Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Phishing Detection Embedded Data Update Workflow #3403

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add Phishing Detection Embedded Data Update Workflow #3403

wants to merge 5 commits into from
+111 −761,041

Conversation

not-a-rootkit
Copy link
Collaborator

@not-a-rootkit not-a-rootkit commented Oct 16, 2024
edited
Loading

Task/Issue URL: https://app.asana.com/0/72649045549333/1208270234071172/f
Tech Design URL: https://app.asana.com/0/481882893211075/1207483114414814
CC:

Description:
In ✓ Tech Design: Phishing Protection Data Updates we defined an approach to get embedded data for phishing protection into the app builds. This pattern was implemented, but two small components still need merging:

  • The update script:
    • A small bash script that pulls data from the API into the repo in JSON format, and updates the checksums + revision values in PhishingDetection.swift .
    • This has already been implemented, it just needs testing and merging:
  • A GitHub Action workflow that executes this script once a week and creates a PR that merges this data into the new release build.
    • Example Script
    • The secrets and workflow have already been defined, it just needs to be tested, reviewed, and merged.

Note
After testing, but before merging, I'd like to update the GH action to run on a schedule once per week using cron:

on:
  schedule:
    - cron: '0 0 * * 0'  # Midnight UTC every Sunday

This way it can be reviewed just once per week by whoever is on maintenance that week as part of the weekly maintenance rota.

Steps to test this PR:

  1. Test the script locally: bash scripts/update_phishing_data.sh
  2. Ensure the script runs, check changes in git:
  3. DuckDuckGo/PhishingDetection/PhishingDetection.swift - sha256 and version values updated correctly
  4. DuckDuckGo/PhishingDetection/filterSet.json - not empty
  5. DuckDuckGo/PhishingDetection/hashPrefixes.json - not empty
  6. Check the GH action has executed and created a PR with name like Update phishing protection datasets to 1681795:
  7. Update phishing protection datasets to 1681795 #3404

Definition of Done:

Internal references:

Pull Request Review Checklist
Software Engineering Expectations
Technical Design Template
Pull Request Documentation

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 16, 2024
edited
Loading

Warnings
⚠️ PR has more than 500 lines of code changing. Consider splitting into smaller PRs if possible.

Generated by 🚫 dangerJS against d6d4fed

@not-a-rootkit not-a-rootkit changed the title Tespach/phishing detection embedded data Add Phishing Detection Embedded Data Update Workflow Oct 16, 2024
@not-a-rootkit not-a-rootkit marked this pull request as ready for review October 18, 2024 09:38
@ayoy ayoy self-requested a review October 18, 2024 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayoy ayoy Awaiting requested review from ayoy

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@not-a-rootkit