Allocate Security Identifiers #886
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Allocate Security Identifiers" | |
| on: | |
| workflow_dispatch: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '15 3 * * MON-FRI' | |
| concurrency: | |
| group: allocate-security-identifiers | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| allocate-security-identifiers: | |
| name: "Allocate Security Identifiers" | |
| runs-on: runs-on=${{ github.run_id }}/runner=medium-arm | |
| container: | |
| image: python:3.14-alpine | |
| permissions: | |
| contents: write | |
| environment: | |
| name: allocation | |
| if: github.repository == 'anchore/security-identifiers' # only run for main repo | |
| steps: | |
| - name: Install OS dependencies | |
| run: apk add --no-cache git openssh taplo sqlite tar zstd curl oras-cli bash date grype | |
| - name: Configure git | |
| run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - name: Install python dependencies | |
| run: pip install git+https://github.com/anchore/security-cli | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 | |
| with: | |
| ssh-key: ${{ secrets.DEPLOY_KEY }} | |
| persist-credentials: true | |
| - name: Allocate security identifiers | |
| # We run the allocation step without validation because we want to separate resolving duplicates | |
| # from mass id allocation to make the change history more useful | |
| run: anchore-security-cli id allocate --data-path data --no-validate | |
| - name: Format TOML files | |
| run: taplo format | |
| - name: Commit allocations | |
| run: | | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git config user.name "github-actions[bot]" | |
| ./scripts/commit.sh | |
| - name: Resolve duplicates | |
| run: anchore-security-cli id consolidate --data-path data --validate | |
| - name: Format TOML files again | |
| run: taplo format | |
| - name: Commit resolved duplicates | |
| run: | | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git config user.name "github-actions[bot]" | |
| git add . | |
| git diff-index --quiet HEAD || git commit --message "resolve duplicates" | |
| - name: Validate TOML schema | |
| run: taplo validate --schema file:${PWD}/schema/0.1.0.schema.json | |
| - name: Validate TOML formatting | |
| run: taplo format --check | |
| - name: Push changes | |
| run: | | |
| git push |