Check NIST database #376

	name: 'Check NIST database'

	on:
	schedule:
	- cron: '30 1 * * *'

	workflow_dispatch:

	permissions:
	issues: write
	pull-requests: write

	jobs:
	check:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout 'uazo/cromite' ${{ env.BRANCH }}
	uses: actions/checkout@v2
	with:
	repository: 'uazo/cromite'
	ref: ${{ github.event.inputs.rtag }}
	path: 'cromite'
	fetch-depth: 1

	- name: Get data
	run: \|
	sudo apt update
	DEBIAN_FRONTEND=noninteractive sudo apt install -y sed

	export HOME=$GITHUB_WORKSPACE
	cd ~/cromite/tools
	test -d cves \|\| mkdir -p cves
	cd cves

	CY=$(date +%Y)
	for i in $(seq 2020 $CY)
	do
	echo Asking for $i year
	docker run --rm --name tapir stratosphereips/tapir:latest \
	bash -c "python3 tapir.py -y $i libjxl -s" >>libjxl.ansi
	done

	sed -e 's/\x1b\[[0-9;]*m//g' <libjxl.ansi >libjxl.txt
	rm libjxl.ansi

	- name: Check differences
	run: \|
	export HOME=$GITHUB_WORKSPACE
	cd ~/cromite
	CHANGES=0 && git diff --quiet \|\| CHANGES=1
	echo "CHANGES=$CHANGES" >> $GITHUB_ENV

	if [[ CHANGES -eq 1 ]]; then
	git add tools/cves/*.txt
	git diff --name-only --staged
	fi

	- name: Create Pull Request
	uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0
	if: env.CHANGES == '1'
	with:
	token: ${{ secrets.CROMITE_PULLS }}
	path: cromite
	base: ${{ env.BRANCH }}
	#push-to-fork: uazo/cromite
	add-paths: \|
	tools/cves/*.txt
	commit-message: 'AUTOMATED - CVE results'
	title: New CVE results
	delete-branch: true
	branch-suffix: short-commit-hash

Provide feedback