Skip to content

Check NIST database #403

Check NIST database

Check NIST database #403

Workflow file for this run

name: 'Check NIST database'
on:
schedule:
- cron: '30 1 * * *'
workflow_dispatch:
permissions:
issues: write
pull-requests: write
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout 'uazo/cromite' ${{ env.BRANCH }}
uses: actions/checkout@v2
with:
repository: 'uazo/cromite'
ref: ${{ github.event.inputs.rtag }}
path: 'cromite'
fetch-depth: 1
- name: Get data
run: |
sudo apt update
DEBIAN_FRONTEND=noninteractive sudo apt install -y sed
export HOME=$GITHUB_WORKSPACE
cd ~/cromite/tools
test -d cves || mkdir -p cves
cd cves
CY=$(date +%Y)
for i in $(seq 2020 $CY)
do
echo Asking for $i year
docker run --rm --name tapir stratosphereips/tapir:latest \
bash -c "python3 tapir.py -y $i libjxl -s" >>libjxl.ansi
done
sed -e 's/\x1b\[[0-9;]*m//g' <libjxl.ansi >libjxl.txt
rm libjxl.ansi
- name: Check differences
run: |
export HOME=$GITHUB_WORKSPACE
cd ~/cromite
CHANGES=0 && git diff --quiet || CHANGES=1
echo "CHANGES=$CHANGES" >> $GITHUB_ENV
if [[ CHANGES -eq 1 ]]; then
git add tools/cves/*.txt
git diff --name-only --staged
fi
- name: Create Pull Request
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0
if: env.CHANGES == '1'
with:
token: ${{ secrets.CROMITE_PULLS }}
path: cromite
base: ${{ env.BRANCH }}
#push-to-fork: uazo/cromite
add-paths: |
tools/cves/*.txt
commit-message: 'AUTOMATED - CVE results'
title: New CVE results
delete-branch: true
branch-suffix: short-commit-hash