From 3a1f70a1230aa6eb69459ccf4031894b27920700 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dpark@linux.microsoft.com>
Date: Mon, 14 Nov 2022 17:01:48 +0100
Subject: [PATCH] .github: add monthly workflow update-metadata-glsa

Add a new monthly workflow update-metadata-glsa, to sync GLSA(Gentoo
Linux Security Advisories) with upstream Gentoo.

While most individual metadata xml files are available on the upstream
mirror repo https://github.com/gentoo-mirror/gentoo, its binary data
as well as timestamp files do not exist on the public Git repo. So it
is necessary to rsync those data from rsync.gentoo.org, instead of
running sync-with-gentoo script.
---
 .../workflows/update-metadata-glsa.yml        | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 sdk_container/src/third_party/portage-stable/.github/workflows/update-metadata-glsa.yml

diff --git a/sdk_container/src/third_party/portage-stable/.github/workflows/update-metadata-glsa.yml b/sdk_container/src/third_party/portage-stable/.github/workflows/update-metadata-glsa.yml
new file mode 100644
index 0000000000..8bb05a6724
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/.github/workflows/update-metadata-glsa.yml
@@ -0,0 +1,32 @@
+name: Keep GLSA metadata updated
+on:
+  schedule:
+    - cron:  '0 7 1 * *'
+  workflow_dispatch:
+
+jobs:
+  keep-glsa-metadata-updated:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout portage-stable
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Update GLSA metadata
+        id: update-glsa-metadata
+        run: |
+          rm -rf metadata/glsa
+          mkdir --parents metadata/glsa
+          rsync --archive rsync://rsync.gentoo.org/gentoo-portage/metadata/glsa/* ./metadata/glsa/
+          todaydate=$(date +%Y-%m-%d)
+          echo "TODAYDATE=${todaydate}" >>"${GITHUB_OUTPUT}"
+      - name: Create pull request for main branch
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: buildbot/monthly-glsa-metadata-updates-${{steps.update-glsa-metadata.outputs.TODAYDATE }}
+          delete-branch: true
+          base: main
+          title: Monthly GLSA metadata ${{steps.update-glsa-metadata.outputs.TODAYDATE }}
+          body: Updated GLSA metadata
+          labels: main