nuclei-templates/.github/workflows/cve-enhancement.yml

name: 🔧 CVE Enhancement

on:
  pull_request:
    paths:
      - '**/cves/**/*.yaml'

jobs:
  enhance:
    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei-templates'
    permissions:
      contents: write

    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install dependencies
        run: pip install requests

      - name: Get changed CVE files
        id: files
        run: |
          git fetch origin ${{ github.event.pull_request.base.ref }}
          FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD | grep 'cves/.*\.yaml$' || echo "")
          if [ -n "$FILES" ]; then
            echo "changed=true" >> $GITHUB_OUTPUT
            echo "$FILES" > /tmp/cve_files.txt
          else
            echo "changed=false" >> $GITHUB_OUTPUT
          fi

      - name: Enhance CVE templates
        if: steps.files.outputs.changed == 'true'
        run: |
          while read file; do
            [ -f "$file" ] && python .github/scripts/enhance-cve-fields.py "$file"
          done < /tmp/cve_files.txt

      - name: Commit changes
        if: steps.files.outputs.changed == 'true'
        run: |
          if ! git diff --quiet; then
            git config user.name "github-actions[bot]"
            git config user.email "github-actions[bot]@users.noreply.github.com"
            git add -A
            git commit -m "chore: add impact and remediation fields 🤖"
            git push origin HEAD:${{ github.event.pull_request.head.ref }}
          fi