Skip to content

Daily CVE Processing and Release #125

Daily CVE Processing and Release

Daily CVE Processing and Release #125

Workflow file for this run

name: Daily CVE Processing and Release
on:
schedule:
- cron: '0 0 * * *' # Runs at midnight every day
workflow_dispatch: # Allows for manual triggering of the workflow
jobs:
download-process-release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install requests
- name: Download and process data
run: |
python sync.py
- name: Set environment variables for date
id: date
run: |
echo "TAG_DATE=$(date +%Y%m%d)" >> $GITHUB_ENV
echo "RELEASE_DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
- name: Create GitHub Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: nvd-web-cves-${{ env.TAG_DATE }}
release_name: NVD Web CVEs ${{ env.RELEASE_DATE }}
body: "Automated daily release of processed CVE data."
draft: false
prerelease: false
- name: Install GitHub CLI
run: |
sudo apt-get update
sudo apt-get install -y gh
- name: Upload Release Assets
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tag_name="nvd-web-cves-${{ env.TAG_DATE }}"
echo "Release ID: ${{ steps.create_release.outputs.id }}"
echo "Tag name: $tag_name"
for file in releases/*.json.xz; do
echo "Uploading $file"
gh release upload "$tag_name" "$file" --clobber || echo "Failed to upload $file"
done
- name: Remove old releases
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
current_date=$(date +%s)
gh release list --limit 100 --json tagName --jq '.[] | [.tagName] | @tsv' | while read -r tagName; do
# Extract the date from the tagName
release_date=$(echo $tagName | grep -oP '\d{8}')
# Convert the extracted date into seconds
release_date_seconds=$(date -d "$release_date" +%s 2>/dev/null)
# If the date conversion was successful
if [ $? -eq 0 ]; then
release_age_days=$(( (current_date - release_date_seconds) / 86400 ))
if [ $release_age_days -gt 30 ]; then
echo "Deleting release $tagName (age: $release_age_days days)"
gh release delete "$tagName" --yes
# Delete the associated tag
echo "Deleting tag $tagName"
git push origin --delete $tagName || echo "Failed to delete tag $tagName"
fi
else
echo "Failed to extract or parse the date for release $tagName"
fi
done