๐งฑ Blocklist โบ Generate #427
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# # | |
# @usage https://github.com/Aetherinox/csf-firewall | |
# @type github workflow | |
# | |
# generates a list of ipsets which can then be used within host files, config server firewall, and various other apps | |
# | |
# ๐ bl-master.sh generate master ipset | URLs: VARARG | |
# ๐ bl-plain.sh generate ipset from online plain-text url / page | URLs: VARARG | |
# ๐ bl-json.sh generate ipset from json formatted web url. requires url and jq query | URLs: SINGLE | |
# ๐ bl-htmlip.sh generate ipset by fetching HTML in web url, pulls only ips with grep rule (cant be changed) | URLs: SINGLE | |
# ๐ bl-html.sh generate ipset by fetching HTML in web url, does not run its own grep, must be specified in command | URLs: VARARG | |
# ๐ bl-block.sh generate ipset by fetching locally specified file in /blocks/ repo folder | |
# ๐ bl-format.sh generate ipset by from an existing list of IPs. does not generate ips itself. only validates a list provided | |
# ๐ bl-spf.sh generate ipset by fetching _spf ips from domain | |
# | |
# local test requires the same structure as the github workflow | |
# ๐ .github | |
# ๐ blocks | |
# ๐ bruteforce | |
# ๐ 01.ipset | |
# ๐ privacy | |
# ๐ 01.ipset | |
# ๐ scripts | |
# ๐ bl-master.sh | |
# ๐ bl-plain.sh | |
# ๐ bl-json.sh | |
# ๐ bl-htmlip.sh | |
# ๐ bl-html.sh | |
# ๐ bl-block.sh | |
# ๐ bl-format.sh | |
# ๐ bl-spf.sh | |
# ๐ workflows | |
# ๐ blocklist-generate.yml | |
# # | |
name: "๐งฑ Blocklist โบ Generate" | |
run-name: "๐งฑ Blocklist โบ Generate" | |
# # | |
# triggers | |
# # | |
on: | |
# # | |
# Trigger > Workflow Dispatch | |
# # | |
workflow_dispatch: | |
inputs: | |
# # | |
# true: runs all actions, even ones not scheduled | |
# false: only scheduled tasks will run | |
# # | |
RUN_ALL_ACTIONS: | |
description: "๐ Run All Actions" | |
required: true | |
default: false | |
type: boolean | |
# # | |
# Trigger > Cron Schedule | |
# # | |
schedule: | |
- cron: '0 2,8,14,20 * * *' | |
- cron: '0 0 * * *' | |
# # | |
# environment variables | |
# # | |
env: | |
BOT_NAME_1: EuropaServ | |
BOT_NAME_DEPENDABOT: dependabot[bot] | |
# # | |
# jobs | |
# # | |
jobs: | |
# # | |
# Job > Setup | |
# # | |
blocklist-setup: | |
name: >- | |
๐ฆ Setup | |
runs-on: apollo-x64 | |
steps: | |
- name: "โ Start" | |
id: task_setup_start | |
run: | | |
echo "Starting blocklist build script" | |
# # | |
# Job > Checkout | |
# # | |
- name: "โ๏ธ Checkout" | |
id: task_setup_checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# # | |
# Generate > Install Packages | |
# # | |
- name: "๐งฑ Install Packages" | |
id: task_setup_install | |
run: | | |
sudo apt-get install -y ipcalc ed html2text whois uuid-runtime autoconf | |
# # | |
# Generate > Cache Packages | |
# # | |
- name: "๐งฑ Cache Packages" | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: ipcalc ed html2text whois uuid-runtime | |
version: 1.0 | |
# # | |
# Job > Blocklist > Master | |
# # | |
blocklist-generate: | |
name: >- | |
๐ Generate โบ Blocklist | |
runs-on: apollo-x64 | |
needs: [ blocklist-setup ] | |
steps: | |
# # | |
# Generate > Checkout | |
# # | |
- name: "โ๏ธ Checkout" | |
id: task_blocklist_generate_checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# # | |
# Generate > Configure | |
# | |
# this step installs packages we need to manage ipsets. | |
# - iprange | |
# this package allows us to convert ip ranges into a CIDR formatted ip | |
# 10.10.0.1-10.10.0.9 => 10.10.0.1 | |
# 10.10.0.2/31 | |
# 10.10.0.4/30 | |
# 10.10.0.8/31 | |
# https://github.com/firehol/iprange | |
# # | |
- name: "โ๏ธ Configure" | |
id: task_blocklist_generate_configure | |
run: | | |
git clone https://github.com/firehol/iprange.git ./.temp/iprange | |
cd .temp/iprange | |
./autogen.sh | |
./configure --disable-man | |
sudo make && make install | |
# # | |
# Generate > Set Template Permissions | |
# # | |
- name: "โ๏ธ Set Permissions" | |
id: task_blocklist_generate_perms | |
run: | | |
# Set Permissions | |
chmod +x ".github/scripts/bl-master.sh" | |
chmod +x ".github/scripts/bl-format.sh" | |
chmod +x ".github/scripts/bl-htmlip.sh" | |
chmod +x ".github/scripts/bl-html.sh" | |
chmod +x ".github/scripts/bl-block.sh" | |
chmod +x ".github/scripts/bl-json.sh" | |
chmod +x ".github/scripts/bl-plain.sh" | |
chmod +x ".github/scripts/bl-spf.sh" | |
chmod +x ".github/scripts/bl-whois.sh" | |
chmod +x ".github/scripts/bt-transmission.sh" | |
chmod +x ".github/scripts/update-readme.sh" | |
chmod +x ".github/scripts/tool-range-iprange.sh" | |
# # | |
# Generate > Set Env Variables | |
# # | |
- name: "๐ฆ Set Env Variables" | |
id: task_commit_pre | |
run: | | |
useragent="${{ vars.API_USERAGENT }}" | |
echo "USERAGENT=$(echo $useragent)" >> $GITHUB_ENV | |
# # | |
# Generate > Master | |
# # | |
- name: "๐งฑ Generate โบ Master" | |
id: task_blocklist_generate_master | |
run: | | |
run_master=".github/scripts/bl-master.sh blocklists/master.ipset ${{ secrets.API_01_FILE_01 }} ${{ secrets.API_01_FILE_02 }} ${{ secrets.API_01_FILE_03 }} ${{ secrets.API_01_FILE_04 }} ${{ secrets.API_01_FILE_05 }} ${{ secrets.API_01_FILE_06 }} ${{ secrets.API_01_FILE_07 }} ${{ secrets.API_01_FILE_08 }} ${{ secrets.API_01_FILE_09 }}" | |
eval "./$run_master" | |
run_highrisk=".github/scripts/bl-htmlip.sh blocklists/highrisk.ipset ${{ secrets.API_01_HIGHRISK_URL }} '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'" | |
eval "./$run_highrisk" | |
# # | |
# Generate > Privacy | |
# # | |
- name: "๐งฑ Generate โบ Privacy" | |
id: task_blocklist_generate_privacy | |
run: | | |
# Privacy โบ General | |
run_general=".github/scripts/bl-block.sh blocklists/privacy/privacy_general.ipset privacy" | |
eval "./$run_general" | |
# Privacy โบ Google | |
run_google=".github/scripts/bl-json.sh blocklists/privacy/privacy_google.ipset https://developers.google.com/search/apis/ipranges/googlebot.json '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty'" | |
eval "./$run_google" | |
# Privacy โบ Cloudfront | |
run_cloudfront=".github/scripts/bl-json.sh blocklists/privacy/privacy_cloudfront.ipset https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips 'map(.[]) | sort | .[]'" | |
eval "./$run_cloudfront" | |
# Privacy โบ Bing | |
run_bing=".github/scripts/bl-json.sh blocklists/privacy/privacy_bing.ipset https://bing.com/toolbox/bingbot.json '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty'" | |
eval "./$run_bing" | |
# Privacy โบ Fastly | |
run_fastly=".github/scripts/bl-json.sh blocklists/privacy/privacy_fastly.ipset https://api.fastly.com/public-ip-list 'map(.[]) | .[]'" | |
eval "./$run_fastly" | |
# Privacy โบ Amazon AWS | |
run_amz_aws=".github/scripts/bl-json.sh blocklists/privacy/privacy_amazon_aws.ipset https://ip-ranges.amazonaws.com/ip-ranges.json '.prefixes[] | select(.service==\"AMAZON\") | .ip_prefix'" | |
eval "./$run_amz_aws" | |
# Privacy โบ Amazon EC2 | |
run_amz_ec2=".github/scripts/bl-json.sh blocklists/privacy/privacy_amazon_ec2.ipset https://ip-ranges.amazonaws.com/ip-ranges.json '.prefixes[] | select(.service==\"EC2\") | .ip_prefix'" | |
eval "./$run_amz_ec2" | |
# Privacy โบ Facebook | |
run_facebook=".github/scripts/bl-whois.sh blocklists/privacy/privacy_facebook.ipset AS32934" | |
eval "./$run_facebook" | |
# Privacy โบ Ahrefs | |
curl -sSL -A "${{ env.USERAGENT }}" https://api.ahrefs.com/v3/public/crawler-ips | jq -r '.ips[].ip_address | select( . != null )' | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_ahrefs.ipset | |
# Privacy โบ DuckDuckGo | |
curl -sSL -A "${{ env.USERAGENT }}" https://raw.githubusercontent.com/duckduckgo/duckduckgo-help-pages/master/_docs/results/duckduckbot.md | grep "^\- " | awk '{gsub("-",""); print}' | awk '{gsub(/ /,""); print}' | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_duckduckgo.ipset | |
# Privacy โบ Telegram | |
curl -sSL -A "${{ env.USERAGENT }}" https://core.telegram.org/resources/cidr.txt | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_telegram.ipset | |
# Privacy โบ Uptime Robot | |
curl -sSL -A "${{ env.USERAGENT }}" https://uptimerobot.com/inc/files/ips/IPv4andIPv6.txt | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_uptimerobot.ipset | |
# Privacy โบ Pingdom | |
PINGDOM_IPv4=$(curl -sSL -A "${{ env.USERAGENT }}" https://my.pingdom.com/probes/ipv4) | |
PINGDOM_IPv6=$(curl -sSL -A "${{ env.USERAGENT }}" https://my.pingdom.com/probes/ipv6) | |
PINGDOM_LIST="${PINGDOM_IPv4} ${PINGDOM_IPv6}" | |
echo "$PINGDOM_LIST" | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_pingdom.ipset | |
# Privacy โบ Stripe โบ API | |
curl -sSL -A "${{ env.USERAGENT }}" https://stripe.com/files/ips/ips_api.txt | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_stripe_api.ipset | |
# Privacy โบ Stripe โบ Webhooks | |
curl -sSL -A "${{ env.USERAGENT }}" https://stripe.com/files/ips/ips_webhooks.txt | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_stripe_webhooks.ipset | |
# Privacy โบ Stripe โบ Armada Gator | |
curl -sSL -A "${{ env.USERAGENT }}" https://stripe.com/files/ips/ips_armada_gator.txt | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_stripe_armada_gator.ipset | |
# Privacy โบ RSS API | |
curl -sSL -A "${{ env.USERAGENT }}" https://rssapi.net/ips.txt | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_rssapi.ipset | |
# Privacy โบ WebPageTest | |
curl -sSL -A "${{ env.USERAGENT }}" https://www.webpagetest.org/addresses.php?f=json | jq -r '.data[].addresses[] | select( . != null )' | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_webpagetest.ipset | |
# Privacy > Bunny CDN | |
BUNNYCDN_IPv4=$(curl -sSL -A "${{ env.USERAGENT }}" https://api.bunny.net/system/edgeserverlist/plain) | |
BUNNYCDN_IPv6=$(curl -sSL -A "${{ env.USERAGENT }}" https://api.bunny.net/system/edgeserverlist/ipv6 | jq -r '.[] | select( . != null )') | |
BUNNYCDN_LIST="${BUNNYCDN_IPv4} ${BUNNYCDN_IPv6}" | |
echo "$BUNNYCDN_LIST" | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_bunnycdn.ipset | |
# Privacy โบ Cloudflare CDN | |
CLOUDFLARE_IPv4=$(curl -sSL -A "${{ env.USERAGENT }}" https://www.cloudflare.com/ips-v4) | |
CLOUDFLARE_IPv6=$(curl -sSL -A "${{ env.USERAGENT }}" https://www.cloudflare.com/ips-v6) | |
CLOUDFLARE_LIST="${CLOUDFLARE_IPv4} ${CLOUDFLARE_IPv6}" | |
echo "$CLOUDFLARE_LIST" | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_cloudflarecdn.ipset | |
# Privacy โบ AppleBot | |
curl -sSL -A "${{ env.USERAGENT }}" https://search.developer.apple.com/applebot.json | jq -r '.prefixes | .[] |.ipv4Prefix//empty,.ipv6Prefix//empty' | $GITHUB_WORKSPACE/.github/scripts/bl-format.sh blocklists/privacy/privacy_applebot.ipset | |
# Privacy โบ Blizzard | |
run_blizzard=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_blizzard.ipset http://list.iblocklist.com/?list=ercbntshuthyykfkmhxc 'at&t'" | |
eval "./$run_blizzard" | |
# Privacy โบ Activision | |
run_activision=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_activision.ipset http://list.iblocklist.com/?list=gfnxlhxsijzrcuxwzebb" | |
eval "./$run_activision" | |
# Privacy โบ Electronic Arts & IGN | |
run_ea_ign=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_electronicarts_ign.ipset http://list.iblocklist.com/?list=ejqebpcdmffinaetsvxj" | |
eval "./$run_ea_ign" | |
# Privacy โบ Nintendo | |
run_nintendo=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_nintendo.ipset http://list.iblocklist.com/?list=pevkykuhgaegqyayzbnr" | |
eval "./$run_nintendo" | |
# Privacy โบ Pandora | |
run_pandora=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_pandora.ipset http://list.iblocklist.com/?list=aevzidimyvwybzkletsg" | |
eval "./$run_pandora" | |
# Privacy โบ Sony Entertainment | |
run_sony=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_sony.ipset http://list.iblocklist.com/?list=tukpvrvlubsputmkmiwg" | |
eval "./$run_sony" | |
# Privacy โบ Punkbuster | |
run_punkbuster=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_punkbuster.ipset http://list.iblocklist.com/?list=zvwwndvzulqcltsicwdg" | |
eval "./$run_punkbuster" | |
# Privacy โบ Riot Games | |
run_riot_games=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_riot_games.ipset http://list.iblocklist.com/?list=sdlvfabdjvrdttfjotcy" | |
eval "./$run_riot_games" | |
# Privacy โบ Pirate Bay | |
run_piratebay=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_piratebay.ipset http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb" | |
eval "./$run_piratebay" | |
# Privacy โบ Steam | |
run_steam=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_steam.ipset http://list.iblocklist.com/?list=cnxkgiklecdaihzukrud" | |
eval "./$run_steam" | |
# Privacy โบ Unisoft | |
run_ubisoft=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_ubisoft.ipset http://list.iblocklist.com/?list=etmcrglomupyxtaebzht" | |
eval "./$run_ubisoft" | |
# Privacy โบ Xfire | |
run_xfire=".github/scripts/tool-range-iprange.sh blocklists/privacy/privacy_xfire.ipset http://list.iblocklist.com/?list=ppqqnyihmcrryraaqsjo" | |
eval "./$run_xfire" | |
# # | |
# Generate > Spam | |
# # | |
- name: "๐งฑ Generate โบ Spam" | |
id: task_blocklist_generate_spam | |
run: | | |
run_spamhaus=".github/scripts/bl-plain.sh blocklists/spam/spam_spamhaus.ipset ${{ secrets.API_03_SPAM_SPAMHAUS_URL }}" | |
eval "./$run_spamhaus" | |
# # | |
# Generate > Spam > Forums | |
# | |
# only updated once per day (at 1am UTC) | |
# # | |
- name: "๐งฑ Generate โบ Spam โบ Forums (1/day)" | |
id: task_blocklist_spam_generate_forums | |
if: (github.event_name == 'schedule' && github.event.schedule == '0 0 * * *') || inputs.RUN_ALL_ACTIONS | |
run: | | |
chmod +x ".github/scripts/bl-plain.sh" | |
run_forums=".github/scripts/bl-plain.sh blocklists/spam/spam_forums.ipset https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_7d.ipset" | |
eval "./$run_forums" | |
# # | |
# Generate > Internet Service Provider | |
# | |
# @resources https://ftp.arin.net/info/asn.txt | |
# https://networksdb.io | |
# https://rapidapi.com | |
# https://ip.guide/ | |
# https://2ip.io | |
# https://ip2location.com | |
# https://ipqualityscore.com | |
# https://ipinfo.io | |
# https://radb.net | |
# https://bgpview.io | |
# @info script on another server is responsible for ensuring this workflow list is kept up to date with the correct ASN. | |
# we use numerous resources to compare ASNs to see which ones are active and which ones have been migrated. | |
# # | |
- name: "๐งฑ Generate โบ ISP" | |
id: task_blocklist_generate_isp | |
run: | | |
# ISP โบ AOL | |
run_isp_aol=".github/scripts/bl-block.sh blocklists/isp/isp_aol.ipset isp/aol.ipset" | |
eval "./$run_isp_aol" | |
# ISP โบ ATT | |
run_isp_att=".github/scripts/bl-whois.sh blocklists/isp/isp_att.ipset AS7018" | |
eval "./$run_isp_att" | |
# ISP โบ Cablevision | Later merged with Suddenlink | |
run_isp_cablevision=".github/scripts/bl-whois.sh blocklists/isp/isp_cablevision.ipset AS6128 AS13490 AS19720" | |
eval "./$run_isp_cablevision" | |
# ISP โบ Suddenlink / Altice / Optiumum | |
run_isp_suddenlink_optimum=".github/scripts/bl-json.sh blocklists/isp/isp_suddenlink_altice_optimum.ipset https://ip.guide/AS19108 '.routes | .v4//empty,.v6//empty | .[]'" | |
eval "./$run_isp_suddenlink_optimum" | |
# ISP โบ Frontier Communications | https://networksdb.io/ip-addresses-of/cox-communications-inc | |
run_isp_frontier=".github/scripts/bl-whois.sh blocklists/isp/isp_frontier_communications.ipset AS3593 AS5650 AS7011 AS26127 AS30064 AS32587" | |
eval "./$run_isp_frontier" | |
# ISP โบ Charter & Spectrum (Previously Time Warner Cable) | |
run_isp_charter_spectrum=".github/scripts/bl-whois.sh blocklists/isp/isp_charter_spectrum_timewarnercable.ipset AS7843 AS11351 AS12271 AS20001 AS20115 AS3456 AS63365" | |
eval "./$run_isp_charter_spectrum" | |
# ISP โบ Comcast | |
run_isp_comcast=".github/scripts/bl-whois.sh blocklists/isp/isp_comcast.ipset AS7922 AS7015 AS36732 AS36196 AS33651 AS33650 AS33542 AS33491 AS33490 AS33489 AS33351 AS33287 AS23266 AS23253 AS22909 AS22258 AS21508 AS20214 AS16748 AS14668 AS14042 AS13385 AS13367 AS11025" | |
eval "./$run_isp_comcast" | |
# ISP โบ Embarq | |
run_isp_embarq=".github/scripts/bl-whois.sh blocklists/isp/isp_embarq.ipset AS22186 AS32855 AS2379 AS3447 AS4212 AS5778 AS6222 AS6367 AS11398 AS11530 AS13787 AS14905 AS14910 AS14921 AS16718 AS17402 AS18494 AS22186 AS32855" | |
eval "./$run_isp_embarq" | |
# ISP โบ Qwest | |
run_isp_qwest=".github/scripts/bl-whois.sh blocklists/isp/isp_qwest.ipset AS3908 AS3909 AS3910 AS3951 AS4015 AS4911 AS6225 AS6226 AS6227 AS394190" | |
eval "./$run_isp_qwest" | |
# ISP โบ Sprint | |
run_isp_sprint=".github/scripts/bl-whois.sh blocklists/isp/isp_sprint.ipset AS1239 AS150389 AS1789 AS1790 AS1791 AS1792 AS1793 AS1794 AS1795 AS197226 AS2014 AS2050 AS2053 AS206963 AS21288 AS2938 AS2942 AS2959 AS2981 AS3647 AS3648 AS3649 AS3650 AS3651 AS3652" | |
eval "./$run_isp_sprint" | |
# ISP โบ Verizon | https://networksdb.io/search/org/verizon | |
run_isp_verizon=".github/scripts/bl-whois.sh blocklists/isp/isp_verizon.ipset AS701 AS702 AS1321 AS2125 AS7021 AS8385 AS6066 AS6167 AS9055 AS12367 AS22521" | |
eval "./$run_isp_verizon" | |
# ISP โบ Cox Communications | https://networksdb.io/ip-addresses-of/cox-communications-inc | |
run_isp_cox=".github/scripts/bl-whois.sh blocklists/isp/isp_cox_communications.ipset AS31771 AS22773 AS13432 AS6298 AS12064 AS13493 AS15218 AS22318 AS25904 AS26204" | |
eval "./$run_isp_cox" | |
# ISP โบ SpaceX Starlink | |
run_isp_starlink=".github/scripts/bl-whois.sh blocklists/isp/isp_spacex_starlink.ipset AS14593 AS397763 AS27277 AS142475" | |
eval "./$run_isp_starlink" | |
# # | |
# Generate > Geographical > Geolite2 > Setup | |
# | |
# this step should only be ran once per day (at 1am UTC). | |
# The vars defined below are used for caching. The current day of the year + year are calculated, this allows | |
# the same cached files to be used in a 24 hour period. When the day of the year changes, a new set of geo files will | |
# be updated. | |
# | |
# CACHE VARS: year_week outputs the current week of the year, and year | |
# 51_2024 | |
# | |
# year_day outputs the current day of the year, and year | |
# 308_2024 | |
# # | |
- name: "๐งฑ Geographical โบ GeoLite2 (Setup)" | |
id: task_blocklist_geographical_generate_setup | |
if: (github.event_name == 'schedule' && github.event.schedule == '0 0 * * *') || ( github.event_name == 'workflow_dispatch' && inputs.RUN_ALL_ACTIONS == 'true' ) | |
run: | | |
echo "year_week=$(date +'%U_%Y')" >> $GITHUB_ENV | |
echo "year_day=$(date +'%j_%Y')" >> $GITHUB_ENV | |
# # | |
# Generate > Geographical > Geolite2 > Cache | |
# | |
# uses the same cache in a 24 hour period. | |
# | |
# @output cache-hit | |
# only run step if cache hit found | |
# if: steps.task_blocklist_geographical_generate_cache.outputs.cache-hit == 'true' | |
# # | |
- name: "๐งฑ Geographical โบ GeoLite2 (Cache)" | |
id: task_blocklist_geographical_generate_cache | |
uses: actions/cache@v4 | |
if: steps.task_blocklist_geographical_generate_setup.outcome == 'success' | |
with: | |
path: .github/.temp | |
key: cache-${{ runner.os }}-geolite2-${{ env.year_week }} | |
# # | |
# Generate > Geographical > Geolite2 > Build | |
# # | |
- name: "๐งฑ Geographical โบ GeoLite2 (1/day)" | |
id: task_blocklist_geographical_generate_geolite2 | |
if: steps.task_blocklist_geographical_generate_setup.outcome == 'success' | |
run: | | |
chmod +x ".github/scripts/bl-geolite2.sh" | |
run_geolite2=".github/scripts/bl-geolite2.sh -l ${{ secrets.API_GEOLITE2_KEY }}" | |
eval "./$run_geolite2" | |
# # | |
# Generate > Transmission | |
# # | |
- name: "๐งฑ Generate โบ Transmission" | |
id: task_blocklist_generate_transmission | |
run: | | |
run_bt=".github/scripts/bt-transmission.sh" | |
eval "./$run_bt" | |
# # | |
# Generate > Artifact > Upload | |
# # | |
- name: "๐ Generate โบ Upload Artifact" | |
id: task_blocklist_generate_artifact_upload | |
uses: actions/upload-artifact@v4 | |
with: | |
name: blocklist-latest | |
path: ./ | |
retention-days: 1 | |
# # | |
# Job > Commit | |
# # | |
blocklist-commit: | |
name: >- | |
๐ Commit | |
runs-on: apollo-x64 | |
needs: [ blocklist-setup, blocklist-generate ] | |
steps: | |
# # | |
# Generate > Checkout | |
# # | |
- name: "โ๏ธ Commit โบ Checkout" | |
id: task_blocklist_master_checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# # | |
# Generate > Artifact > Download | |
# # | |
- name: "๐ Commit โบ Download Artifact" | |
id: task_commit_artifact_download | |
uses: actions/download-artifact@v4 | |
with: | |
name: blocklist-latest | |
path: ./ | |
# # | |
# Commit > Precommit | |
# # | |
- name: "๐ฆ Commit โบ Pre-commit" | |
id: task_commit_pre | |
run: | | |
now=$(date -u '+%m/%d/%Y %H:%M') | |
commit_label="Sync" >> $GITHUB_ENV | |
commit_message="\`๏ธ๏ธ๐ $commit_label ๐\` \`$now UTC\`" >> $GITHUB_ENV | |
echo "COMMIT_MESSAGE=$(echo $commit_message)" >> $GITHUB_ENV | |
echo "NOW=$(echo $now)" >> $GITHUB_ENV | |
# # | |
# Update README | |
# # | |
- name: "๐ Update README" | |
id: task_commit_readme_update | |
run: | | |
chmod +x ".github/scripts/update-readme.sh" | |
run_readme=".github/scripts/update-readme.sh README.md" | |
eval "./$run_readme" | |
# # | |
# GPG Key | |
# # | |
- name: "๐ฆ Commit โบ GPG Key" | |
id: task_commit_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.ADMINSERV_GPG_KEY_ASC }} | |
passphrase: ${{ secrets.ADMINSERV_GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
# # | |
# Commit > Commit | |
# # | |
- name: "๐ฆ Commit โบ Execute" | |
id: task_commit_execute | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: ${{ env.COMMIT_MESSAGE }} | |
commit_author: "${{ steps.task_commit_gpg.outputs.name }} <${{ steps.task_commit_gpg.outputs.email }}>" | |
commit_user_name: ${{ steps.task_commit_gpg.outputs.name }} | |
commit_user_email: ${{ steps.task_commit_gpg.outputs.email }} |