Ingest Cloud OSV #21920
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Ingest Cloud OSV | |
| on: | |
| schedule: | |
| - cron: '*/30 * * * *' # Every hour | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| ingest-osv: | |
| name: Ingest Cloud OSV | |
| continue-on-error: false | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 # Don't allow the job to run too long. | |
| permissions: | |
| actions: read | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| token: ${{ secrets.GH_TOKEN }} | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| with: | |
| go-version: "1.21" | |
| # gocloud has an issue where it requires an ADC file to work with GCS, even | |
| # for anonymous requests. This change tricks the auth code into succeeding. | |
| - name: GCP Credential Workaround | |
| run: | | |
| echo '{ "type": "service_account" }' > .dummy_adc.json | |
| # Setup v2 credentials for accessing AWS S3 buckets. Each set of credentials | |
| # is given its own profile which is then set in the config using the | |
| # "profile=PROFILENAME" query parameter in the source's bucket URL. | |
| - name: AWS Credentials | |
| run: | | |
| mkdir "$HOME/.aws" | |
| envsubst >"$HOME/.aws/credentials" <<EOF | |
| [reversinglabs] | |
| aws_access_key_id = $RL_AWS_ACCESS_KEY_ID | |
| aws_secret_access_key = $RL_AWS_SECRET_ACCESS_KEY | |
| EOF | |
| echo '[profile reversinglabs]' > "$HOME/.aws/config" | |
| env: | |
| RL_AWS_ACCESS_KEY_ID: ${{ secrets.REVERSINGLABS_AWS_KEY_ID }} | |
| RL_AWS_SECRET_ACCESS_KEY: ${{ secrets.REVERSINGLABS_AWS_KEY_SECRET }} | |
| - name: Ingest OSV | |
| run: | | |
| go run ./cmd/ingest -config config/config.yaml -start-keys config/start-keys.yaml | |
| env: | |
| GOOGLE_APPLICATION_CREDENTIALS: .dummy_adc.json | |
| - name: Prepare commit | |
| run: | | |
| git config user.name github-actions | |
| git config user.email github-actions@github.com | |
| git add osv config/start-keys.yaml | |
| - name: Commit report changes | |
| run: git diff --cached --quiet || git commit -m 'Ingest OSV - Cloud Storage' | |
| - name: Push commit | |
| run: git push |