🧱 Blocklist › Generate #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# # | |
# @usage https://github.com/Aetherinox/csf-firewall | |
# @type github workflow | |
# | |
# used in combination with .github/scripts/bl-download.sh | |
# | |
# download AbuseIPDB ip list after list of ips are downloaded, merges them with a static list | |
# that is not updated as often which contains a list of long-term abusive ip addresses | |
# | |
# local test requires the same structure as the github workflow | |
# 📁 .github | |
# 📁 blocks | |
# 📄 1.txt | |
# 📁 scripts | |
# 📄 bl-download.sh | |
# 📁 workflows | |
# 📄 blocklist-generate.yml | |
# # | |
name: "🧱 Blocklist › Generate" | |
run-name: "🧱 Blocklist › Generate" | |
# # | |
# triggers | |
# # | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 */6 * * *' | |
# # | |
# environment variables | |
# # | |
env: | |
BOT_NAME_1: EuropaServ | |
BOT_NAME_DEPENDABOT: dependabot[bot] | |
# # | |
# jobs | |
# # | |
jobs: | |
build: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 3 | |
steps: | |
# # | |
# Job > Start | |
# # | |
- name: "✅ Start" | |
id: task_build_start | |
run: | | |
echo "Starting blocklist build script" | |
# # | |
# Job > Checkout | |
# # | |
- name: "☑️ Checkout" | |
id: task_build_checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# # | |
# Generate > Master | |
# # | |
- name: "🧱 Generate › Master" | |
id: task_build_generate_master | |
run: | | |
# # | |
# set permissions and run generator | |
# # | |
chmod +x ".github/scripts/bl-download.sh" | |
run_master=".github/scripts/bl-download.sh ${{ vars.API_01_OUT }} false ${{ secrets.API_01_FILE_01 }} ${{ secrets.API_01_FILE_02 }} ${{ secrets.API_01_FILE_03 }}" | |
eval "./$run_master" | |
# # | |
# Generate > Privacy | |
# # | |
- name: "🧱 Generate › Privacy" | |
id: task_build_generate_privacy | |
run: | | |
# # | |
# set permissions and run generator | |
# # | |
chmod +x ".github/scripts/bl-static.sh" | |
run_general=".github/scripts/bl-static.sh ${{ vars.API_02_GENERAL_OUT }} privacy" | |
eval "./$run_general" | |
chmod +x ".github/scripts/bl-json.sh" | |
run_google=".github/scripts/bl-json.sh ${{ vars.API_02_GOOGLE_OUT }} ${{secrets.API_02_GOOGLE_URL}} '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty'" | |
eval "./$run_google" | |
chmod +x ".github/scripts/bl-json.sh" | |
run_cloudfront=".github/scripts/bl-json.sh ${{ vars.API_02_CLOUDFRONT_OUT }} ${{ secrets.API_02_CLOUDFRONT_URL }} 'map(.[]) | sort | .[]'" | |
eval "./$run_cloudfront" | |
chmod +x ".github/scripts/bl-json.sh" | |
run_bing=".github/scripts/bl-json.sh ${{ vars.API_02_BING_OUT }} ${{ secrets.API_02_BING_URL }} '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty'" | |
eval "./$run_bing" | |
chmod +x ".github/scripts/bl-json.sh" | |
run_fastly=".github/scripts/bl-json.sh ${{ vars.API_02_FASTLY_OUT }} ${{ secrets.API_02_FASTLY_URL }} 'map(.[]) | .[]'" | |
eval "./$run_fastly" | |
chmod +x ".github/scripts/bl-json.sh" | |
run_amz_aws=".github/scripts/bl-json.sh ${{ vars.API_02_AMAZON_AWS_OUT }} ${{ secrets.API_02_AMAZON_URL }} '.prefixes[] | select(.service==\"AMAZON\") | .ip_prefix'" | |
eval "./$run_amz_aws" | |
chmod +x ".github/scripts/bl-json.sh" | |
run_amz_ec2=".github/scripts/bl-json.sh ${{ vars.API_02_AMAZON_EC2_OUT }} ${{ secrets.API_02_AMAZON_URL }} '.prefixes[] | select(.service==\"EC2\") | .ip_prefix'" | |
eval "./$run_amz_ec2" | |
# # | |
# Generate > Precommit | |
# # | |
- name: "📦 Pre-commit" | |
id: task_build_precommit | |
run: | | |
now=$(date '+%m/%d/%Y %H:%M') | |
commit_label="Sync" >> $GITHUB_ENV | |
commit_message="\`️️⚡️ $commit_label ⚡️\` \`$now\`" >> $GITHUB_ENV | |
echo "COMMIT_MESSAGE=$(echo $commit_message)" >> $GITHUB_ENV | |
echo "NOW=$(echo $now)" >> $GITHUB_ENV | |
# # | |
# Generate > Commit | |
# # | |
- name: "📦 Commit" | |
id: task_build_commit | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: ${{ env.COMMIT_MESSAGE }} |