Automatically crawl CVEs #26369
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automatically crawl CVEs | |
on: | |
pull_request: | |
branches: | |
- master | |
workflow_dispatch: | |
branches: | |
- master | |
schedule: | |
- cron: '15 * * * *' | |
jobs: | |
build-and-deploy: | |
runs-on: ubuntu-latest | |
# 当仓库隶属组织时,赋予流水线“写权限”以便提交变更 | |
permissions: | |
contents: write | |
steps: | |
- name: Check out repo | |
uses: actions/checkout@v2 | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.8 | |
- uses: actions/cache@v2 | |
name: Configure pip caching | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Install Python dependencies | |
run: | | |
python -m pip install -r requirements.txt | |
- name: Crawl CVEs | |
run: |- | |
python main.py -g "${{ secrets.CRAWL_PWD }}" --gtk ${{ secrets.GRAPAQL_TOKEN }} | |
# 若该时间段没有 CVE, 则 file://cache/mail.dat 文件不会生成,此时不会发送邮件 | |
# - name: Send mail | |
# if: ${{ secrets.CRAWL_PWD != '' && github.event_name != 'pull_request' }} | |
# uses: lyy289065406/action-send-mail@master | |
# with: | |
# server_address: ${{ secrets.MAIL_SMTP }} | |
# server_port: 465 | |
# username: ${{ secrets.MAIL_USER }} | |
# password: ${{ secrets.MAIL_PASS }} | |
# from: ${{ secrets.MAIL_USER }} | |
# to: file://cache/mail_recvs.dat | |
# body: file://cache/mail_content.dat | |
# content_type: text/html | |
# subject: 威胁情报播报 | |
# 如果不希望污染 commit 记录,user.email 和 user.name 随便填即可 | |
# Github Runner 是有权限提交到仓库的,只要 user 不是 owner ,当次 commit 不会被记录 | |
- name: Commit and push Github page (if changed) | |
if: ${{ github.event_name != 'pull_request' }} | |
run: |- | |
git diff | |
git config --global user.email "[email protected]" | |
git config --global user.name "Github-Bot" | |
git add -A | |
git commit -m "Updated by Github Bot" || exit 0 | |
git push origin master | |