Skip to content

Changed SCB-BOT PR's token to GitHub PAT #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
malexmave merged 1 commit into from
Nov 3, 2021
Merged

Changed SCB-BOT PR's token to GitHub PAT #792

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 14 additions & 15 deletions .github/workflows/scb-bot.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
name: Check outdated scanners
on:
on:
schedule:
- cron: "15 9 * * *" # Daily at 9:15 (avoids the beginning of the hour congestion)
- cron: "15 9 * * *" # Daily at 9:15 (avoids the beginning of the hour congestion)
jobs:
version-compare:
runs-on: ubuntu-latest
strategy:
matrix:
scanner:
- amass # Scanner that needs to be updated
- amass
- angularjs-csti-scanner
- cmseek
- gitleaks
Expand All @@ -23,12 +23,11 @@ jobs:
- whatweb
- wpscan
- zap
- zap-advanced
# These are commented out for the moment to avoid accidental multiple erroneous PRs
- zap-advanced
# missing scanners are : nmap, nikto, typo3scan
steps:
- uses: actions/checkout@v2

- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v3
with:
Expand All @@ -40,11 +39,11 @@ jobs:
- name: Fetch scanner's version API
uses: mikefarah/yq@v4.4.1
with:
cmd: echo versionApi=$(yq e .versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV
cmd: echo versionApi=$(yq e .versionApi scanners/${{ matrix.scanner }}/Chart.yaml) >> $GITHUB_ENV

- name: Fetch latest release scanner version
run: echo release=$((curl -sL ${{env.versionApi}} ) | jq -r ".tag_name") | tr -d "v" >> $GITHUB_ENV

- name: Fetch local scanner version
uses: mikefarah/yq@v4.4.1
with:
Expand All @@ -59,20 +58,20 @@ jobs:
echo pullRequest=$pullRequestTitle >> $GITHUB_ENV

echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
echo prExists=$(gh pr list --state open --limit 100 | grep -F "$pullRequestTitle" -c) >> $GITHUB_ENV
echo prExists=$(gh pr list --state open --limit 100 | grep -F "$pullRequestTitle" -c) >> $GITHUB_ENV

- name : Upgrade Scanner
if: ${{ env.release != env.local && env.prExists == 0 }}
- name: Upgrade Scanner
if: ${{ env.release != env.local && env.prExists == 0 }}
uses: mikefarah/yq@v4.4.1
with:
# appVersion value in chart is replaced with release value. Empty lines are deleted in the process
# appVersion value in chart is replaced with release value. Empty lines are deleted in the process
cmd: yq e --inplace '.appVersion = "v${{env.release}}"' ./scanners/${{ matrix.scanner }}/Chart.yaml

- name : Create Pull Request
if: ${{ env.release != env.local && env.prExists == 0 }}
- name: Create Pull Request
if: ${{ env.release != env.local && env.prExists == 0 }}
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.SCB_BOT_USER_TOKEN }}
committer: secureCodeBoxBot <securecodebox@iteratec.com>
author: secureCodeBoxBot <securecodebox@iteratec.com>
title: ${{ env.pullRequest }}
Expand Down