Skip to content

Audit Auto-update

Audit Auto-update #433

Workflow file for this run

name: Audit Auto-update
on:
schedule:
# runs every day at 3:23 AM UTC
- cron: '23 3 * * *'
workflow_dispatch:
jobs:
audit_update:
name: "Auto-Update Audit Patches"
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-24.04
defaults:
run:
working-directory: ${{ github.workspace }}/source/tools/auditupdate
steps:
- name: Fetch Audit Repository
uses: actions/checkout@v4
with:
path: ./source
fetch-depth: 0
- name: Setup Environment Configuration
uses: ./source/.github/actions/setup-environment
with:
env_file: ./source/config/botan.env
- name: Fetch Botan Repository
uses: actions/checkout@v4
with:
path: ./botan
repository: ${{ env.BOTAN_REPO }}
fetch-depth: 0
- name: Handle the Audit Generator Cache
uses: actions/cache@v4
with:
path: ./auditupdate_cache
key: auditupdate_3.1-${{ github.run_id }}
restore-keys: auditupdate_3.1
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get -qq install python3-poetry
poetry install --no-dev
- name: Install GitHub webflow GPG public key
run: gpg --trusted-key 4AEE18F83AFDEB23 --import ${{ github.workspace }}/source/.github/resources/web-flow.gpg
- name: Set Committer Identity
run: |
git config user.name "Audit Update Bot"
git config user.email "[email protected]"
- name: Check for Patches
run: poetry run python3 -m auditupdate.cli ${{ github.workspace }}/source/docs/audit_report/changes
env:
AUDIT_CACHE_LOCATION: ${{ github.workspace }}/auditupdate_cache
AUDIT_REPO_LOCATION: ${{ github.workspace }}/botan
BASIC_GH_TOKEN: ${{ github.token }}