name: ✍🏻 CVE Annotate on: push: branches: - master workflow_dispatch: jobs: docs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Get Github tag id: meta run: | echo "::set-output name=tag::$(curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name)" - name: Setup CVE annotate if: steps.meta.outputs.tag != '' env: VERSION: ${{ steps.meta.outputs.tag }} run: | wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip sudo unzip cve-annotate.zip -d /usr/local/bin working-directory: /tmp - name: Generate CVE Annotations id: cve-annotate run: | cve-annotate -i . -d . echo "::set-output name=changes::$(git status -s | wc -l)" - name: Commit files if: steps.cve-annotate.outputs.changes > 0 run: | git config --local user.email "action@github.com" git config --local user.name "GitHub Action" git pull git add cves git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a - name: Push changes if: steps.cve-annotate.outputs.changes > 0 uses: ad-m/github-push-action@master with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref }}