Audit Auto-update #449
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Audit Auto-update | |
on: | |
schedule: | |
# runs every day at 3:23 AM UTC | |
- cron: '23 3 * * *' | |
workflow_dispatch: | |
jobs: | |
audit_update: | |
name: "Auto-Update Audit Patches" | |
permissions: | |
contents: write | |
pull-requests: write | |
runs-on: ubuntu-24.04 | |
defaults: | |
run: | |
working-directory: ${{ github.workspace }}/source/tools/auditupdate | |
steps: | |
- name: Fetch Audit Repository | |
uses: actions/checkout@v4 | |
with: | |
path: ./source | |
fetch-depth: 0 | |
- name: Setup Environment Configuration | |
uses: ./source/.github/actions/setup-environment | |
with: | |
env_file: ./source/config/botan.env | |
- name: Fetch Botan Repository | |
uses: actions/checkout@v4 | |
with: | |
path: ./botan | |
repository: ${{ env.BOTAN_REPO }} | |
fetch-depth: 0 | |
- name: Handle the Audit Generator Cache | |
uses: actions/cache@v4 | |
with: | |
path: ./auditupdate_cache | |
key: auditupdate_3.1-${{ github.run_id }} | |
restore-keys: auditupdate_3.1 | |
- name: Install Dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get -qq install python3-poetry | |
poetry install --no-dev | |
- name: Install GitHub webflow GPG public key | |
run: gpg --trusted-key 4AEE18F83AFDEB23 --import ${{ github.workspace }}/source/.github/resources/web-flow.gpg | |
- name: Set Committer Identity | |
run: | | |
git config user.name "Audit Update Bot" | |
git config user.email "[email protected]" | |
- name: Check for Patches | |
run: poetry run python3 -m auditupdate.cli ${{ github.workspace }}/source/docs/audit_report/changes | |
env: | |
AUDIT_CACHE_LOCATION: ${{ github.workspace }}/auditupdate_cache | |
AUDIT_REPO_LOCATION: ${{ github.workspace }}/botan | |
BASIC_GH_TOKEN: ${{ github.token }} | |