Skip to content
Latchkey

πŸ“ CVE JSON Metadata workflow (projectdiscovery/nuclei-templates)

The πŸ“ CVE JSON Metadata workflow from projectdiscovery/nuclei-templates, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: projectdiscovery/nuclei-templates.github/workflows/cve2json.ymlLicense MITView source

What it does

This is the πŸ“ CVE JSON Metadata workflow from the projectdiscovery/nuclei-templates repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: πŸ“ CVE JSON Metadata

on:
  push:
    branches:
      - main
    paths:
      - '**/cves/**'
  workflow_dispatch:

jobs:
  cve2json:
    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei-templates'
    steps:
      - uses: actions/checkout@v7
      - uses: projectdiscovery/actions/setup/go@v1
        with:
          go-version: 'stable'
      - run: go run main.go $GITHUB_WORKSPACE/http/cves/,$GITHUB_WORKSPACE/network/cves/,$GITHUB_WORKSPACE/javascript/cves/ $GITHUB_WORKSPACE/cves.json
        working-directory: .github/scripts/yaml2json
      - run: md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
      - uses: projectdiscovery/actions/setup/git@v1
      - uses: projectdiscovery/actions/commit@v1
        with:
          files: 'cves.json*'
          message: 'chore: generate CVEs metadata πŸ€–'
      - name: Push changes
        run: |
          git pull origin $GITHUB_REF --rebase
          git push origin $GITHUB_REF

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: πŸ“ CVE JSON Metadata
 
on:
  push:
    branches:
      - main
    paths:
      - '**/cves/**'
  workflow_dispatch:
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  cve2json:
    timeout-minutes: 30
    runs-on: latchkey-small
    if: github.repository == 'projectdiscovery/nuclei-templates'
    steps:
      - uses: actions/checkout@v7
      - uses: projectdiscovery/actions/setup/go@v1
        with:
          go-version: 'stable'
      - run: go run main.go $GITHUB_WORKSPACE/http/cves/,$GITHUB_WORKSPACE/network/cves/,$GITHUB_WORKSPACE/javascript/cves/ $GITHUB_WORKSPACE/cves.json
        working-directory: .github/scripts/yaml2json
      - run: md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
      - uses: projectdiscovery/actions/setup/git@v1
      - uses: projectdiscovery/actions/commit@v1
        with:
          files: 'cves.json*'
          message: 'chore: generate CVEs metadata πŸ€–'
      - name: Push changes
        run: |
          git pull origin $GITHUB_REF --rebase
          git push origin $GITHUB_REF
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow