name: ✍🏻 CVE Annotate

on:
  push:
    branches:
      - master
  workflow_dispatch:

jobs:
  docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          persist-credentials: false
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/setup-go@v2
        with:
          go-version: 1.17

      - name: Generate CVE Annotations
        id: cve-annotate
        run: |
          if ! which cve-annotate > /dev/null; then
            echo -e "Command cve-annotate not found! Installing\c"
            go install github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@dev
          fi
          cve-annotate -i ./cves/ -d .
          echo "::set-output name=changes::$(git status -s | wc -l)"

      - name: Commit files
        if: steps.cve-annotate.outputs.changes > 0
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git add cves
          git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a

      - name: Push changes
        if: steps.cve-annotate.outputs.changes > 0
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: ${{ github.ref }}