Skip to content

Update OFAC list

Update OFAC list #422

Workflow file for this run

name: Update OFAC list
on:
workflow_dispatch:
schedule:
# Daily at 9AM
- cron: "0 9 * * *"
jobs:
update_ofac_list:
runs-on: ubuntu-latest
outputs:
GIT_EXIT_CODE: ${{ steps.diff_flag.outputs.GIT_EXIT_CODE }}
NEW_COMMIT_HASH: ${{ steps.commit.outputs.commit_hash }}
permissions:
id-token: write
steps:
- name: Get GitHub Token from Akeyless
id: get_github_token
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
dynamic-secrets: '{"/dynamic-secrets/keys/github/compliance/contents=write,pull_requests=write":"PAT"}'
- uses: actions/checkout@v4
with:
token: ${{ env.PAT }}
- uses: actions/setup-node@v4
with:
node-version: "18.x"
- run: npm install
- name: Check if new addresses were added via the OFAC rss feed
run: npm run update_ofac_list
- name: Sets a flag if the list was changed
id: diff_flag
run: |
RESULT=$(git diff --name-only ofac.sanctions.json)
[[ "$RESULT" = "" ]] && GIT_EXIT_CODE=0 || GIT_EXIT_CODE=1
echo "GIT_EXIT_CODE=$GIT_EXIT_CODE" >> $GITHUB_OUTPUT >> $GITHUB_OUTPUT
- uses: stefanzweifel/git-auto-commit-action@v5
id: commit
with:
commit_message: "auto: Add new OFAC addresses"
publish-npm-package:
needs: update_ofac_list
if: ${{ needs.update_ofac_list.outputs.GIT_EXIT_CODE == 1 }}
uses: celo-org/compliance/.github/workflows/publish.yml@main
with:
commit_hash: ${{ needs.update_ofac_list.outputs.NEW_COMMIT_HASH }}