name: ✍🏻 CVE Annotate

on:
  push:
    branches:
      - master
  workflow_dispatch:

jobs:
  docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: Get Github tag
        id: meta
        run: |
          echo "::set-output name=tag::$(curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name)"

      - name: Setup CVE annotate
        if: steps.meta.outputs.tag != ''
        env:
          VERSION: ${{ steps.meta.outputs.tag }}
        run: |
          wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
          sudo unzip cve-annotate.zip -d /usr/local/bin
        working-directory: /tmp

      - name: Generate CVE Annotations
        id: cve-annotate
        run: |
          cve-annotate -i ./cves/ -d .
          echo "::set-output name=changes::$(git status -s | wc -l)"

      - name: Commit files
        if: steps.cve-annotate.outputs.changes > 0
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git pull
          git add cves
          git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a

      - name: Push changes
        if: steps.cve-annotate.outputs.changes > 0
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: ${{ github.ref }}