Update cve-annotate.yml
parent
1d3f792d38
commit
6491fe19e2
|
@ -1,11 +1,12 @@
|
|||
name: ✍🏻 CVE Annotate
|
||||
name: TemplateMan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
pull_request:
|
||||
paths:
|
||||
- 'cves/**.yaml'
|
||||
- '**.yaml'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
@ -16,28 +17,39 @@ jobs:
|
|||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: 1.19
|
||||
|
||||
- name: cve-annotate install
|
||||
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest
|
||||
|
||||
- name: Generate CVE Annotations
|
||||
id: cve-annotate
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
cve-annotate -i . -d .
|
||||
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y python3-pip
|
||||
pip3 install pyyaml
|
||||
|
||||
- name: Send YAML to endpoint and check response
|
||||
id: templateman-enhance
|
||||
run: |
|
||||
API_ENDPOINT="https://orca-app-65k3t.ondigitalocean.app/enhance?resp_format=plain"
|
||||
FILENAME="${GITHUB_WORKSPACE}/${{ github.event.pull_request.head.repo.full_name }}/${{ github.event.pull_request.head.ref }}/${{ github.event.pull_request.changed_files }}"
|
||||
for file in $(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" --diff-filter=AM | grep "\.yaml$"); do
|
||||
echo "Sending file: $file"
|
||||
response=$(curl -X POST -H "Content-Type: application/x-yaml" --data-binary "@$file" "$API_ENDPOINT")
|
||||
if python -c "import yaml, sys; yaml.safe_load(sys.stdin)" <<< "$response"; then
|
||||
echo "Response is valid YAML, updating file..."
|
||||
printf "%s\n" "$response" > "$file.tmp"
|
||||
mv "$file.tmp" "$file"
|
||||
else
|
||||
echo "Error: invalid YAML in response for $file"
|
||||
printf "%s\n" "$response" > "${file}.debug.txt"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
- name: Commit files
|
||||
if: steps.cve-annotate.outputs.CHANGES > 0
|
||||
if: steps.templateman-enhance.outputs.CHANGES > 0
|
||||
run: |
|
||||
git config --local user.email "action@github.com"
|
||||
git config --local user.name "GitHub Action"
|
||||
git pull
|
||||
git add cves
|
||||
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
|
||||
git add .
|
||||
git commit -m "Templateman Enhancement [$(date)] :robot:" -a
|
||||
|
||||
- name: Push changes
|
||||
if: steps.cve-annotate.outputs.CHANGES > 0
|
||||
|
|
Loading…
Reference in New Issue