-
Notifications
You must be signed in to change notification settings - Fork 15
115 lines (96 loc) · 3.58 KB
/
daily-data-sync.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: 'Daily Data Sync'
on:
# allow for kicking off data syncs manually
workflow_dispatch:
# run 1 AM (UTC) daily
schedule:
- cron: '0 1 * * *'
env:
CGO_ENABLED: "0"
SLACK_NOTIFICATIONS: true
jobs:
discover-providers:
name: "Discover vulnerability providers"
runs-on: ubuntu-20.04
outputs:
providers: ${{ steps.read-providers.outputs.providers }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
python: false
- name: Login to ghcr.io
run: |
echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${{ github.actor }} --password-stdin
- name: Read configured providers
id: read-providers
# TODO: honor CI overrides
run: |
content=`make show-providers`
echo "providers=$content" >> $GITHUB_OUTPUT
update-provider:
name: "Update provider"
needs: discover-providers
runs-on: ubuntu-22.04-4core-16gb
# set the permissions granted to the github token to publish to ghcr.io
permissions:
contents: read
packages: write
strategy:
matrix:
provider: ${{fromJson(needs.discover-providers.outputs.providers)}}
fail-fast: false
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
python: false
- name: Login to ghcr.io
run: |
echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${{ github.actor }} --password-stdin
- name: Download the existing provider state
run: bash -c "make download-provider-cache provider=${{ matrix.provider }} date=latest || true"
- name: Update the provider
run: make refresh-provider-cache provider=${{ matrix.provider }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 #v3.16.2
with:
status: ${{ job.status }}
fields: workflow,eventName
text: Daily Data Sync for ${{ matrix.provider }} failed
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }}
- name: Upload the provider workspace state
# even if the job fails, we want to upload yesterdays cache as todays cache to continue the DB build
if: ${{ always() }}
run: make upload-provider-cache provider=${{ matrix.provider }}
aggregate-cache:
name: "Aggregate provider cache"
runs-on: ubuntu-22.04-4core-16gb
if: ${{ always() }}
needs:
- update-provider
- discover-providers
# set the permissions granted to the github token to read the pull cache from ghcr.io
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: Bootstrap environment
uses: ./.github/actions/bootstrap
with:
python: false
- name: Login to ghcr.io
run: |
echo ${{ secrets.GITHUB_TOKEN }} | oras login ghcr.io --username ${{ github.actor }} --password-stdin
- name: Aggregate vulnerability data
run: make aggregate-all-provider-cache
env:
PROVIDERS_USED: ${{ needs.discover-providers.outputs.providers }}
- name: Upload vulnerability data cache image
run: make upload-all-provider-cache