Skip to content

Build and Upload app only vdb5 #170

Build and Upload app only vdb5

Build and Upload app only vdb5 #170

name: Build and Upload app only vdb5
on:
schedule:
- cron: "0 */6 * * *"
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAME: appthreat/vdb
jobs:
builder:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: AppThreat/vulnerability-db
path: vulnerability-db
ref: 'v5.8.1'
- uses: actions/checkout@v4
with:
repository: AppThreat/vuln-list
path: vuln-list
fetch-depth: "1"
sparse-checkout: |
nvd/2018
nvd/2019
nvd/2020
nvd/2021
nvd/2022
nvd/2023
nvd/2024
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: setup nydus
run: |
curl -LO https://github.com/dragonflyoss/nydus/releases/download/v2.2.4/nydus-static-v2.2.4-linux-amd64.tgz
tar -xvf nydus-static-v2.2.4-linux-amd64.tgz
chmod +x nydus-static/*
mv nydus-static/* /usr/local/bin/
rm -rf nydus-static-v2.2.4-linux-amd64.tgz nydus-static
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine build
cd vulnerability-db && pip install ".[dev]"
- name: Build and upload db - 2018
run: |
mkdir vdb_data vdb_cache rafs_out
rm -rf ./vuln-list/kevc ./vuln-list/mariner ./vuln-list/cvrf/suse/suse
zip -q -r vuln-list.zip ./vuln-list/
mv vuln-list.zip vdb_cache/
rm -rf ./vuln-list/
python vulnerability-db/vdb/cli.py --cache-os
ls -lh vdb_data
ls -lh vdb_cache
cd vdb_data
tar -cvzf data.vdb5.tar.gz data.vdb5
tar -cvzf data.index.vdb5.tar.gz data.index.vdb5
tar -cvJf data.vdb5.tar.xz data.vdb5
tar -cvJf data.index.vdb5.tar.xz data.index.vdb5
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/appthreat/vdb-app:v5 \
--artifact-type application/vnd.oras.config.v1+json \
./data.vdb5:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb5:application/vnd.appthreat.vdb.layer.v1+tar
oras push ghcr.io/appthreat/vdbgz-app:v5 \
--artifact-type application/vnd.oras.config.v1+json \
./data.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar
oras push ghcr.io/appthreat/vdbxz-app:v5 \
--artifact-type application/vnd.oras.config.v1+json \
./data.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
cd ..
nydus-image create -t dir-rafs --blob-id appthreat-vdb-v5 --blob rafs_out/data.rafs --bootstrap rafs_out/meta.rafs vdb_data --repeatable
cd rafs_out
oras push ghcr.io/appthreat/vdb-app:v5-rafs \
--artifact-type application/vnd.oras.config.v1+json \
./data.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar \
./meta.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PYTHONPATH: vulnerability-db
VDB_HOME: vdb_data
VDB_CACHE: vdb_cache
GITHUB_PAGE_COUNT: 10
NVD_START_YEAR: 2018
GITHUB_USERNAME: ${{ github.actor }}
OSV_EXCLUDE_MALWARE: true
VDB_IGNORE_ALMALINUX: true
VDB_IGNORE_ALPINE: true
VDB_IGNORE_DEBIAN: true
VDB_IGNORE_ROCKYLINUX: true
- uses: actions/checkout@v4
with:
repository: AppThreat/vuln-list
path: vuln-list2
fetch-depth: "1"
sparse-checkout: |
nvd/2014
nvd/2015
nvd/2016
nvd/2017
nvd/2018
nvd/2019
nvd/2020
nvd/2021
nvd/2022
nvd/2023
nvd/2024
- name: Build and upload db - 2014
run: |
cd $GITHUB_WORKSPACE
rm -rf vdb_data vdb_cache rafs_out
mkdir vdb_data vdb_cache rafs_out
rm -rf ./vuln-list2/kevc ./vuln-list2/mariner ./vuln-list2/cvrf/suse/suse
zip -q -r vuln-list.zip ./vuln-list2/
mv vuln-list.zip vdb_cache/
rm -rf ./vuln-list2/
python vulnerability-db/vdb/cli.py --cache-os
ls -lh vdb_data
ls -lh vdb_cache
cd vdb_data
tar -cvzf data.vdb5.tar.gz data.vdb5
tar -cvzf data.index.vdb5.tar.gz data.index.vdb5
tar -cvJf data.vdb5.tar.xz data.vdb5
tar -cvJf data.index.vdb5.tar.xz data.index.vdb5
echo $GITHUB_TOKEN | oras login ghcr.io -u $GITHUB_USERNAME --password-stdin
oras push ghcr.io/appthreat/vdb-app-10y:v5 \
--artifact-type application/vnd.oras.config.v1+json \
./data.vdb5:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb5:application/vnd.appthreat.vdb.layer.v1+tar
oras push ghcr.io/appthreat/vdbgz-app-10y:v5 \
--artifact-type application/vnd.oras.config.v1+json \
./data.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb5.tar.gz:application/vnd.appthreat.vdb.layer.v1+tar
oras push ghcr.io/appthreat/vdbxz-app-10y:v5 \
--artifact-type application/vnd.oras.config.v1+json \
./data.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar \
./data.index.vdb5.tar.xz:application/vnd.appthreat.vdb.layer.v1+tar
cd ..
nydus-image create -t dir-rafs --blob-id appthreat-vdb-10y-v5 --blob rafs_out/data.rafs --bootstrap rafs_out/meta.rafs vdb_data --repeatable
cd rafs_out
oras push ghcr.io/appthreat/vdb-app-10y:v5-rafs \
--artifact-type application/vnd.oras.config.v1+json \
./data.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar \
./meta.rafs:application/vnd.appthreat.vdb-rafs.layer.v1+tar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PYTHONPATH: vulnerability-db
VDB_HOME: vdb_data
VDB_CACHE: vdb_cache
GITHUB_PAGE_COUNT: 20
NVD_START_YEAR: 2014
GITHUB_USERNAME: ${{ github.actor }}
OSV_EXCLUDE_MALWARE: true
VDB_IGNORE_ALMALINUX: true
VDB_IGNORE_ALPINE: true
VDB_IGNORE_DEBIAN: true
VDB_IGNORE_ROCKYLINUX: true
# - name: Release public ecr
# run: |
# cd vdb_data
# aws ecr-public get-login-password --region us-east-1 | oras login -u AWS --password-stdin public.ecr.aws
# oras push public.ecr.aws/appthreat/vdb:v5 \
# --artifact-type application/vnd.oras.config.v1+json \
# ./data.vdb5:application/vnd.appthreat.vdb.layer.v1+tar \
# ./data.index.vdb5:application/vnd.appthreat.vdb.layer.v1+tar
# env:
# REGISTRY: public.ecr.aws
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}