Skip to content

Build and Upload vdb6 #369

Build and Upload vdb6

Build and Upload vdb6 #369

Workflow file for this run

name: Build and Upload vdb6
on:
schedule:
- cron: "0 */6 * * *"
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAME: appthreat/vdb
jobs:
app_builder:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: AppThreat/vulnerability-db
path: vulnerability-db
ref: "v6.2.3"
- uses: actions/checkout@v4
with:
repository: AppThreat/vuln-list
path: vuln-list
fetch-depth: "1"
sparse-checkout: |
nvd/2018
nvd/2019
nvd/2020
nvd/2021
nvd/2022
nvd/2023
nvd/2024
- uses: oras-project/setup-oras@v1
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine build
cd vulnerability-db && pip install ".[dev]"
- name: Build and upload app db - 2018
run: |
mkdir vdb_data vdb_cache
ls ./vuln-list/ ./vuln-list/nvd/
zip -q -r vuln-list.zip ./vuln-list/
mv vuln-list.zip vdb_cache/
rm -rf ./vuln-list/
python vulnerability-db/vdb/cli.py --cache-os
ls -lh vdb_data
ls -lh vdb_cache
cd vdb_data
zstd --ultra data.index.vdb6
zstd --ultra data.vdb6
tar -cvJf data.vdb6.tar.xz data.vdb6
tar -cvJf data.index.vdb6.tar.xz data.index.vdb6
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/appthreat/vdbzst-app:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
oras push ghcr.io/appthreat/vdbxz-app:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
# echo $CODEBERG_TOKEN | oras login codeberg.org -u $CODEBERG_USERNAME --password-stdin
# oras push codeberg.org/appthreat/vdbzst-app:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
# ./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
# oras push codeberg.org/appthreat/vdbxz-app:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
# ./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEBERG_TOKEN: ${{ secrets.CODEBERG_DEPLOY }}
PYTHONPATH: vulnerability-db
VDB_HOME: vdb_data
VDB_CACHE: vdb_cache
GITHUB_PAGE_COUNT: 30
NVD_START_YEAR: 2018
GITHUB_USERNAME: ${{ github.actor }}
CODEBERG_USERNAME: appthreat
VDB_METADATA_APP_ONLY: true
VDB_IGNORE_ALMALINUX: true
VDB_IGNORE_ALPINE: true
VDB_IGNORE_DEBIAN: true
VDB_IGNORE_ROCKYLINUX: true
continue-on-error: true
app_10y_builder:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: AppThreat/vulnerability-db
path: vulnerability-db
ref: "v6.2.3"
- uses: actions/checkout@v4
with:
repository: AppThreat/vuln-list
path: vuln-list
fetch-depth: "1"
sparse-checkout: |
nvd/2014
nvd/2015
nvd/2016
nvd/2017
nvd/2018
nvd/2019
nvd/2020
nvd/2021
nvd/2022
nvd/2023
nvd/2024
- uses: oras-project/setup-oras@v1
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine build
cd vulnerability-db && pip install ".[dev]"
- name: Build and upload app db - 2018
run: |
mkdir vdb_data vdb_cache
ls ./vuln-list/ ./vuln-list/nvd/
zip -q -r vuln-list.zip ./vuln-list/
mv vuln-list.zip vdb_cache/
rm -rf ./vuln-list/
python vulnerability-db/vdb/cli.py --cache-os
ls -lh vdb_data
ls -lh vdb_cache
cd vdb_data
zstd --ultra data.index.vdb6
zstd --ultra data.vdb6
tar -cvJf data.vdb6.tar.xz data.vdb6
tar -cvJf data.index.vdb6.tar.xz data.index.vdb6
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/appthreat/vdbzst-app-10y:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
oras push ghcr.io/appthreat/vdbxz-app-10y:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
# echo $CODEBERG_TOKEN | oras login codeberg.org -u $CODEBERG_USERNAME --password-stdin
# oras push codeberg.org/appthreat/vdbzst-app-10y:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
# ./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
# oras push codeberg.org/appthreat/vdbxz-app-10y:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
# ./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEBERG_TOKEN: ${{ secrets.CODEBERG_DEPLOY }}
PYTHONPATH: vulnerability-db
VDB_HOME: vdb_data
VDB_CACHE: vdb_cache
GITHUB_PAGE_COUNT: 30
NVD_START_YEAR: 2018
GITHUB_USERNAME: ${{ github.actor }}
CODEBERG_USERNAME: appthreat
VDB_METADATA_APP_ONLY: true
VDB_IGNORE_ALMALINUX: true
VDB_IGNORE_ALPINE: true
VDB_IGNORE_DEBIAN: true
VDB_IGNORE_ROCKYLINUX: true
continue-on-error: true
builder:
runs-on: [self-hosted, arm64]
permissions:
contents: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: AppThreat/vulnerability-db
path: vulnerability-db
ref: "v6.2.3"
- uses: actions/checkout@v4
with:
repository: AppThreat/vuln-list
path: vuln-list
fetch-depth: "1"
- uses: oras-project/setup-oras@v1
- name: Install dependencies
run: |
python3 -m pip config set global.break-system-packages true
cd vulnerability-db && python3 -m pip install ".[dev]" --no-warn-script-location
- name: Build and upload db - 2018
run: |
mkdir vdb_data vdb_cache
rm -rf ./vuln-list/kevc ./vuln-list/mariner ./vuln-list/cvrf/suse/suse
zip -q -r vuln-list.zip ./vuln-list/
mv vuln-list.zip vdb_cache/
rm -rf ./vuln-list/
python3 vulnerability-db/vdb/cli.py --cache-os
ls -lh vdb_data
ls -lh vdb_cache
cd vdb_data
zstd --ultra data.index.vdb6
zstd --ultra data.vdb6
tar -cvJf data.vdb6.tar.xz data.vdb6
tar -cvJf data.index.vdb6.tar.xz data.index.vdb6
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/appthreat/vdbzst:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
oras push ghcr.io/appthreat/vdbxz:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
# echo $CODEBERG_TOKEN | oras login codeberg.org -u $CODEBERG_USERNAME --password-stdin
# oras push codeberg.org/appthreat/vdbzst:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
# ./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
# oras push codeberg.org/appthreat/vdbxz:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
# ./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEBERG_TOKEN: ${{ secrets.CODEBERG_DEPLOY }}
PYTHONPATH: vulnerability-db
VDB_HOME: vdb_data
VDB_CACHE: vdb_cache
GITHUB_PAGE_COUNT: 10
NVD_START_YEAR: 2018
GITHUB_USERNAME: ${{ github.actor }}
CODEBERG_USERNAME: appthreat
- uses: actions/checkout@v4
with:
repository: AppThreat/vuln-list
path: vuln-list2
fetch-depth: "1"
- name: Build and upload db - 2014
run: |
cd $GITHUB_WORKSPACE
rm -rf vdb_data vdb_cache
mkdir vdb_data vdb_cache
rm -rf ./vuln-list/kevc ./vuln-list/mariner ./vuln-list/cvrf/suse/suse
zip -q -r vuln-list.zip ./vuln-list2/
mv vuln-list.zip vdb_cache/
rm -rf ./vuln-list2/
python3 vulnerability-db/vdb/cli.py --cache-os
ls -lh vdb_data
ls -lh vdb_cache
cd vdb_data
zstd --ultra data.index.vdb6
zstd --ultra data.vdb6
tar -cvJf data.vdb6.tar.xz data.vdb6
tar -cvJf data.index.vdb6.tar.xz data.index.vdb6
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/appthreat/vdbzst-10y:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
oras push ghcr.io/appthreat/vdbxz-10y:v6 \
--artifact-type application/vnd.oras.config.v1+json \
./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
# echo $CODEBERG_TOKEN | oras login codeberg.org -u $CODEBERG_USERNAME --password-stdin
# oras push codeberg.org/appthreat/vdbzst-10y:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst \
# ./data.index.vdb6.zst:application/vnd.appthreat.vdb.layer.v1+zst
# oras push codeberg.org/appthreat/vdbxz-10y:v6 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./vdb.meta:application/vnd.appthreat.vdb.config.v1+json \
# ./data.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
# ./data.index.vdb6.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CODEBERG_TOKEN: ${{ secrets.CODEBERG_DEPLOY }}
PYTHONPATH: vulnerability-db
VDB_HOME: vdb_data
VDB_CACHE: vdb_cache
GITHUB_PAGE_COUNT: 20
NVD_START_YEAR: 2014
GITHUB_USERNAME: ${{ github.actor }}
CODEBERG_USERNAME: appthreat