-
Notifications
You must be signed in to change notification settings - Fork 5
44 lines (42 loc) · 1.61 KB
/
add-index-exclusion.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: AddOssIndexExclusion
on:
workflow_dispatch:
inputs:
exclusion:
description: 'Vulnerability to exclude'
required: true
type: string
permissions: read-all
jobs:
build:
name: Add OSS Index Exclusion action
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
token: ${{ secrets.PUBLISH_KEY }}
- name: Add exclusion
run: |
echo "${{ github.event.inputs.exclusion }}" >> config/ossindex/exclusions.txt
- name: Create git branch
run: |
git config --global user.name 'Esta Nagy'
git config --global user.email '[email protected]'
git checkout -b feature/exclude-vulnerability-run-${{ github.run_number }}
git add config/ossindex/exclusions.txt
git commit -asm "Excluding vulnerability ${{ github.event.inputs.exclusion }} {patch}"
git push -f --set-upstream origin feature/exclude-vulnerability-run-${{ github.run_number }}
- name: Create PR
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.PUBLISH_KEY }}
script: |
github.rest.pulls.create({
owner: "${{ github.repository_owner }}",
repo: "lowkey-vault",
head: "feature/exclude-vulnerability-run-${{ github.run_number }}",
base: "main",
title: "Excluding vulnerability ${{ github.event.inputs.exclusion }} {patch}"
});