name: Build IP lists permissions: contents: read on: repository_dispatch: types: run-build-lists workflow_dispatch: schedule: - cron: "30 */8 * * *" jobs: build-scanners-list: name: Build scanners list environment: name: sudo-bot runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Cache cargo binaries uses: actions/cache@v3 id: cache-dns-ptr-resolver with: path: ~/.cargo/bin/dns-ptr-resolver key: ${{ runner.os }}-cargo-bin-kbs-1.0.0 - name: Set up toolchain if: steps.cache-dns-ptr-resolver.outputs.cache-hit != 'true' uses: actions-rs/toolchain@v1 with: profile: minimal toolchain: 1.64.0 override: true - name: Install dns-ptr-resolver if: steps.cache-dns-ptr-resolver.outputs.cache-hit != 'true' run: cargo install dns-ptr-resolver@1.0.0 #- name: Build the binaryedge list # run: ./make-binaryedge.sh - name: Build the stretchoid list run: ./make-stretchoid.sh - name: Post the summary run: | git add -A printf '### Diff\n```diff\n%s\n```\n' "$(git diff --staged)" >> $GITHUB_STEP_SUMMARY - name: Extract secrets run: | printf '%s' "${{ secrets.GH_APP_JWT_PRIV_PEM_CONTENTS }}" > ${HOME}/.secret_jwt.pem printf '%s' "${{ secrets.GPG_PRIVATE_KEY }}" > ${HOME}/.private-key.asc - uses: actions/setup-node@v3 with: node-version: 18 - name: Get yarn cache directory path id: yarn-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT - name: yarn cache uses: actions/cache@v3 with: path: ${{ steps.yarn-cache-dir-path.outputs.dir }} key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} restore-keys: | ${{ runner.os }}-yarn- - name: Install sudo-bot run: yarn global add sudo-bot - name: Run sudo-bot run: | sudo-bot --verbose \ --jwt-file="${HOME}/.secret_jwt.pem" \ --gh-app-id='17453' \ --installation-id="${{ secrets.INSTALLATION_ID }}" \ --repository-slug='datacenters-network/security' \ --target-branch='main' \ --assign='williamdes' \ --commit-author-email='sudo-bot@wdes.fr' \ --commit-author-name='Sudo Bot' \ --gpg-private-key-file="${HOME}/.private-key.asc" \ --template="$GITHUB_WORKSPACE/.github/sudo-bot-template.js" \ --gpg-private-key-passphrase="${{ secrets.GPG_PASSPHRASE }}" - name: Purge secrets if: always() run: | rm -v ${HOME}/.secret_jwt.pem rm -v ${HOME}/.private-key.asc build-aws-cloudfront: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Build the AWS CloudFront list run: ./make-aws-cloudfront-range.sh - name: Post the summary run: | git add -A printf '### Diff\n```diff\n%s\n```\n' "$(git diff --staged)" >> $GITHUB_STEP_SUMMARY