From 13e916a95394c05ce64bdf2786f40564b8099e1e Mon Sep 17 00:00:00 2001
From: Alexis Mousset <alexis.mousset@rudder.io>
Date: Mon, 12 Feb 2024 02:38:51 +0100
Subject: [PATCH] Add automation for advisories ID sync (#1882)

---
 .github/workflows/sync-ids.yml | 44 ++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .github/workflows/sync-ids.yml

diff --git a/.github/workflows/sync-ids.yml b/.github/workflows/sync-ids.yml
new file mode 100644
index 0000000..13ad064
--- /dev/null
+++ b/.github/workflows/sync-ids.yml
@@ -0,0 +1,44 @@
+name: Synchronize IDs
+
+on:
+  schedule:
+    # daily run on default "main" branch
+    - cron: '30 1 * * *'
+
+jobs:
+  sync-ids:
+    name: Synchronize IDs
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Cache cargo bin
+      uses: actions/cache@v4
+      with:
+        path: ~/.cargo/bin
+        key: rustsec-admin-v0.8.9
+
+    - name: Install rustsec-admin
+      run: |
+        VERSION="0.8.9"
+        if ! ( rustsec-admin --version | grep -q "$VERSION" ); then
+          cargo install rustsec-admin --force --vers "$VERSION"
+        fi
+
+    - name: Synchronize IDs
+      id: sync-ids
+      run: |
+        mkdir -p /tmp/osv
+        curl --silent --output /tmp/osv/advisories.zip https://osv-vulnerabilities.storage.googleapis.com/crates.io/all.zip
+        unzip -d /tmp/osv -q /tmp/osv/advisories.zip
+        rustsec-admin sync --osv /tmp/osv/ .
+        message="Synchronize IDs ($(date +%F))"
+        echo "commit_message=${message}" >> $GITHUB_OUTPUT
+
+    - name: Create pull request
+      uses: peter-evans/create-pull-request@v6
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        commit-message: ${{ steps.assign.outputs.commit_message }}
+        title: ${{ steps.assign.outputs.commit_message }}
+        branch: sync-ids