0
+        if: steps.templateman-enhance.outputs.CHANGES > 0
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git pull
-          git add cves
-          git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
+          git add .
+          git commit -m "Templateman Enhancement [$(date)] :robot:" -a

      - name: Push changes
        if: steps.cve-annotate.outputs.CHANGES > 0
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
-          branch: ${{ github.ref }}
+          branch: ${{ github.ref }}