Update Database #32

Workflow file for this run

.github/workflows/update-database.yml at 337f050

	name: Update Database

	on:
	workflow_dispatch:
	inputs:
	cli-version:
	type: string
	required: true
	default: snapshot
	description: Version of the vuln-db CLI to use.
	database-version:
	type: string
	required: true
	default: snapshot
	description: Database version to build.
	ignore-existing:
	type: boolean
	description: Whether to ignore existing builds of this database version.

	permissions: { }

	concurrency:
	group: ${{ github.workflow }}-${{ inputs.database-version }}
	cancel-in-progress: false

	jobs:
	update-source-databases:
	name: Update source database
	runs-on: ubuntu-latest
	timeout-minutes: 60
	permissions:
	packages: write
	strategy:
	matrix:
	source:
	- github
	- nvd
	- osv
	fail-fast: false
	steps:
	- name: Setup ORAS
	uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d # tag=v1.2.2
	- name: Login to GitHub Container Registry
	run: \|
	echo '${{ secrets.GITHUB_TOKEN }}' \| oras login ghcr.io -u github --password-stdin
	- name: Pull latest database
	run: \|
	oras pull "ghcr.io/${GITHUB_REPOSITORY,,}/source/${{ matrix.source }}:${{ inputs.database-version }}" \
	&& zstd --decompress --rm '${{ matrix.source }}.sqlite.zst' \
	\|\| echo 'No existing database found for source ${{ matrix.source }} and version ${{ inputs.database-version }}'
	- name: Update database
	run: \|
	docker run --rm \
	-e 'GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}' \
	-e 'NVD_TOKEN=${{ secrets.NVD_TOKEN }}' \
	-v "$(pwd):/workspace" \
	-w '/workspace' \
	"ghcr.io/${GITHUB_REPOSITORY,,}:${{ inputs.cli-version }}" \
	import ${{ matrix.source }}
	- name: Compress database
	run: \|
	zstd -16 --rm '${{ matrix.source }}.sqlite'
	- name: Push database
	run: \|
	oras push --verbose \
	"ghcr.io/${GITHUB_REPOSITORY,,}/source/${{ matrix.source }}:${{ inputs.database-version }}" \
	'${{ matrix.source }}.sqlite.zst'

	merge-source-databases:
	name: Merge source databases
	runs-on: ubuntu-latest
	timeout-minutes: 15
	permissions:
	packages: write
	needs:
	- update-source-databases
	steps:
	- name: Setup ORAS
	uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d # tag=v1.2.2
	- name: Login to GitHub Container Registry
	run: \|
	echo '${{ secrets.GITHUB_TOKEN }}' \| oras login ghcr.io -u github --password-stdin
	- name: Download source databases
	run: \|
	for source_name in github nvd osv; do
	oras pull "ghcr.io/${GITHUB_REPOSITORY,,}/source/${source_name}:${{ inputs.database-version }}"
	done
	- name: Decompress source databases
	run: \|
	zstd --decompress --rm *.sqlite.zst
	- name: Merge source databases
	run: \|
	docker run --rm \
	-v "$(pwd):/workspace" \
	-w '/workspace' \
	"ghcr.io/${GITHUB_REPOSITORY,,}:${{ inputs.cli-version }}" \
	merge --output=all.sqlite *.sqlite
	- name: Compress merged database
	run: \|
	zstd -16 --rm 'all.sqlite'
	- name: Push database
	run: \|
	oras push --verbose \
	"ghcr.io/${GITHUB_REPOSITORY,,}/source/all:${{ inputs.database-version }}" \
	'all.sqlite.zst'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Database #32

Workflow file

Update Database #32

Jobs

Run details

Workflow file for this run