-
Notifications
You must be signed in to change notification settings - Fork 158
67 lines (61 loc) · 2.29 KB
/
populate-hapi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: populate hapi
on:
push:
paths:
- '**.yaml'
create:
jobs:
sync:
runs-on: ubuntu-latest
permissions:
id-token: write
content: read
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_POPULATE_HAPI_RO_ROLE }}
role-session-name: github-action-hub-populate-hapi
aws-region: ${{ secrets.AWS_REGION }}
- name: Checkout code
uses: actions/checkout@v4
with:
repository: ${{ github.event.created.head.repo.full_name }}
ref: ${{ github.event.created.head.ref }}
path: hub
- name: Sync when new branch
if: github.event.created
run: |
echo "Branch: ${GITHUB_REF#refs/heads/}"
cd hub
for file in $(find . -name "*"ml ! -path './.tests/*' ! -path './.github/*') ;
do
curl -XPUT "https://hub.api.dev.crowdsec.net/v1/admin/crowdsecurity/${GITHUB_REF#refs/heads/}"" --aws-sigv4 "aws:amz:eu-west--1:execute-api" --user "$AWS_ACCESS_KEY_ID":"$AWS_SECRET_ACCESS_KEY" -H "x-amz-security-token: $AWS_SESSION_TOKEN" --data @$file
done
- name: Fetch all commit details
if: ${{ ! github.event.created }}
id: fetch-commits
run: |
TOKEN=$GITHUB_TOKEN
URL=$(jq -r '.repository.commits_url' $GITHUB_EVENT_PATH | sed 's/{\/sha}//')
COMMITS=""
PAGE=1
curl -sSL -H "Authorization: token $TOKEN" "$URL?page=$PAGE&per_page=100"
while true; do
PAGE_COMMITS=$(curl -sSL -H "Authorization: token $TOKEN" "$URL?page=$PAGE&per_page=100" | jq -r '.[].sha')
if [ -z "$PAGE_COMMITS" ]; then
break
fi
COMMITS="$COMMITS $PAGE_COMMITS"
PAGE=$((PAGE + 1))
done
echo "::set-output name=commits::$COMMITS"
- name: Print modified files
if: ${{ ! github.event.created }}
run: |
for sha in ${{ steps.fetch-commits.outputs.commits }}; do
FILES=$(curl -sSL -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/${{ github.repository }}/commits/$sha | jq -r '.files[].filename')
echo "Modified files in commit $sha:"
echo "$FILES"
# Perform your actions on each modified file here
done