name: Build IP lists

permissions:
    contents: read

on:
    repository_dispatch:
        types: run-build-lists
    workflow_dispatch:
    schedule:
        - cron: "30 */8 * * *"

jobs:
    build-scanners-list:
        name: Build scanners list
        environment:
            name: sudo-bot
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v3
            - name: Cache cargo binaries
              uses: actions/cache@v3
              id: cache-dns-ptr-resolver
              with:
                  path: ~/.cargo/bin/dns-ptr-resolver
                  key: ${{ runner.os }}-cargo-bin-kbs-1.0.0
            - name: Set up toolchain
              if: steps.cache-dns-ptr-resolver.outputs.cache-hit != 'true'
              uses: actions-rs/toolchain@v1
              with:
                  profile: minimal
                  toolchain: 1.64.0
                  override: true
            - name: Install dns-ptr-resolver
              if: steps.cache-dns-ptr-resolver.outputs.cache-hit != 'true'
              run: cargo install dns-ptr-resolver@1.0.0
            #- name: Build the binaryedge list
            #  run: ./make-binaryedge.sh
            - name: Build the stretchoid list
              run: ./make-stretchoid.sh
            - name: Post the summary
              run: |
                git add -A
                printf '### Diff\n```diff\n%s\n```\n' "$(git diff --staged)" >> $GITHUB_STEP_SUMMARY
            - name: Extract secrets
              run: |
                  printf '%s' "${{ secrets.GH_APP_JWT_PRIV_PEM_CONTENTS }}" > ${HOME}/.secret_jwt.pem
                  printf '%s' "${{ secrets.GPG_PRIVATE_KEY }}" > ${HOME}/.private-key.asc
            - uses: actions/setup-node@v3
              with:
                  node-version: 18
            - name: Get yarn cache directory path
              id: yarn-cache-dir-path
              run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
            - name: yarn cache
              uses: actions/cache@v3
              with:
                  path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
                  key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
                  restore-keys: |
                      ${{ runner.os }}-yarn-
            - name: Install sudo-bot
              run: yarn global add sudo-bot
            - name: Run sudo-bot
              run: |
                  sudo-bot --verbose \
                    --jwt-file="${HOME}/.secret_jwt.pem" \
                    --gh-app-id='17453' \
                    --installation-id="${{ secrets.INSTALLATION_ID }}" \
                    --repository-slug='datacenters-network/security' \
                    --target-branch='main' \
                    --assign='williamdes' \
                    --commit-author-email='sudo-bot@wdes.fr' \
                    --commit-author-name='Sudo Bot' \
                    --gpg-private-key-file="${HOME}/.private-key.asc" \
                    --template="$GITHUB_WORKSPACE/.github/sudo-bot-template.js" \
                    --gpg-private-key-passphrase="${{ secrets.GPG_PASSPHRASE }}"
            - name: Purge secrets
              if: always()
              run: |
                  rm -v ${HOME}/.secret_jwt.pem
                  rm -v ${HOME}/.private-key.asc

    build-aws-cloudfront:
        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v3
            - name: Build the AWS CloudFront list
              run: ./make-aws-cloudfront-range.sh
            - name: Post the summary
              run: |
                git add -A
                printf '### Diff\n```diff\n%s\n```\n' "$(git diff --staged)" >> $GITHUB_STEP_SUMMARY