github.com/anchore/syft@v1.38.2/.github/workflows/update-cpe-dictionary-index.yml

github.com/anchore/syft@v1.38.2/.github/workflows/update-cpe-dictionary-index.yml (about)

     1  name: PR to update CPE dictionary index
     2  on:
     3    schedule:
     4      - cron: "0 1 * * 1" # every monday at 1 AM
     5  
     6    workflow_dispatch:
     7  
     8  permissions:
     9    contents: read
    10  
    11  env:
    12    SLACK_NOTIFICATIONS: true
    13  
    14  jobs:
    15    upgrade-cpe-dictionary-index:
    16      runs-on: ubuntu-latest
    17      permissions:
    18        contents: read
    19        packages: write
    20      if: github.repository == 'anchore/syft' # only run for main repo
    21      steps:
    22        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1
    23          with:
    24            persist-credentials: false
    25  
    26        - name: Bootstrap environment
    27          uses: ./.github/actions/bootstrap
    28          id: bootstrap
    29  
    30        - name: Login to GitHub Container Registry
    31          run: echo "${{ secrets.GITHUB_TOKEN }}" | .tool/oras login ghcr.io -u "$ACTOR" --password-stdin
    32          env:
    33            ACTOR: ${{ github.actor }}
    34  
    35        - name: Pull CPE cache from registry
    36          run: make generate:cpe-index:cache:pull
    37  
    38        - name: Update CPE cache from NVD API
    39          run: make generate:cpe-index:cache:update
    40          env:
    41            NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
    42  
    43        - name: Generate CPE dictionary index
    44          run: make generate:cpe-index:build
    45  
    46        - name: Push updated CPE cache to registry
    47          run: make generate:cpe-index:cache:push
    48  
    49        - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1
    50          id: generate-token
    51          with:
    52            app-id: ${{ secrets.TOKEN_APP_ID }}
    53            private-key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
    54  
    55        - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 #v7.0.11
    56          with:
    57            signoff: true
    58            delete-branch: true
    59            branch: auto/latest-cpe-dictionary-index
    60            labels: dependencies
    61            commit-message: "chore(deps): update CPE dictionary index"
    62            title: "chore(deps): update CPE dictionary index"
    63            body: |
    64              Update CPE dictionary index based on the latest available CPE dictionary
    65            token: ${{ steps.generate-token.outputs.token }}
    66  
    67        - uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e #v3.19.0
    68          with:
    69            status: ${{ job.status }}
    70            fields: workflow,eventName,job
    71            text: Syft CPE dictionary index update failed
    72          env:
    73            SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
    74          if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }}