PrivescCheck Update & Build #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PrivescCheck Update & Build | |
| on: | |
| # Trigger action when a push occurs on the master branch | |
| push: | |
| branches: | |
| - master | |
| # Trigger action manually from GitHub > Actions | |
| workflow_dispatch: | |
| # Trigger action at a given date and time | |
| schedule: | |
| - cron: '47 12 * * 3' | |
| concurrency: | |
| group: privesccheck-update-and-build | |
| # | |
| # Below, we are building the following chain: | |
| # | |
| # -> Update data files and commit changes (if needed) | |
| # -> Get release tag to apply to next release | |
| # -> Build scripts and create new release | |
| # | |
| # Notes: | |
| # - if we fail to update data files for some reason, we still want to be | |
| # able to build the scripts. | |
| # - if the action is triggered because it was scheduled, we want to create | |
| # a new release only if data has been updated. | |
| # | |
| jobs: | |
| update-data: | |
| name: Update data | |
| runs-on: ubuntu-latest | |
| outputs: | |
| data-updated: ${{ steps.commit-and-push.outputs.data-updated }} | |
| data-update-diff: ${{ steps.commit-and-push.outputs.data-update-diff }} | |
| steps: | |
| - name: Check out master branch | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: master | |
| - name: Update LOL driver list | |
| # Continue even if we fail to update the LOL driver list. | |
| continue-on-error: true | |
| shell: pwsh | |
| run: | | |
| . ./build/Build.ps1 | |
| Update-LolDriverList | |
| - name: Commit and push changes (if needed) | |
| id: commit-and-push | |
| shell: bash | |
| run: | | |
| if ! bash ./.github/workflows/commit_and_push.sh "${{ github.actor_id }}" "${{ github.actor }}"; then | |
| echo "data-updated=false" >> "$GITHUB_OUTPUT" | |
| echo "data-update-diff=$(echo "N/A" | base64 -w 0)" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "data-updated=true" >> "$GITHUB_OUTPUT" | |
| echo "data-update-diff=$(git diff --name-only -- ./data | base64 -w 0)" >> "$GITHUB_OUTPUT" | |
| fi | |
| get-release-tag: | |
| name: Get release tag | |
| needs: update-data | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release-tag: ${{ steps.get-release-tag.outputs.release-tag }} | |
| steps: | |
| - name: Check out master branch | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: master | |
| - name: Get release tag | |
| id: get-release-tag | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| shell: bash | |
| run: | | |
| echo "release-tag=$(bash ./.github/workflows/get_release_tag.sh)" >> "$GITHUB_OUTPUT" | |
| build-scripts: | |
| name: Build PrivescCheck | |
| needs: [update-data, get-release-tag] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out master branch | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: master | |
| fetch-depth: 0 | |
| - name: Generate Changelog | |
| shell: bash | |
| run: | | |
| event_name="${{ github.event_name }}" | |
| echo "[*] Event name: ${event_name}" | |
| changelog_content="" | |
| if [[ "${event_name}" == "push" ]]; then | |
| echo "[*] Commit ID before push: ${{ github.event.before }}" | |
| echo "[*] Commit ID after push: ${{ github.event.after }}" | |
| changelog_content="$(git diff --unified=0 "${{ github.event.before }}" "${{ github.event.after }}" -- "./info/CHANGELOG.md" 2>/dev/null | grep -E "^\\+" | grep -v '+++' | sed "s/^+//g")" | |
| elif [[ "${event_name}" == "schedule" ]]; then | |
| data_file_update=$(echo "${{ needs.update-data.outputs.data-update-diff }}" | base64 -d) | |
| echo -e "[*] Data file update:\n${data_file_update}" | |
| changelog_content="## Files updated\n\n${data_file_update}" | |
| else | |
| changelog_content="N/A" | |
| fi | |
| echo -ne "# Changelog\n\n${changelog_content}\n" > ./release/changelog.md | |
| - name: Build PrivescCheck script | |
| shell: pwsh | |
| run: | | |
| . ./build/Build.ps1 | |
| Invoke-Build -Name "PrivescCheck" -NoNewSeed | |
| - name: Create release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| RELEASE_TAG: ${{ needs.get-release-tag.outputs.release-tag }} | |
| DATA_UPDATED: ${{ needs.update-data.outputs.data-updated }} | |
| shell: bash | |
| run: | | |
| event_name="${{ github.event_name }}" | |
| echo "[*] Release tag: ${RELEASE_TAG}" | |
| echo "[*] Data updated: ${DATA_UPDATED}" | |
| echo "[*] Event name: ${event_name}" | |
| create_release=0 | |
| if [[ "${event_name}" = "schedule" ]]; then | |
| if [[ "${DATA_UPDATED}" = "true" ]]; then | |
| create_release=1 | |
| gh release create "${RELEASE_TAG}" ./release/*.ps1 | |
| fi | |
| else | |
| create_release=1 | |
| fi | |
| if [[ $create_release == 1 ]]; then | |
| changelog_path="./release/changelog.md" | |
| if [[ -f "${changelog_path}" ]]; then | |
| echo "[*] Changelog file found: ${changelog_path}" | |
| gh release create "${RELEASE_TAG}" --notes-file "${changelog_path}" ./release/*.ps1 | |
| else | |
| echo "[!] Changelog file not found" | |
| gh release create "${RELEASE_TAG}" ./release/*.ps1 | |
| fi | |
| else | |
| echo "[*] No release to create" | |
| fi |