49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
name: ✍🏻 CVE Annotate
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
docs:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Get Github tag
|
|
id: meta
|
|
run: |
|
|
curl --silent "https://api.github.com/repos/projectdiscovery/nuclei/releases/latest" | jq -r .tag_name | xargs -I {} echo TAG={} >> $GITHUB_OUTPUT
|
|
|
|
- name: Setup CVE annotate
|
|
if: steps.meta.outputs.TAG != ''
|
|
env:
|
|
VERSION: ${{ steps.meta.outputs.TAG }}
|
|
run: |
|
|
wget -q https://github.com/projectdiscovery/nuclei/releases/download/${VERSION}/cve-annotate.zip
|
|
sudo unzip cve-annotate.zip -d /usr/local/bin
|
|
working-directory: /tmp
|
|
|
|
- name: Generate CVE Annotations
|
|
id: cve-annotate
|
|
run: |
|
|
cve-annotate -i . -d .
|
|
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
|
|
|
|
- name: Commit files
|
|
if: steps.cve-annotate.outputs.CHANGES > 0
|
|
run: |
|
|
git config --local user.email "action@github.com"
|
|
git config --local user.name "GitHub Action"
|
|
git pull
|
|
git add cves
|
|
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
|
|
|
|
- name: Push changes
|
|
if: steps.cve-annotate.outputs.CHANGES > 0
|
|
uses: ad-m/github-push-action@master
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
branch: ${{ github.ref }} |