name: ✍🏻 CVE Annotate

on:
  push:
    branches:
      - main
    paths:
      - '**/cves/**.yaml'
  workflow_dispatch:

jobs:
  docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with: 
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.19

      - name: cve-annotate install
        run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest

      - name: Generate CVE Annotations
        id: cve-annotate
        run: |
          cve-annotate -i . -d .
          git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT

      - name: Commit files
        if: steps.cve-annotate.outputs.CHANGES > 0
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git add .
          git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a

      - name: Push changes
        if: steps.cve-annotate.outputs.CHANGES > 0
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: ${{ github.ref }}