adp #2686

Workflow file for this run

	name: adp

	on:
	schedule:
	- cron: "0 * * * *"

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}

	jobs:
	process-reference-files:
	runs-on: ubuntu-latest

	steps:
	# https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions
	- name: Extract Branch Name and Configure Runner
	shell: bash
	run: \|
	if [ "${GITHUB_REF##*/}" = "adp_test" ]; then
	echo "G_READ_API_KEY=${{ secrets.G_READ_API_KEY }}" >> "$GITHUB_ENV";
	echo "G_WRITE_API_KEY=${{ secrets.G_WRITE_API_KEY }}" >> "$GITHUB_ENV";
	echo "BRANCH_NAME=${GITHUB_REF##*/}" >> "$GITHUB_ENV";
	echo "A_API_KEY=${{ secrets.ADP_TEST_API_KEY }}" >> "$GITHUB_ENV";
	echo "CVE-API-ORG=secretariat-reference" >> "$GITHUB_ENV";
	echo "CVE-API-USER=automated-ingest" >> "$GITHUB_ENV";
	echo "SERVICES_URL=https://cveawg-adp-test.mitre.org/api/cve/" >> "$GITHUB_ENV";
	elif [ "${GITHUB_REF##*/}" = "main" ]; then
	echo "G_READ_API_KEY=${{ secrets.G_READ_API_KEY }}" >> "$GITHUB_ENV";
	echo "G_WRITE_API_KEY=${{ secrets.G_WRITE_API_KEY }}" >> "$GITHUB_ENV";
	echo "BRANCH_NAME=${GITHUB_REF##*/}" >> "$GITHUB_ENV";
	echo "A_API_KEY=${{ secrets.MAIN_API_KEY }}" >> "$GITHUB_ENV";
	echo "CVE-API-ORG=CVE" >> "$GITHUB_ENV";
	echo "CVE-API-USER=reference-ingest" >> "$GITHUB_ENV";
	echo "SERVICES_URL=https://cveawg.mitre.org/api/cve/" >> "$GITHUB_ENV";
	fi

	- name: check_out_contrib1_repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	repository: "CVEProject/cve-reference-ingest-data"
	path: "data-contrib1"

	- name: process_new_files_from_contrib1
	run: \|
	CONTRIBUTOR="contrib1"
	DIR_IN_PRIMARY_REPO="CVEProject/cve-reference-ingest-data"
	CHECKOUT_PATH="data-$CONTRIBUTOR"
	DIRECTORY="references"

	cd $CHECKOUT_PATH
	curl -s -S -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://raw.githubusercontent.com/CVEProject/cve-reference-ingest/${{ env.BRANCH_NAME }}/actions-bin/create-file-via-api.py > create-file-via-api.py
	curl -s -S -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" https://raw.githubusercontent.com/CVEProject/cve-reference-ingest/${{ env.BRANCH_NAME }}/actions-bin/read-file-via-api.py > read-file-via-api.py

	if ! test -e create-file-via-api.py; then
	echo "Failed to copy create-file-via-api.py"
	exit 1
	fi

	if ! test -e read-file-via-api.py; then
	echo "Failed to copy read-file-via-api.py"
	exit 1
	fi

	CURRENT_SHA=$(git rev-parse HEAD)
	PREVIOUS_SHA=$(python read-file-via-api.py $DIR_IN_PRIMARY_REPO last_run_sha)

	if [[ $PREVIOUS_SHA =~ ^[0-9a-f]{40}$ ]]; then
	echo "PREVIOUS_SHA is valid"
	else
	echo "PREVIOUS_SHA is invalid, issue reading from ${DIR_IN_PRIMARY_REPO}, ${PREVIOUS_SHA}"
	exit 1
	fi

	if [ -n "$PREVIOUS_SHA" ]; then
	git diff --name-only --diff-filter=A $PREVIOUS_SHA $CURRENT_SHA $DIRECTORY \| while read REFERENCE_FILE; do
	echo "Processing: $REFERENCE_FILE"
	if ! python create-file-via-api.py $REFERENCE_FILE $CONTRIBUTOR; then
	echo "Unable To process ${REFERENCE_FILE}"
	exit 1
	fi
	done
	fi

	- name: check_out_primary_repository
	uses: actions/checkout@v4
	with:
	ref: ${{ env.BRANCH_NAME }}
	fetch-depth: 0
	repository: "CVEProject/cve-reference-ingest"
	path: "data-primary"

	- name: process_new_files_from_primary
	run: \|
	DIR_IN_PRIMARY_REPO="CVEProject/cve-reference-ingest"
	CHECKOUT_PATH="data-primary"
	DIRECTORY="references"
	pwd
	PRIMARY_LAST_RUN_SHA="last_run_shas/$DIR_IN_PRIMARY_REPO/last_run_sha"

	cd $CHECKOUT_PATH
	CURRENT_SHA=$(git rev-parse HEAD)
	PREVIOUS_SHA=$(cat $PRIMARY_LAST_RUN_SHA)

	if [[ $PREVIOUS_SHA =~ ^[0-9a-f]{40}$ ]]; then
	echo "PREVIOUS_SHA is valid"
	else
	echo "PREVIOUS_SHA is invalid, issue reading from ${DIR_IN_PRIMARY_REPO}"
	exit 1
	fi

	git config user.name "GitHub Action"
	git config user.email "[email protected]"
	git pull

	if [ -n "$PREVIOUS_SHA" ]; then
	git diff --name-only --diff-filter=A $PREVIOUS_SHA $CURRENT_SHA $DIRECTORY \| while read REFERENCE_FILE; do
	echo "Processing: $REFERENCE_FILE"
	if ! python actions-bin/adp.py $CHECKOUT_PATH $DIRECTORY $REFERENCE_FILE; then
	cp $REFERENCE_FILE retry/$REFERENCE_FILE
	git add retry/$REFERENCE_FILE
	git commit -m "Adding failed file to retry folder"
	git push
	if [ $? -ne 0 ]; then
	# The push to the retry folder failed, log the information so it can be recovered from the logs
	echo "git push failed for File: ${REFERENCE_FILE}"
	fi
	fi
	sleep 0.7
	done
	fi

	echo $CURRENT_SHA > $PRIMARY_LAST_RUN_SHA
	git add $PRIMARY_LAST_RUN_SHA

	THIS_CONTRIBUTOR="contrib1"
	THIS_CONTRIBUTOR_REPO="CVEProject/cve-reference-ingest-data"
	CURRENT_SHA_OF_CONTRIBUTOR=$(cd ../data-$THIS_CONTRIBUTOR; git rev-parse HEAD)
	CONTRIBUTOR_LAST_RUN_SHA="last_run_shas/$THIS_CONTRIBUTOR_REPO/last_run_sha"
	echo $CURRENT_SHA_OF_CONTRIBUTOR > $CONTRIBUTOR_LAST_RUN_SHA
	git add $CONTRIBUTOR_LAST_RUN_SHA

	if [ -s .rbp ]; then
	RBP_BASENAME=$(head -1 .rbp)
	RBP_PATHNAME=rbp/$RBP_BASENAME
	git add $RBP_PATHNAME
	fi
	git commit -m "Update last run SHA for primary"
	git push

	- name: attempt_to_process_retry
	if: always()
	run: \|
	DIR_IN_PRIMARY_REPO="CVEProject/cve-reference-ingest"
	CHECKOUT_PATH="data-primary"
	DIRECTORY="retry"

	cd $CHECKOUT_PATH

	git config user.name "GitHub Action"
	git config user.email "[email protected]"

	for file in retry/references/*; do
	if [ -f "$file" ]; then
	echo "Processing: $file"
	if python actions-bin/adp.py $CHECKOUT_PATH $DIRECTORY $file; then
	git rm $file
	git commit -m "Completed Retry of File: ${file}"
	git push
	fi
	fi
	sleep 0.7
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

adp #2686

Workflow file

adp #2686

Jobs

Run details

Workflow file for this run