Generate OFAC sanctioned digital currency addresses lists each night at 2 UTC

Generate OFAC sanctioned digital currency addresses lists each night at 2 UTC #1000

Workflow file for this run

.github/workflows/generate-lists.yml at 11b432c

	# This workflow will generate and update the lists in the 'lists' branch each night at 0 UTC

	name: Generate OFAC sanctioned digital currency addresses lists each night at 2 UTC

	on:
	schedule:
	- cron: '0 2 * * *'
	workflow_dispatch:

	jobs:
	generate-lists:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	id-token: write
	environment: production
	outputs:
	s3_results: ${{ steps.update-s3.outputs.s3_results }}
	steps:
	- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	with:
	persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
	fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
	- name: Set up Python 3.11
	uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
	with:
	python-version: 3.11
	- name: Install dependencies
	run: \|
	sudo apt-get update
	sudo apt-get install -y wget gnupg
	wget -q -O - https://dl.google.com/linux/linux_signing_key.pub \| sudo apt-key add -
	sudo sh -c 'echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
	sudo apt-get update
	sudo apt-get install -y google-chrome-stable chromium-chromedriver
	pip install selenium webdriver-manager boto3
	- name: Download the sdn_advanced.xml file
	run: \|
	wget --tries=5 --wait=60 --retry-on-http-error=403 https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml
	- name: Generate TXT and JSON files for all assets
	run: \|
	mkdir data
	python3 generate-address-list.py -f JSON TXT -path ./data
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	aws-region: us-west-2
	role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
	mask-aws-account-id: true
	- name: Update S3 objects
	id: update-s3
	env:
	GITHUB_ACTOR: ${{github.actor}}
	run: \|
	S3_RESULTS=$(python3 update_s3_objects.py -d data -b ${{ secrets.S3_BUCKET }} \| grep "::set-output name=s3_results::" \| sed 's/::set-output name=s3_results:://') # Run the script and collect the results, logged with a specific format.
	echo "s3_results=$S3_RESULTS" >> $GITHUB_OUTPUT
	- name: Commit files
	run: \|
	git config --local user.email "45324+github-actions[bot]@users.noreply.github.com"
	git config --local user.name "github-actions[bot]"
	git checkout lists
	mv data/* .
	git status
	ls
	# If the sanctioned addresses have been updated, or if there is no checksum
	# or XML bzip file, bzip the file and check it into git along with the checksum.
	if git status sanctioned_addresses_* --porcelain \| grep -q '^ M' \|\| \
	[ ! -f sdn_advanced_checksum.txt ] \|\| \
	[ ! -f sdn_advanced.xml.bz2 ]; then
	bzip2 -9f sdn_advanced.xml # Force overwrite if the file exists
	git add sdn_advanced_checksum.txt
	git add sdn_advanced.xml.bz2
	fi
	git add sanctioned_addresses_* -f
	git status
	git commit -m "Automatically updated lists: $(date)" \|\| true
	- name: Push changes
	uses: ad-m/github-push-action@9a2e3c14aaecf56d5816dc3a54514f82050820b2 # master
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	branch: lists

	success-notification:
	runs-on: ubuntu-latest
	needs: generate-lists
	if: success()
	steps:
	- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	with:
	ref: lists
	fetch-depth: 0
	- name: Get commit details
	id: get-commit-details
	env:
	S3_RESULTS: ${{ needs.generate-lists.outputs.s3_results }}
	run: \|
	# Parse Python S3 results if available
	S3_DETAILS=""
	if [ -n "$S3_RESULTS" ]; then
	S3_DETAILS="\n\nS3 Update Results:\n$(echo $S3_RESULTS \| jq -r '.details')"
	fi

	echo "SLACK_MESSAGE=The OFAC sanctioned digital currency addresses list generation job completed successfully.$S3_DETAILS" >> $GITHUB_OUTPUT
	- name: Notify Slack of success
	uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2
	with:
	status: custom
	custom_payload: \|
	{
	"channel": "#compliance-bot",
	"username": "compliance-bot",
	"blocks": [
	{
	"type": "header",
	"text": {
	"type": "plain_text",
	"text": ":white_check_mark: OFAC Sanctions List Update",
	"emoji": true
	}
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "Status: Successful\nRepository: <https://github.com/${{ github.repository }}\\\|${{ github.repository }}>"
	}
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "Details:\n${{ steps.get-commit-details.outputs.SLACK_MESSAGE }}"
	}
	},
	{
	"type": "divider"
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "Workflow Run: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\\\|View Details>\nCommit: <https://github.com/${{ github.repository }}/commit/${{ github.sha }}\\\|${{ github.sha }}>"
	}
	},
	{
	"type": "context",
	"elements": [
	{
	"type": "mrkdwn",
	"text": "Triggered by: ${{ github.actor }} • Workflow: ${{ github.workflow }}"
	}
	]
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	failure-notification:
	runs-on: ubuntu-latest
	needs: generate-lists
	if: failure()
	steps:
	- name: Notify Slack of failure
	uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2
	with:
	status: custom
	custom_payload: \|
	{
	"channel": "#compliance-bot",
	"username": "compliance-bot",
	"text": ":x: OFAC Sanctions List Update Failed",
	"blocks": [
	{
	"type": "header",
	"text": {
	"type": "plain_text",
	"text": ":x: OFAC Sanctions List Update Failed",
	"emoji": true
	}
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "Status: Failed\nRepository: <https://github.com/${{ github.repository }}\\\|${{ github.repository }}>"
	}
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "Error Details:\nThe OFAC sanctioned digital currency addresses list generation job has failed. Please check the workflow logs for detailed error information."
	}
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": "${{ needs.generate-lists.outputs.s3_results != '' && format('S3 Update Results:\n{0}', fromJSON(needs.generate-lists.outputs.s3_results).details) \|\| 'S3 Update: Did not complete' }}"
	}
	},
	{
	"type": "divider"
	},
	{
	"type": "section",
	"fields": [
	{
	"type": "mrkdwn",
	"text": "Workflow:\n${{ github.workflow }}"
	},
	{
	"type": "mrkdwn",
	"text": "Job:\ngenerate-lists"
	}
	]
	},
	{
	"type": "section",
	"text": {
	"type": "mrkdwn",
	"text": ":mag: Troubleshooting:\n• <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\\\|View Workflow Run>\n• <https://github.com/${{ github.repository }}/commit/${{ github.sha }}\\\|View Commit ${{ github.sha }}>"
	}
	},
	{
	"type": "context",
	"elements": [
	{
	"type": "mrkdwn",
	"text": "Triggered by: ${{ github.actor }} • Branch: ${{ github.ref_name }}"
	}
	]
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Generate OFAC sanctioned digital currency addresses lists each night at 2 UTC #1000

Workflow file

Generate OFAC sanctioned digital currency addresses lists each night at 2 UTC #1000

Uh oh!

Jobs

Run details

Workflow file for this run