feat(ci): add euvd

MaineK00n · MaineK00n · commit 93c1f74312d1 · 2025-12-02T18:37:37.000+09:00
diff --git a/.github/workflows/archive-raw.yml b/.github/workflows/archive-raw.yml
@@ -52,6 +52,8 @@ jobs:
           - "endoflife-date-products"
           - "erlang-ghsa"
           - "erlang-osv"
+          # - "enisa-euvd-detail"
+          - "enisa-euvd-list"
           - "exploit-exploitdb"
           - "exploit-github"
           - "exploit-inthewild"
diff --git a/.github/workflows/archive.yml b/.github/workflows/archive.yml
@@ -54,6 +54,8 @@ on:
           - vuls-data-raw-endoflife-date-products
           - vuls-data-raw-erlang-ghsa
           - vuls-data-raw-erlang-osv
+          # - vuls-data-raw-enisa-euvd-detail
+          - vuls-data-raw-enisa-euvd-list
           - vuls-data-raw-exploit-exploitdb
           - vuls-data-raw-exploit-github
           - vuls-data-raw-exploit-inthewild
diff --git a/.github/workflows/backup-daily.yml b/.github/workflows/backup-daily.yml
@@ -77,6 +77,8 @@ jobs:
           - vuls-data-raw-epss
           - vuls-data-raw-erlang-ghsa
           - vuls-data-raw-erlang-osv
+          # - vuls-data-raw-enisa-euvd-detail
+          - vuls-data-raw-enisa-euvd-list
           - vuls-data-raw-exploit-exploitdb
           - vuls-data-raw-exploit-github
           - vuls-data-raw-exploit-inthewild
diff --git a/.github/workflows/backup-monthly.yml b/.github/workflows/backup-monthly.yml
@@ -77,6 +77,8 @@ jobs:
           - vuls-data-raw-epss
           - vuls-data-raw-erlang-ghsa
           - vuls-data-raw-erlang-osv
+          # - vuls-data-raw-enisa-euvd-detail
+          - vuls-data-raw-enisa-euvd-list
           - vuls-data-raw-exploit-exploitdb
           - vuls-data-raw-exploit-github
           - vuls-data-raw-exploit-inthewild
diff --git a/.github/workflows/backup-weekly.yml b/.github/workflows/backup-weekly.yml
@@ -77,6 +77,8 @@ jobs:
           - vuls-data-raw-epss
           - vuls-data-raw-erlang-ghsa
           - vuls-data-raw-erlang-osv
+          # - vuls-data-raw-enisa-euvd-detail
+          - vuls-data-raw-enisa-euvd-list
           - vuls-data-raw-exploit-exploitdb
           - vuls-data-raw-exploit-github
           - vuls-data-raw-exploit-inthewild
diff --git a/.github/workflows/fetch-all.yml b/.github/workflows/fetch-all.yml
@@ -172,38 +172,39 @@ jobs:
     with:
       target: ${{ matrix.target }}
 
-  fetch-nvd-api:
+  fetch-cisco-json:
+    name: Fetch vuls-data-raw-cisco-json
+    uses: ./.github/workflows/fetch-cisco-json.yml
+    secrets:
+      CISCO_CLIENT_KEY: ${{ secrets.CISCO_CLIENT_KEY }}
+      CISCO_CLIENT_SECRET: ${{ secrets.CISCO_CLIENT_SECRET }}
+
+  fetch-cisco-cvrf-or-csaf:
     name: Fetch vuls-data-raw-${{ matrix.target }}
+    if: ${{ success() || failure() }}
+    needs: fetch-cisco-json
     strategy:
       fail-fast: false
-      max-parallel: 1
       matrix:
         target:
-          - "nvd-api-cve"
-          - "nvd-api-cpe"
-          - "nvd-api-cpematch"
-    uses: ./.github/workflows/fetch-nvd-api.yml
+          - "cisco-cvrf"
+          - "cisco-csaf"
+    uses: ./.github/workflows/fetch-cisco-cvrf-or-csaf.yml
     with:
       target: ${{ matrix.target }}
-    secrets:
-      NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
 
-  fetch-redhat-package-manifest:
-    name: Fetch vuls-data-raw-redhat-package-manifest
-    uses: ./.github/workflows/fetch-redhat-package-manifest.yml
+  fetch-epss:
+    name: Fetch vuls-data-raw-epss
+    uses: ./.github/workflows/fetch-epss.yml
 
-  fetch-msuc:
-    name: Fetch vuls-data-raw-microsoft-msuc
-    uses: ./.github/workflows/fetch-msuc.yml
+  fetch-enisa-euvd-list:
+    name: Fetch vuls-data-raw-enisa-euvd-list
+    uses: ./.github/workflows/fetch-enisa-euvd-list.yml
 
   fetch-fedora:
     name: Fetch vuls-data-raw-fedora
     uses: ./.github/workflows/fetch-fedora.yml
 
-  fetch-epss:
-    name: Fetch vuls-data-raw-epss
-    uses: ./.github/workflows/fetch-epss.yml
-
   fetch-fortinet-csaf:
     name: Fetch vuls-data-raw-fortinet-csaf
     uses: ./.github/workflows/fetch-fortinet-csaf.yml
@@ -212,41 +213,25 @@ jobs:
     name: Fetch vuls-data-raw-fortinet-cvrf
     uses: ./.github/workflows/fetch-fortinet-cvrf.yml
 
-  fetch-vulncheck:
-    name: Fetch vuls-data-raw-${{ matrix.target }}
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - "vulncheck-kev"
-          - "vulncheck-nist-nvd"
-          - "vulncheck-nist-nvd2"
-    uses: ./.github/workflows/fetch-vulncheck.yml
-    with:
-      target: ${{ matrix.target }}
-    secrets:
-      VULNCHECK_API_KEY: ${{ secrets.VULNCHECK_API_KEY }}
-
-  fetch-cisco-json:
-    name: Fetch vuls-data-raw-cisco-json
-    uses: ./.github/workflows/fetch-cisco-json.yml
-    secrets:
-      CISCO_CLIENT_KEY: ${{ secrets.CISCO_CLIENT_KEY }}
-      CISCO_CLIENT_SECRET: ${{ secrets.CISCO_CLIENT_SECRET }}
+  fetch-msuc:
+    name: Fetch vuls-data-raw-microsoft-msuc
+    uses: ./.github/workflows/fetch-msuc.yml
 
-  fetch-cisco-cvrf-or-csaf:
+  fetch-nvd-api:
     name: Fetch vuls-data-raw-${{ matrix.target }}
-    if: ${{ success() || failure() }}
-    needs: fetch-cisco-json
     strategy:
       fail-fast: false
+      max-parallel: 1
       matrix:
         target:
-          - "cisco-cvrf"
-          - "cisco-csaf"
-    uses: ./.github/workflows/fetch-cisco-cvrf-or-csaf.yml
+          - "nvd-api-cve"
+          - "nvd-api-cpe"
+          - "nvd-api-cpematch"
+    uses: ./.github/workflows/fetch-nvd-api.yml
     with:
       target: ${{ matrix.target }}
+    secrets:
+      NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
 
   fetch-paloalto-json-or-csaf:
     name: Fetch vuls-data-raw-${{ matrix.target }}
@@ -262,6 +247,10 @@ jobs:
     with:
       target: ${{ matrix.target }}
 
+  fetch-redhat-package-manifest:
+    name: Fetch vuls-data-raw-redhat-package-manifest
+    uses: ./.github/workflows/fetch-redhat-package-manifest.yml
+
   fetch-variot:
     name: Fetch vuls-data-raw-${{ matrix.target }}
     strategy:
@@ -276,23 +265,40 @@ jobs:
     secrets:
       VARIOT_API_KEY: ${{ secrets.VARIOT_API_KEY }}
 
+  fetch-vulncheck:
+    name: Fetch vuls-data-raw-${{ matrix.target }}
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - "vulncheck-kev"
+          - "vulncheck-nist-nvd"
+          - "vulncheck-nist-nvd2"
+    uses: ./.github/workflows/fetch-vulncheck.yml
+    with:
+      target: ${{ matrix.target }}
+    secrets:
+      VULNCHECK_API_KEY: ${{ secrets.VULNCHECK_API_KEY }}
+
   check:
     name: Decide whether to Git GC
     if: ${{ success() || failure() }}
     needs:
       [
         fetch-main,
-        fetch-nvd-api,
-        fetch-msuc,
-        fetch-fedora,
+        fetch-cisco-json,
+        fetch-cisco-cvrf-or-csaf,
         fetch-epss,
+        fetch-euvd,
+        fetch-fedora,
         fetch-fortinet-csaf,
         fetch-fortinet-cvrf,
-        fetch-vulncheck,
-        fetch-cisco-json,
-        fetch-cisco-cvrf-or-csaf,
+        fetch-nvd-api,
+        fetch-msuc,
         fetch-paloalto-json-or-csaf,
+        fetch-redhat-package-manifest,
         fetch-variot,
+        fetch-vulncheck,
       ]
     runs-on: ubuntu-latest
     outputs:
diff --git a/.github/workflows/fetch-enisa-euvd-list.yml b/.github/workflows/fetch-enisa-euvd-list.yml
@@ -0,0 +1,101 @@
+name: Fetch EUVD List
+
+on:
+  workflow_call:
+  workflow_dispatch:
+    inputs:
+      fetch_signle:
+        description: "Fetch EUVD list with signle thread"
+        required: true
+        default: false
+        type: boolean
+
+jobs:
+  check:
+    name: Decide whether to fetch signle
+    runs-on: ubuntu-latest
+    outputs:
+      do_fetch_signle: ${{ steps.check.outputs.fetch_signle }}
+    steps:
+      - name: Check if fetch_signle
+        id: check
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            echo "fetch_signle=${{ inputs.fetch_signle }}" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          if [[ $(( ${{ github.run_number }} % 15 )) -eq 0 ]]; then
+            echo "fetch_signle=true" >> $GITHUB_OUTPUT
+          fi
+
+  fetch:
+    name: Fetch vuls-data-raw-enisa-euvd-list
+    runs-on: ubuntu-latest
+    needs: check
+    steps:
+      - name: Maximize build space
+        uses: easimon/maximize-build-space@v10
+        with:
+          root-reserve-mb: 32768
+          remove-dotnet: "true"
+          remove-android: "true"
+          remove-haskell: "true"
+          remove-codeql: "true"
+          remove-docker-images: "true"
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v5
+        with:
+          repository: MaineK00n/vuls-data-update
+          ref: main
+
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: "go.mod"
+
+      - name: Install vuls-data-update
+        run: go install ./cmd/vuls-data-update
+
+      - name: Pull ghcr.io/${{ github.repository }}:vuls-data-raw-enisa-euvd-list
+        run: vuls-data-update dotgit pull --dir . --checkout main ghcr.io/${{ github.repository }}:vuls-data-raw-enisa-euvd-list
+
+      - name: Fetch with single thread
+        if: ${{ needs.check.outputs.do_fetch_signle == 'true' }}
+        run: vuls-data-update fetch enisa-euvd-list --dir ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list --concurrency 1
+
+      - name: Fetch
+        if: ${{ needs.check.outputs.do_fetch_signle != 'true' }}
+        run: vuls-data-update fetch enisa-euvd-list --dir ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list
+
+      - name: Restore
+        if: ${{ needs.check.outputs.do_fetch_signle != 'true' }}
+        run: |
+          deleted=$(git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list ls-files --deleted)
+          if [[ -n ${deleted} ]]; then
+            git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list restore ${deleted}
+          fi
+
+      - name: Set Git config
+        run: |
+          if git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list remote | grep -q "^origin$"; then
+            git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list remote set-url origin ghcr.io/${{ github.repository }}:vuls-data-raw-enisa-euvd-list
+          else
+            git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list remote add origin ghcr.io/${{ github.repository }}:vuls-data-raw-enisa-euvd-list
+          fi
+          git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list config user.email "action@github.com"
+          git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list config user.name "GitHub Action"
+
+      - name: Commit
+        run: |
+          if [[ -n $(git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list status --porcelain) ]]; then
+            git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list add .
+            git -C ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list commit -m "update" -m "GitHub Actions: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ job.check_run_id }}"
+          fi
+
+      - name: Create dotgit tarball
+        run: vuls-data-update dotgit compress ghcr.io/${{ github.repository }}/vuls-data-raw-enisa-euvd-list
+
+      - name: Push ghcr.io/${{ github.repository }}:vuls-data-raw-enisa-euvd-list
+        run: vuls-data-update dotgit registry push --force --token ${{ secrets.GITHUB_TOKEN }} ghcr.io/${{ github.repository }}:vuls-data-raw-enisa-euvd-list vuls-data-raw-enisa-euvd-list.tar.zst
diff --git a/.github/workflows/gc-raw.yml b/.github/workflows/gc-raw.yml
@@ -132,6 +132,12 @@ jobs:
           - tag: vuls-data-raw-erlang-osv
             pack-threads: 2
             pack-windowMemory: 4g
+          # - tag: vuls-data-raw-enisa-euvd-detail
+          #   pack-threads: 2
+          #   pack-windowMemory: 4g
+          - tag: vuls-data-raw-enisa-euvd-list
+            pack-threads: 2
+            pack-windowMemory: 4g
           - tag: vuls-data-raw-exploit-exploitdb
             pack-threads: 2
             pack-windowMemory: 4g
diff --git a/.github/workflows/gc.yml b/.github/workflows/gc.yml
@@ -94,6 +94,8 @@ on:
           - vuls-data-raw-epss
           - vuls-data-raw-erlang-ghsa
           - vuls-data-raw-erlang-osv
+          # - vuls-data-raw-enisa-euvd-detail
+          - vuls-data-raw-enisa-euvd-list
           - vuls-data-raw-exploit-exploitdb
           - vuls-data-raw-exploit-github
           - vuls-data-raw-exploit-inthewild
diff --git a/.github/workflows/restore-all.yml b/.github/workflows/restore-all.yml
@@ -85,6 +85,8 @@ jobs:
           - vuls-data-raw-epss
           - vuls-data-raw-erlang-ghsa
           - vuls-data-raw-erlang-osv
+          # - vuls-data-raw-enisa-euvd-detail
+          - vuls-data-raw-enisa-euvd-list
           - vuls-data-raw-exploit-exploitdb
           - vuls-data-raw-exploit-github
           - vuls-data-raw-exploit-inthewild
