Skip to content

Ingest Cloud OSV #23594

Ingest Cloud OSV

Ingest Cloud OSV #23594

Workflow file for this run

name: Ingest Cloud OSV
on:
schedule:
- cron: '*/30 * * * *' # Every hour
workflow_dispatch:
permissions: read-all
jobs:
ingest-osv:
name: Ingest Cloud OSV
continue-on-error: false
runs-on: ubuntu-latest
timeout-minutes: 45 # Don't allow the job to run too long.
permissions:
actions: read
contents: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ secrets.GH_TOKEN }}
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: "1.21"
# gocloud has an issue where it requires an ADC file to work with GCS, even
# for anonymous requests. This change tricks the auth code into succeeding.
- name: GCP Credential Workaround
run: |
echo '{ "type": "service_account" }' > .dummy_adc.json
# Setup v2 credentials for accessing AWS S3 buckets. Each set of credentials
# is given its own profile which is then set in the config using the
# "profile=PROFILENAME" query parameter in the source's bucket URL.
- name: AWS Credentials
run: |
mkdir "$HOME/.aws"
envsubst >"$HOME/.aws/credentials" <<EOF
[reversinglabs]
aws_access_key_id = $RL_AWS_ACCESS_KEY_ID
aws_secret_access_key = $RL_AWS_SECRET_ACCESS_KEY
EOF
echo '[profile reversinglabs]' > "$HOME/.aws/config"
env:
RL_AWS_ACCESS_KEY_ID: ${{ secrets.REVERSINGLABS_AWS_KEY_ID }}
RL_AWS_SECRET_ACCESS_KEY: ${{ secrets.REVERSINGLABS_AWS_KEY_SECRET }}
- name: Ingest OSV
run: |
go run ./cmd/ingest -config config/config.yaml -start-keys config/start-keys.yaml
env:
GOOGLE_APPLICATION_CREDENTIALS: .dummy_adc.json
- name: Prepare commit
run: |
git config user.name github-actions
git config user.email [email protected]
git add osv config/start-keys.yaml
- name: Commit report changes
run: git diff --cached --quiet || git commit -m 'Ingest OSV - Cloud Storage'
- name: Push commit
run: git push