feat(cicd): Created pipeline for automatically updating default-passwords.txt

Closes #1209
2025-12-06 08:53:59 +01:00 · 2025-06-14 01:39:42 -03:00 · 2025-06-14 01:39:42 -03:00 · f1a4aa3866
commit f1a4aa3866
parent 3ac9428065
1 changed files with 49 additions and 0 deletions
--- a/.github/workflows/wordlist-updater_default-passwords.yml
+++ b/.github/workflows/wordlist-updater_default-passwords.yml
@ -0,0 +1,49 @@
+name: Wordlist Updater - default-passwords
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - 'Passwords/Default-Credentials/default-passwords.csv'
+
+jobs:
+  update_default_passwords:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download csvq
+        run: |
+          CSVQ_HASH="f22a3f96cd00e9b58cd55f0515427b2058d7b13c89b62d24a4867405d4ccc588"
+          CSVQ_VERSION="v1.18.1"
+          wget https://github.com/mithrandie/csvq/releases/download/${CSVQ_VERSION}/csvq-${CSVQ_VERSION}-linux-amd64.tar.gz
+          echo "${CSVQ_HASH} csvq-${CSVQ_VERSION}-linux-amd64.tar.gz" | sha256sum -c
+          if [ $? != 0 ]; then
+            echo 'CSVQ hash has changed! The https://github.com/mithrandie/csvq repository might have been compromised.'
+            exit 1
+          else
+            tar -xvzf csvq-${CSVQ_VERSION}-linux-amd64.tar.gz csvq-${CSVQ_VERSION}-linux-amd64/csvq
+            mv csvq-${CSVQ_VERSION}-linux-amd64/csvq .
+            chmod +x csvq
+          fi
+      - name: Generate default-passwords.txt
+        run: |
+          ./csvq -N -f FIXED 'select Password from `Passwords/Default-Credentials/default-passwords.csv`' > Passwords/Default-Credentials/default-passwords.txt
+      - name: Switching from HTTPS to SSH
+        run: git remote set-url origin git@github.com:${{ github.repository }}.git
+      - name: Check for changes
+        run: git status
+      - name: Stage changed files
+        run: git add Passwords/Default-Credentials/default-passwords.txt
+      - name: Configure git email and username
+        run: |
+          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+      - name: Commit changed files
+        run: git commit -m "[Github Action] Updated default-passwords.txt"
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          force: true