Skip to content

.github/workflows/generate.yml #1216

.github/workflows/generate.yml

.github/workflows/generate.yml #1216

Workflow file for this run

on:
push:
branches:
- master
schedule:
- cron: "0 0 * * *"
workflow_dispatch: # Manual
permissions:
contents: write
jobs:
security_artifacts:
runs-on: ubuntu-latest
steps:
- name: Checkout NVD repo
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: release
- name: Checkout Fleet
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
repository: fleetdm/fleet
fetch-depth: 1
ref: main
token: ${{ github.token }}
path: fleet
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: 'fleet/go.mod'
- name: Generate security artifacts
run: |
cd fleet
export NVD_API_KEY=${{ secrets.NVD_API_KEY }}
export NETWORK_TEST_GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
go run -tags fts5 cmd/cpe/generate.go
go run cmd/msrc/generate.go
go run cmd/macoffice/generate.go
- name: Current date
id: date
run: |
echo "date=$(date +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT
# Note that a new commit must be made for each release, otherwise GitHub does not order
# the releases properly.
- name: Tag
run: |
git config --global user.email ""
git config --global user.name "GitHub Actions Bot"
git commit --allow-empty -m 'Release ${{ steps.date.outputs.date }}'
git push origin release
- name: Release
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
with:
files: |
fleet/*.sqlite.gz
fleet/server/vulnerabilities/nvd/cpe_translations.json
fleet/msrc_out/*.json
fleet/macoffice_rel_notes/*.json
tag_name: ${{ steps.date.outputs.date }}
target_commitish: release
token: ${{ secrets.GITHUB_TOKEN }}
- name: Slack Notification
if: failure()
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
with:
payload: |
{
"text": "${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head.html_url }}",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "Security artifacts generation result: ${{ job.status }}\nhttps://github.com/fleetdm/nvd/actions/runs/${{ github.run_id }}\n${{ github.event.pull_request.html_url || github.event.head.html_url }}"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_G_HELP_P1_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK