Skip to content

Update third-party rules #57

Update third-party rules

Update third-party rules #57

Workflow file for this run

name: Update third-party rules
on:
workflow_dispatch:
schedule:
- cron: "0 */12 * * *"
permissions:
contents: read
jobs:
update:
if: ${{ github.repository }} == 'chainguard-dev/malcontent'
runs-on: mal-ubuntu-latest-8-core
permissions:
contents: write
id-token: write
pull-requests: write
steps:
- uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: chainguard-dev/actions/setup-gitsign@e82b4e5ae10182af72972addcb3fedf7454621c8
- name: Set up Octo-STS
uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0
id: octo-sts
with:
scope: chainguard-dev/malcontent
identity: third-party
- name: Install yara and libyara-dev
run: |
sudo apt update && sudo apt install yara libyara-dev -y
- name: Run make update-third-party
run: |
make update-third-party
- name: Run make refresh-test-data
run: |
make refresh-sample-testdata
- name: Commit changes and create PR
env:
GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
run: |
if [[ -n $(git status -s) ]]; then
DATE=$(date +%F)
BRANCH="third-party-rule-update-${DATE}"
git checkout -b $BRANCH
git add .
git commit -m "Update third-party rules as of ${DATE}"
git push origin $BRANCH
gh pr create -t "Update third-party rules as of ${DATE}" -b "${DATE} third-party rule update for malcontent." -B main
fi