pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

build: replace PAT with ORG_REPO_TOKEN (#245)

Browse Source 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Teppei Fukuda 2023-09-28 11:17:51 +03:00 committed by GitHub
parent 8d2a522b96
commit 8b9bdf21bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 35 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/debian.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
name: Update vuln-list-debian
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
VULN_LIST_DIR: "vuln-list-debian"
steps:
- name: Check out code
@ -24,7 +24,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
token: ${{ secrets.ACCESS_TOKEN }}
token: ${{ secrets.ORG_REPO_TOKEN }}
path: ${{ env.VULN_LIST_DIR }}
- name: Setup github user email and name
@ -37,4 +37,4 @@ jobs:
- if: always()
name: Debian Security Bug Tracker
run: ./update.sh debian "Debian Security Bug Tracker"
run: ./scripts/update.sh debian "Debian Security Bug Tracker"

6
.github/workflows/k8s.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
name: Update vuln-list-k8s
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
VULN_LIST_DIR: "vuln-list-k8s"
REPOSITORY_OWNER: ${{ github.repository_owner }}
steps:
@ -25,7 +25,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: ${{ env.REPOSITORY_OWNER }}/${{ env.VULN_LIST_DIR }}
token: ${{ secrets.ACCESS_TOKEN }}
token: ${{ secrets.ORG_REPO_TOKEN }}
path: ${{ env.VULN_LIST_DIR }}
- name: Setup github user email and name
@ -38,4 +38,4 @@ jobs:
- if: always()
name: K8s official vulnerability advisory
run: ./create_pr.sh k8s
run: ./scripts/create_pr.sh k8s

6
.github/workflows/nvd.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
name: Update vuln-list-nvd
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
VULN_LIST_DIR: "vuln-list-nvd"
steps:
- name: Check out code
@ -24,7 +24,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
token: ${{ secrets.ACCESS_TOKEN }}
token: ${{ secrets.ORG_REPO_TOKEN }}
path: ${{ env.VULN_LIST_DIR }}
- name: Setup github user email and name
@ -37,4 +37,4 @@ jobs:
- if: always()
name: NVD
run: ./update.sh nvd "NVD"
run: ./scripts/update.sh nvd "NVD"

8
.github/workflows/redhat.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
name: Update vuln-list-redhat
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
VULN_LIST_DIR: "vuln-list-redhat"
steps:
- name: Check out code
@ -24,7 +24,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
token: ${{ secrets.ACCESS_TOKEN }}
token: ${{ secrets.ORG_REPO_TOKEN }}
path: ${{ env.VULN_LIST_DIR }}
- name: Setup github user email and name
@ -37,8 +37,8 @@ jobs:
- if: always()
name: Red Hat OVALv2
run: ./update.sh redhat-oval "Red Hat OVAL v2"
run: ./scripts/update.sh redhat-oval "Red Hat OVAL v2"
- if: always()
name: Red Hat Security Data API
run: ./update.sh redhat "Red Hat Security Data API"
run: ./scripts/update.sh redhat "Red Hat Security Data API"

4
.github/workflows/squash.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/vuln-list
token: ${{ secrets.ACCESS_TOKEN }}
token: ${{ secrets.ORG_REPO_TOKEN }}
path: vuln-list
fetch-depth: 2000
@ -32,4 +32,4 @@ jobs:
cd vuln-list
git replace -f --graft $(git rev-list --max-parents=0 HEAD)
git filter-repo --force
git push --force --set-upstream https://${{ secrets.ACCESS_TOKEN }}@github.com/${{ github.repository_owner }}/vuln-list.git main
git push --force --set-upstream https://${{ secrets.ORG_REPO_TOKEN }}@github.com/${{ github.repository_owner }}/vuln-list.git main

36
.github/workflows/update.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
name: Update repo vuln-list
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
VULN_LIST_DIR: "vuln-list"
steps:
- name: Check out code
@ -24,7 +24,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/vuln-list
token: ${{ secrets.ACCESS_TOKEN }}
token: ${{ secrets.ORG_REPO_TOKEN }}
path: ${{ env.VULN_LIST_DIR }}
- name: Setup github user email and name
@ -37,64 +37,64 @@ jobs:
- if: always()
name: Alpine Issue Tracker
run: ./update.sh alpine "Alpine Issue Tracker"
run: ./scripts/update.sh alpine "Alpine Issue Tracker"
- if: always()
name: Alpine Unfixed Vulnerability Tracker
run: ./update.sh alpine-unfixed "Alpine Secshfixes Tracker"
run: ./scripts/update.sh alpine-unfixed "Alpine Secshfixes Tracker"
- if: always()
name: Ubuntu CVE Tracker
run: ./update.sh ubuntu "Ubuntu CVE Tracker"
run: ./scripts/update.sh ubuntu "Ubuntu CVE Tracker"
- if: always()
name: Amazon Linux AMI Security Advisory
run: ./update.sh amazon "Amazon Linux Security Center"
run: ./scripts/update.sh amazon "Amazon Linux Security Center"
- if: always()
name: Oracle Linux OVAL
run: ./update.sh oracle-oval "Oracle Linux OVAL"
run: ./scripts/update.sh oracle-oval "Oracle Linux OVAL"
- if: always()
name: Photon CVE Advisory
run: ./update.sh photon "Photon Security Advisories"
run: ./scripts/update.sh photon "Photon Security Advisories"
- if: always()
name: GitHub Security Advisory
run: ./update.sh ghsa "GitHub Security Advisory"
run: ./scripts/update.sh ghsa "GitHub Security Advisory"
- if: always()
name: CWE
run: ./update.sh cwe "CWE"
run: ./scripts/update.sh cwe "CWE"
- if: always()
name: SUSE CVRF
run: ./update.sh suse-cvrf "SUSE CVRF"
run: ./scripts/update.sh suse-cvrf "SUSE CVRF"
- if: always()
name: GitLab Advisory Database
run: ./update.sh glad "GitLab Advisory Database"
run: ./scripts/update.sh glad "GitLab Advisory Database"
- if: always()
name: AlmaLinux Security Advisory
run: ./update.sh alma "AlmaLinux Security Advisory"
run: ./scripts/update.sh alma "AlmaLinux Security Advisory"
- if: always()
name: Rocky Linux Security Advisory
run: ./update.sh rocky "Rocky Linux Security Advisory"
run: ./scripts/update.sh rocky "Rocky Linux Security Advisory"
- if: always()
name: CBL-Mariner Vulnerability Data
run: ./update.sh mariner "CBL-Mariner Vulnerability Data"
run: ./scripts/update.sh mariner "CBL-Mariner Vulnerability Data"
- if: always()
name: OSV Database
run: ./update.sh osv "OSV Database"
run: ./scripts/update.sh osv "OSV Database"
- if: always()
name: Wolfi Secdb
run: ./update.sh wolfi "Wolfi Security Data"
run: ./scripts/update.sh wolfi "Wolfi Security Data"
- if: always()
name: Chainguard Secdb
run: ./update.sh chainguard "Chainguard Security Data"
run: ./scripts/update.sh chainguard "Chainguard Security Data"

16
push.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
DIR=$1
ADD=$2
MESSAGE=$3
cd $DIR
git add $2
git commit -m "$3"
ret=$?
if [ $ret = 0 ]; then
git push https://${GITHUB_TOKEN}@github.com/aquasecurity/vuln-list.git main
else
echo "skip push"
fi

2
create_pr.sh → scripts/create_pr.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash -eu
TARGET=$1

2
update.sh → scripts/update.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/bash -eu
TARGET=$1
COMMIT_MSG=$2