每日OSV数据同步 #1175
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 每日OSV数据同步 | |
| on: | |
| schedule: | |
| - cron: '0 */12 * * *' # 每12小时执行 | |
| workflow_dispatch: # 允许手动触发 | |
| # 显式设置工作流权限 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: write | |
| id-token: write | |
| jobs: | |
| osv-sync: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 检出代码 | |
| uses: actions/checkout@v4 # 更新到最新版本 | |
| - name: 设置Python | |
| uses: actions/setup-python@v5 # 更新到最新版本 | |
| with: | |
| python-version: '3.12' # 与pyproject.toml中的版本要求一致 | |
| - name: 安装uv包管理器 | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
| - name: 安装依赖 | |
| run: | | |
| uv pip install --system -e . | |
| uv pip install --system playwright | |
| python -m playwright install chromium --with-deps | |
| - name: 运行数据同步 | |
| run: | | |
| mkdir -p data logs | |
| python -m osv_sync.cli --config config.yaml | |
| env: | |
| PYTHONUNBUFFERED: 1 # 确保日志输出不被缓冲 | |
| - name: 生成运行日期 | |
| id: date | |
| run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT | |
| - name: 检查是否有下载的数据文件 | |
| id: check_data | |
| run: | | |
| if [ -f "data/all.zip" ]; then | |
| echo "data_exists=true" >> $GITHUB_OUTPUT | |
| echo "数据文件已成功下载:$(ls -lh data/all.zip)" | |
| else | |
| echo "data_exists=false" >> $GITHUB_OUTPUT | |
| echo "警告:数据文件未找到" | |
| # 列出data目录内容以便调试 | |
| ls -la data/ | |
| fi | |
| - name: 上传同步日志 | |
| uses: actions/upload-artifact@v4 # 更新到最新版本 | |
| with: | |
| name: sync-logs-${{ steps.date.outputs.date }} | |
| path: logs/ | |
| retention-days: 7 | |
| # - name: 上传同步数据 | |
| # if: steps.check_data.outputs.data_exists == 'true' | |
| # uses: actions/upload-artifact@v4 # 更新到最新版本 | |
| # with: | |
| # name: osv-data-${{ steps.date.outputs.date }} | |
| # path: | | |
| # data/all.zip | |
| # data/all_vuln/ | |
| # retention-days: 3 | |
| # if-no-files-found: warn # 添加警告 | |
| # # 可选:创建数据快照和推送结果 | |
| # - name: 创建数据快照(可选) | |
| # if: steps.check_data.outputs.data_exists == 'true' && github.ref == 'refs/heads/main' | |
| # run: | | |
| # current_date=$(date +'%Y-%m-%d') | |
| # echo "创建数据快照: $current_date" | |
| # # 在这里可以添加快照逻辑 | |
| # 将同步结果提交到仓库 | |
| - name: 提交同步结果到仓库 | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| git add data/all_vuln/ | |
| git add logs/ | |
| git commit -m "自动数据同步 $(date +'%Y-%m-%d')" || echo "没有变更需要提交" | |
| # 使用环境变量方式处理令牌,更安全 | |
| git push origin HEAD:main |