From 9d0f12b034b563fe62f4bea1de030825bf94684e Mon Sep 17 00:00:00 2001
From: Bruno Verachten <gounthar@gmail.com>
Date: Wed, 8 Jan 2025 21:30:45 +0100
Subject: [PATCH] chore(updatecli): Update the expiration date in security.txt
 when approaching it. (#7793)

* chore(updatecli): Update the expiration date in security.txt when approaching it.

* WiP

* fix(updatecli): Uses the right regexp.
---
 updatecli/scripts/update-security-txt.sh      | 22 ++++++++++
 .../updatecli.d/update-security-txt.yaml      | 42 +++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 updatecli/scripts/update-security-txt.sh
 create mode 100644 updatecli/updatecli.d/update-security-txt.yaml

diff --git a/updatecli/scripts/update-security-txt.sh b/updatecli/scripts/update-security-txt.sh
new file mode 100644
index 000000000000..6b3e307ed0d3
--- /dev/null
+++ b/updatecli/scripts/update-security-txt.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Read the date after "Expires:"
+expires_date=$(grep -oP 'Expires: \K.*' content/.well-known/security.txt)
+
+# Convert the expires date to seconds since epoch
+expires_epoch=$(date -d "$expires_date" +%s)
+
+# Get the current date in seconds since epoch
+current_epoch=$(date +%s)
+
+# Calculate the difference in seconds (30 days * 24 hours * 60 minutes * 60 seconds)
+one_month_seconds=$((30 * 24 * 60 * 60))
+
+# Check if the current date is less than one month close to the expires date
+if (( current_epoch + one_month_seconds >= expires_epoch )); then
+  # Add one year to the expires date
+  new_expires_date=$(date -u -d "$expires_date + 1 year" +%Y-%m-%dT%H:%M:%S.000Z)
+  echo "$new_expires_date"
+else
+  echo "$expires_date"
+fi
diff --git a/updatecli/updatecli.d/update-security-txt.yaml b/updatecli/updatecli.d/update-security-txt.yaml
new file mode 100644
index 000000000000..629a265003fc
--- /dev/null
+++ b/updatecli/updatecli.d/update-security-txt.yaml
@@ -0,0 +1,42 @@
+---
+name: Bump the expiration date in content/.well-known/security.txt when approaching the expiry date
+
+scms:
+  default:
+    kind: github
+    spec:
+      user: "{{ .github.user }}"
+      email: "{{ .github.email }}"
+      owner: "{{ .github.owner }}"
+      repository: "{{ .github.repository }}"
+      token: "{{ requiredEnv .github.token }}"
+      username: "{{ .github.username }}"
+      branch: "{{ .github.branch }}"
+
+sources:
+  expirationDate:
+    kind: shell
+    name: "Get Expiration date from security.txt"
+    spec:
+      command: bash ./updatecli/scripts/update-security-txt.sh
+
+targets:
+  updateExpiresDate:
+    kind: file
+    name: "Update Expires date in security.txt"
+    spec:
+      file: content/.well-known/security.txt
+      matchpattern: >-
+        Expires: .*
+      replacepattern: >-
+        Expires: {{ source "expirationDate" }}
+    scmid: default
+
+actions:
+  default:
+    kind: github/pullrequest
+    scmid: default
+    title: "Update Expiration date in security.txt"
+    spec:
+      labels:
+        - chore