opencti-auto-update #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: opencti-auto-update | |
| on: | |
| schedule: | |
| - cron: "15 2 * * *" | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| GO_VERSION: '1.23.5' | |
| GOLANGCI_LINT_VERSION: 'v1.62.0' | |
| jobs: | |
| look-for-update: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| update-available: ${{ steps.test-for-update.outputs.update-available }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get current OpenCTI version | |
| run: | | |
| OPENCTI_VERSION=$(sed -n 's/.*opencti\/platform:\(.*\)$/\1/p' ./docker-compose.yml | head -1) | |
| echo "OPENCTI_VERSION=$OPENCTI_VERSION" >> "$GITHUB_ENV" | |
| echo "Current OpenCTI version is $OPENCTI_VERSION" | |
| - name: Fetch latest OpenCTI version | |
| run: | | |
| NEXT_OPENCTI_VERSION=$(curl -sL https://api.github.com/repos/OpenCTI-Platform/opencti/releases/latest | jq '.tag_name' | tr -d '"') | |
| if [ -z $NEXT_OPENCTI_VERSION ]; then | |
| echo "Could not get latest OpenCTI version" | |
| exit 1 | |
| fi | |
| echo "NEXT_OPENCTI_VERSION=$NEXT_OPENCTI_VERSION" >> "$GITHUB_ENV" | |
| echo "Latest OpenCTI version: $NEXT_OPENCTI_VERSION" | |
| - name: Test if an update is available | |
| id: test-for-update | |
| run: | | |
| if [ "$OPENCTI_VERSION" == "$NEXT_OPENCTI_VERSION" ]; then | |
| echo "GoCTI already supports latest OpenCTI version $NEXT_OPENCTI_VERSION" | |
| echo "update-available=false" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| echo "A new OpenCTI version $NEXT_OPENCTI_VERSION is available (GoCTI is currently supporting $OPENCTI_VERSION)" | |
| echo "update-available=true" >> "$GITHUB_OUTPUT" | |
| opencti-auto-update: | |
| runs-on: ubuntu-latest | |
| needs: look-for-update | |
| if: needs.look-for-update.outputs.update-available == 'true' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get current OpenCTI version | |
| run: | | |
| OPENCTI_VERSION=$(sed -n 's/.*opencti\/platform:\(.*\)$/\1/p' ./docker-compose.yml | head -1) | |
| echo "OPENCTI_VERSION=$OPENCTI_VERSION" >> "$GITHUB_ENV" | |
| echo "Current OpenCTI version is $OPENCTI_VERSION" | |
| - name: Fetch latest OpenCTI version | |
| run: | | |
| NEXT_OPENCTI_VERSION=$(curl -sL https://api.github.com/repos/OpenCTI-Platform/opencti/releases/latest | jq '.tag_name' | tr -d '"') | |
| if [ -z $NEXT_OPENCTI_VERSION ]; then | |
| echo "Could not get latest OpenCTI version" | |
| exit 1 | |
| fi | |
| echo "NEXT_OPENCTI_VERSION=$NEXT_OPENCTI_VERSION" >> "$GITHUB_ENV" | |
| echo "Latest OpenCTI version: $NEXT_OPENCTI_VERSION"^ | |
| - name: Fetch latest GoCTI version | |
| run: | | |
| GOCTI_VERSION=$(sed -En "s/^\#\# \[(.*)\] \- [0-9]{4}\-[0-9]{2}\-[0-9]{2}$/\1/p" ./CHANGELOG.md | head -1) | |
| if [ -z $GOCTI_VERSION ]; then | |
| echo "Could not determine latest GoCTI version" | |
| exit 1 | |
| fi | |
| echo "GOCTI_VERSION=$GOCTI_VERSION" >> "$GITHUB_ENV" | |
| echo "Latest GoCTI version: $GOCTI_VERSION" | |
| - name: Compute next GoCTI version | |
| run: | | |
| IFS='.' read -ra version_parts <<< "$GOCTI_VERSION" | |
| NEXT_VERSION="${version_parts[0]}.$((${version_parts[1]}+1)).${version_parts[2]}" | |
| echo "NEXT_VERSION=$NEXT_VERSION" >> "$GITHUB_ENV" | |
| echo "Version bump from $GOCTI_VERSION to $NEXT_VERSION" | |
| - name: Update OpenCTI versions | |
| run: | | |
| sed -i "s/opencti\/platform\:[0-9]*.[0-9]*.[0-9]*$/\opencti\/platform\:$NEXT_OPENCTI_VERSION/g" ./docker-compose.yml | |
| sed -i "s/opencti\/worker\:[0-9]*.[0-9]*.[0-9]*$/\opencti\/worker\:$NEXT_OPENCTI_VERSION/g" ./docker-compose.yml | |
| sed -i "s/pycti==[0-9]*.[0-9]*.[0-9]*\",$/\pycti==$NEXT_OPENCTI_VERSION\",/" ./tools/gocti_type_generator/pyproject.toml | |
| sed -i "s/OpenCTI version [0-9]*.[0-9]*.[0-9]*.$/\OpenCTI version $NEXT_OPENCTI_VERSION./" ./README.md | |
| - name: Update GoCTI versions | |
| run: | | |
| sed -i "s/^version = \"[0-9]*.[0-9]*.[0-9]*\"$/version = \"$NEXT_VERSION\"/" ./tools/gocti_type_generator/pyproject.toml | |
| sed -i "s/^\tgoctiVersion = \"[0-9]*.[0-9]*.[0-9]*\"$/\tgoctiVersion = \"$NEXT_VERSION\"/" ./gocti.go | |
| - name: Update changelog | |
| run: | | |
| TODAY=$(date +"%Y-%m-%d") | |
| CHANGELOG_LINE="- Support OpenCTI version $NEXT_OPENCTI_VERSION" | |
| CHANGELOG_HEADER="\#\# \[$NEXT_VERSION\] - $TODAY" | |
| UNRELEASED=$(sed -n '/^\#\# \[Unreleased\]/p' ./CHANGELOG.md | head -1) | |
| if [ -n "$UNRELEASED" ]; then | |
| CONTAINS_CHANGED=$(sed -n '/\#\# \[Unreleased\]/,/\#\# \[/p' ./CHANGELOG.md | grep "### Changed" || true) | |
| if [ -n "$CONTAINS_CHANGED" ]; then | |
| sed -i "/\#\# \[Unreleased\]/,/\#\# \[/s/^\#\#\# Changed$/\#\#\# Changed\n$CHANGELOG_LINE/" ./CHANGELOG.md | |
| else | |
| sed -i "s/^\#\# \[Unreleased\]/\#\# \[Unreleased\]\n\n\#\#\# Changed\n$CHANGELOG_LINE/" ./CHANGELOG.md | |
| fi | |
| sed -i "s/^\#\# \[Unreleased\]/$CHANGELOG_HEADER/" ./CHANGELOG.md | |
| else | |
| sed -i "8i $CHANGELOG_HEADER\n\n\#\#\# Changed\n$CHANGELOG_LINE\n" ./CHANGELOG.md | |
| fi | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| cache: 'pip' | |
| - name: Start environment | |
| run: docker compose --file ./docker-compose.yml --env-file ./docker-compose.env up -d | |
| - name: Wait on OpenCTI to be reachable | |
| run: while [ "$(curl -o /dev/null -s -w %{http_code} localhost:8080)" -ne 200 ]; do echo "waiting..."; sleep 5; done | |
| - name: Generate new GoCTI | |
| run: | | |
| pip install ./tools/gocti_type_generator | |
| source ./docker-compose.env | |
| export GOCTI_REPO=. | |
| export OPENCTI_URL=$(echo $OPENCTI_BASE_URL) | |
| export OPENCTI_TOKEN=$(echo $OPENCTI_ADMIN_TOKEN) | |
| go generate ./... | |
| - name: Run Go formatters | |
| run: | | |
| go install mvdan.cc/gofumpt@latest | |
| echo "gofumpt: $(which gofumpt)" | |
| gofumpt -l -w . | |
| go install github.com/bombsimon/wsl/v4/cmd/wsl@latest | |
| echo "wsl: $(which wsl)" | |
| wsl --fix ./... | |
| - name: Run Go linters | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: ${{ env.GOLANGCI_LINT_VERSION }} | |
| working-directory: . | |
| args: --config=".golangci.yml" --fix | |
| - name: Run Go formatters | |
| run: | | |
| go install mvdan.cc/gofumpt@latest | |
| echo "gofumpt: $(which gofumpt)" | |
| gofumpt -l -w . | |
| go install github.com/bombsimon/wsl/v4/cmd/wsl@latest | |
| echo "wsl: $(which wsl)" | |
| wsl --fix ./... | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ secrets.AUTO_UPDATE_OPENCTI }} | |
| commit-message: Update GoCTI to ${{ env.NEXT_VERSION }} | |
| committer: weisshorn-cyd-bot <196039234+weisshorn-cyd-bot@users.noreply.github.com> | |
| author: weisshorn-cyd-bot <196039234+weisshorn-cyd-bot@users.noreply.github.com> | |
| branch: feature/update-opencti-to-${{ env.NEXT_OPENCTI_VERSION }} | |
| title: '[opencti] update to ${{ env.NEXT_OPENCTI_VERSION }}' | |
| body: | | |
| Update GoCTI to support newest OpenCTI version ${{ env.NEXT_OPENCTI_VERSION }} | |
| Todo: | |
| - [ ] Check if there are changes in the [upstream compose](https://github.com/OpenCTI-Platform/docker/blob/master/docker-compose.yml) that need to be applied here | |
| labels: release | |
| - name: Tear down environment | |
| run: docker compose --env-file ./docker-compose.env down --volumes --timeout 30 |