passkey-authenticator-aaguids/.github/workflows/update-from-mds-cron.yml

name: Scheduled Download from MDS

on:
  schedule:
    - cron: '0 12 1 * *' # Update first of the month
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log level'     
        required: true
        default: 'warning'
      tags:
        description: 'Test scenario tags'
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v4
        with:
          python-version: '3.x'
      - name: Install python packages
        run: |
          python -m pip install --upgrade pip
          pip install requests          
      - uses: jannekem/run-python-script-action@v1
        id: script
        with:
          fail-on-error: false
          script: |
            import os
            import requests
            import base64
            import json
            
            # Download MDS blob from FIDO endpoint
            response = requests.get("https://mds.fidoalliance.org/")
            mdstocjwt = response.content.decode('ascii')
            
            # Parse out MDS data from JWT
            jwt_payload = mdstocjwt.split('.')[1].replace('-', '+').replace('_', '/')
            while len(jwt_payload) % 4:
                jwt_payload += "="
            mds_bytes = base64.b64decode(jwt_payload)
            mds_strings = mds_bytes.decode('utf-8')
            mds_data = json.loads(mds_strings)

            # Build commit msg and export to environment variable
            mds_number = mds_data['no']
            mds_next = mds_data['nextUpdate']
            commit_msg=f'COMMIT_MSG=from MDS file version {mds_number}, next update expected {mds_next}.'
            env_file = os.getenv('GITHUB_ENV')
            with open(env_file, "a") as myfile:
              myfile.write(commit_msg)
              
            # Extract FIDO2 statements with non-null aaguid and required properties
            fido2_statements = [
                entry['metadataStatement']
                for entry in mds_data['entries']
                if entry.get('aaguid') is not None
            ]
            
            # Create a dictionary with the desired structure
            result_dict = {}
            for statement in fido2_statements:
                result_dict[statement['aaguid']] = {
                    "name": statement['description'],
                    "icon_light": statement.get('icon', None),
                    "icon_dark": statement.get('icon', None)
                }
            
            # import custom aaguid.json
            with open('aaguid.json', 'r') as aaguid_file:
              aaguid = json.load(aaguid_file)
            
            # Combine custom aaguid.json with data from MDS            
            result = {**result_dict, **aaguid}
            
            # Write combined result to file
            with open('combined_aaguid.json', 'w') as output_file:
              json.dump(result, output_file)            
      - name: Commit files and push
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git add -A
          timestamp=$(date -u -I)
          git commit -m "bot: Updated ${timestamp}, ${{ env.COMMIT_MSG }}" -a || exit 0
          git push