Build and Upload app only vdb5 #360
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Upload app only vdb5 | |
on: | |
schedule: | |
- cron: "0 */6 * * *" | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: appthreat/vdb | |
jobs: | |
builder: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/checkout@v4 | |
with: | |
repository: AppThreat/vulnerability-db | |
path: vulnerability-db | |
ref: 'v5.8.2' | |
- uses: actions/checkout@v4 | |
with: | |
repository: AppThreat/vuln-list | |
path: vuln-list | |
fetch-depth: "1" | |
sparse-checkout: | | |
nvd/2018 | |
nvd/2019 | |
nvd/2020 | |
nvd/2021 | |
nvd/2022 | |
nvd/2023 | |
nvd/2024 | |
- uses: oras-project/setup-oras@v1 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Trim CI agent | |
run: | | |
chmod +x contrib/free_disk_space.sh | |
./contrib/free_disk_space.sh | |
- name: setup nydus | |
run: | | |
curl -LO https://github.com/dragonflyoss/nydus/releases/download/v2.2.4/nydus-static-v2.2.4-linux-amd64.tgz | |
tar -xvf nydus-static-v2.2.4-linux-amd64.tgz | |
chmod +x nydus-static/* | |
mv nydus-static/* /usr/local/bin/ | |
rm -rf nydus-static-v2.2.4-linux-amd64.tgz nydus-static | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install setuptools wheel twine build | |
cd vulnerability-db && pip install ".[dev]" | |
- name: Build and upload db - 2018 | |
run: | | |
mkdir vdb_data vdb_cache rafs_out | |
rm -rf ./vuln-list/kevc ./vuln-list/mariner ./vuln-list/cvrf/suse/suse | |
zip -q -r vuln-list.zip ./vuln-list/ | |
mv vuln-list.zip vdb_cache/ | |
rm -rf ./vuln-list/ | |
python vulnerability-db/vdb/cli.py --cache-os | |
ls -lh vdb_data | |
ls -lh vdb_cache | |
cd vdb_data | |
tar -cvzf data.vdb5.tar.gz data.vdb5 | |
tar -cvzf data.index.vdb5.tar.gz data.index.vdb5 | |
tar -cvJf data.vdb5.tar.xz data.vdb5 | |
tar -cvJf data.index.vdb5.tar.xz data.index.vdb5 | |
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
oras push ghcr.io/appthreat/vdb-app:v5 \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.vdb5:application/vnd.appthreat.vdb.layer.v1+tar \ | |
./data.index.vdb5:application/vnd.appthreat.vdb.layer.v1+tar | |
oras push ghcr.io/appthreat/vdbgz-app:v5 \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar \ | |
./data.index.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar | |
oras push ghcr.io/appthreat/vdbxz-app:v5 \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \ | |
./data.index.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar | |
cd .. | |
nydus-image create -t dir-rafs --blob-id appthreat-vdb-v5 --blob rafs_out/data.rafs --bootstrap rafs_out/meta.rafs vdb_data --repeatable | |
cd rafs_out | |
oras push ghcr.io/appthreat/vdb-app:v5-rafs \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar \ | |
./meta.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PYTHONPATH: vulnerability-db | |
VDB_HOME: vdb_data | |
VDB_CACHE: vdb_cache | |
GITHUB_PAGE_COUNT: 10 | |
NVD_START_YEAR: 2018 | |
GITHUB_USERNAME: ${{ github.actor }} | |
OSV_EXCLUDE_MALWARE: true | |
VDB_IGNORE_ALMALINUX: true | |
VDB_IGNORE_ALPINE: true | |
VDB_IGNORE_DEBIAN: true | |
VDB_IGNORE_ROCKYLINUX: true | |
- uses: actions/checkout@v4 | |
with: | |
repository: AppThreat/vuln-list | |
path: vuln-list2 | |
fetch-depth: "1" | |
sparse-checkout: | | |
nvd/2014 | |
nvd/2015 | |
nvd/2016 | |
nvd/2017 | |
nvd/2018 | |
nvd/2019 | |
nvd/2020 | |
nvd/2021 | |
nvd/2022 | |
nvd/2023 | |
nvd/2024 | |
- name: Build and upload db - 2014 | |
run: | | |
cd $GITHUB_WORKSPACE | |
rm -rf vdb_data vdb_cache rafs_out | |
mkdir vdb_data vdb_cache rafs_out | |
rm -rf ./vuln-list2/kevc ./vuln-list2/mariner ./vuln-list2/cvrf/suse/suse | |
zip -q -r vuln-list.zip ./vuln-list2/ | |
mv vuln-list.zip vdb_cache/ | |
rm -rf ./vuln-list2/ | |
python vulnerability-db/vdb/cli.py --cache-os | |
ls -lh vdb_data | |
ls -lh vdb_cache | |
cd vdb_data | |
tar -cvzf data.vdb5.tar.gz data.vdb5 | |
tar -cvzf data.index.vdb5.tar.gz data.index.vdb5 | |
tar -cvJf data.vdb5.tar.xz data.vdb5 | |
tar -cvJf data.index.vdb5.tar.xz data.index.vdb5 | |
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
oras push ghcr.io/appthreat/vdb-app-10y:v5 \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.vdb5:application/vnd.appthreat.vdb.layer.v1+tar \ | |
./data.index.vdb5:application/vnd.appthreat.vdb.layer.v1+tar | |
oras push ghcr.io/appthreat/vdbgz-app-10y:v5 \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar \ | |
./data.index.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar | |
oras push ghcr.io/appthreat/vdbxz-app-10y:v5 \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \ | |
./data.index.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar | |
cd .. | |
nydus-image create -t dir-rafs --blob-id appthreat-vdb-10y-v5 --blob rafs_out/data.rafs --bootstrap rafs_out/meta.rafs vdb_data --repeatable | |
cd rafs_out | |
oras push ghcr.io/appthreat/vdb-app-10y:v5-rafs \ | |
--artifact-type application/vnd.oras.config.v1+json \ | |
./data.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar \ | |
./meta.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PYTHONPATH: vulnerability-db | |
VDB_HOME: vdb_data | |
VDB_CACHE: vdb_cache | |
GITHUB_PAGE_COUNT: 20 | |
NVD_START_YEAR: 2014 | |
GITHUB_USERNAME: ${{ github.actor }} | |
OSV_EXCLUDE_MALWARE: true | |
VDB_IGNORE_ALMALINUX: true | |
VDB_IGNORE_ALPINE: true | |
VDB_IGNORE_DEBIAN: true | |
VDB_IGNORE_ROCKYLINUX: true | |
# - name: Release public ecr | |
# run: | | |
# cd vdb_data | |
# aws ecr-public get-login-password --region us-east-1 | oras login -u AWS --password-stdin public.ecr.aws | |
# oras push public.ecr.aws/appthreat/vdb:v5 \ | |
# --artifact-type application/vnd.oras.config.v1+json \ | |
# ./data.vdb5:application/vnd.appthreat.vdb.layer.v1+tar \ | |
# ./data.index.vdb5:application/vnd.appthreat.vdb.layer.v1+tar | |
# env: | |
# REGISTRY: public.ecr.aws | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} |