Update cve-annotate.yml

patch-1
Prince Chaddha 2023-03-27 00:20:56 +05:30 committed by GitHub
parent 1d3f792d38
commit 6491fe19e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 18 deletions

View File

@ -1,11 +1,12 @@
name: ✍🏻 CVE Annotate
name: TemplateMan
on:
push:
branches:
- main
pull_request:
paths:
- 'cves/**.yaml'
- '**.yaml'
workflow_dispatch:
jobs:
@ -16,28 +17,39 @@ jobs:
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19
- name: cve-annotate install
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest
- name: Generate CVE Annotations
id: cve-annotate
- name: Install dependencies
run: |
cve-annotate -i . -d .
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
sudo apt-get update
sudo apt-get install -y python3-pip
pip3 install pyyaml
- name: Send YAML to endpoint and check response
id: templateman-enhance
run: |
API_ENDPOINT="https://orca-app-65k3t.ondigitalocean.app/enhance?resp_format=plain"
FILENAME="${GITHUB_WORKSPACE}/${{ github.event.pull_request.head.repo.full_name }}/${{ github.event.pull_request.head.ref }}/${{ github.event.pull_request.changed_files }}"
for file in $(git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" --diff-filter=AM | grep "\.yaml$"); do
echo "Sending file: $file"
response=$(curl -X POST -H "Content-Type: application/x-yaml" --data-binary "@$file" "$API_ENDPOINT")
if python -c "import yaml, sys; yaml.safe_load(sys.stdin)" <<< "$response"; then
echo "Response is valid YAML, updating file..."
printf "%s\n" "$response" > "$file.tmp"
mv "$file.tmp" "$file"
else
echo "Error: invalid YAML in response for $file"
printf "%s\n" "$response" > "${file}.debug.txt"
exit 1
fi
done
- name: Commit files
if: steps.cve-annotate.outputs.CHANGES > 0
if: steps.templateman-enhance.outputs.CHANGES > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git pull
git add cves
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
git add .
git commit -m "Templateman Enhancement [$(date)] :robot:" -a
- name: Push changes
if: steps.cve-annotate.outputs.CHANGES > 0