Software - Update version and security info #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Software - Update version and security info" | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onschedule | |
| # * is a special character in YAML so you have to quote this string | |
| - cron: '30 8 14,28 * *' | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| config: ["SOFTWARE_GITHUB_ADADVISORY_DATABASE_PATH=advisory_database"] | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v4 | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' # Version range or exact version of a Python version to use, using SemVer's version range syntax | |
| architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified | |
| - name: Setup dependencies using pip | |
| run: pip install -r requirements.txt | |
| - name: Setup Node.js (v4 version 20.x) | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20.x' | |
| - name: Setup SpeedIndex dependencies (ONLY used for Sitespeed) - Linux | |
| run: | | |
| sudo apt-get update -y | |
| sudo apt-get install -y imagemagick libjpeg-dev xz-utils --no-install-recommends --force-yes | |
| python -m pip install --upgrade pip | |
| python -m pip install --upgrade setuptools | |
| python -m pip install pyssim Pillow image | |
| sudo apt install ffmpeg | |
| - name: Setup Google Chrome browser (ONLY used for Sitespeed) - Linux | |
| run: | | |
| wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - | |
| sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' | |
| sudo apt-get update | |
| sudo apt-get --only-upgrade install google-chrome-stable | |
| google-chrome --version | |
| - name: Setup npm packages | |
| run: npm install --production | |
| - name: Update USER_AGENT in our defaults/settings.json | |
| run: python update_software.py -b | |
| - name: Checkout advisory-database repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: github/advisory-database | |
| ref: main | |
| path: | |
| advisory_database | |
| sparse-checkout: | | |
| advisories | |
| - name: Verifing Software(s) | |
| run: python update_software.py -d ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create pull request | |
| uses: peter-evans/create-pull-request@v6 | |
| with: | |
| commit-message: Update software and license definitions | |
| branch: software-definition-updates | |
| title: Scheduled Software Definition Update | |
| body: | | |
| This pull request is used to make it easier to keep the software definitions up to date. | |
| Following files may be touched: | |
| - software-sources.json | |
| - software-full.json | |
| - defaults/software-rules.json | |
| - defaults/settings.json | |
| assignees: 7h3Rabbit | |
| reviewers: 7h3Rabbit | |
| add-paths: | | |
| software-sources.json | |
| software-full.json | |
| defaults/software-rules.json | |
| defaults/settings.json |