Daily CVE Processing and Release #125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Daily CVE Processing and Release | |
on: | |
schedule: | |
- cron: '0 0 * * *' # Runs at midnight every day | |
workflow_dispatch: # Allows for manual triggering of the workflow | |
jobs: | |
download-process-release: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install requests | |
- name: Download and process data | |
run: | | |
python sync.py | |
- name: Set environment variables for date | |
id: date | |
run: | | |
echo "TAG_DATE=$(date +%Y%m%d)" >> $GITHUB_ENV | |
echo "RELEASE_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV | |
- name: Create GitHub Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: nvd-web-cves-${{ env.TAG_DATE }} | |
release_name: NVD Web CVEs ${{ env.RELEASE_DATE }} | |
body: "Automated daily release of processed CVE data." | |
draft: false | |
prerelease: false | |
- name: Install GitHub CLI | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y gh | |
- name: Upload Release Assets | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
tag_name="nvd-web-cves-${{ env.TAG_DATE }}" | |
echo "Release ID: ${{ steps.create_release.outputs.id }}" | |
echo "Tag name: $tag_name" | |
for file in releases/*.json.xz; do | |
echo "Uploading $file" | |
gh release upload "$tag_name" "$file" --clobber || echo "Failed to upload $file" | |
done | |
- name: Remove old releases | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
current_date=$(date +%s) | |
gh release list --limit 100 --json tagName --jq '.[] | [.tagName] | @tsv' | while read -r tagName; do | |
# Extract the date from the tagName | |
release_date=$(echo $tagName | grep -oP '\d{8}') | |
# Convert the extracted date into seconds | |
release_date_seconds=$(date -d "$release_date" +%s 2>/dev/null) | |
# If the date conversion was successful | |
if [ $? -eq 0 ]; then | |
release_age_days=$(( (current_date - release_date_seconds) / 86400 )) | |
if [ $release_age_days -gt 30 ]; then | |
echo "Deleting release $tagName (age: $release_age_days days)" | |
gh release delete "$tagName" --yes | |
# Delete the associated tag | |
echo "Deleting tag $tagName" | |
git push origin --delete $tagName || echo "Failed to delete tag $tagName" | |
fi | |
else | |
echo "Failed to extract or parse the date for release $tagName" | |
fi | |
done | |