Update sec-scanners-config.yaml #1371

Workflow file for this run

.github/workflows/update-sec-scanner.yaml at 647ffa8

	name: Update sec-scanners-config.yaml
	on:
	schedule:
	- cron: '21 * * * *'
	permissions:
	contents: write
	pull-requests: write
	jobs:
	update-sec-scanners:
	name: update sec-scanners-config.yaml
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- shell: bash
	name: get latest tag
	env:
	IMAGE_TAG_REGEXP: v[0-9]{8}-[a-f0-9]{6,9}
	run: \|
	# grab latest tag from sorted list of tags for given TAG_REGEXP
	IMAGE_TAG=$(skopeo list-tags docker://europe-docker.pkg.dev/kyma-project/prod/istio-manager \| jq -r ".Tags[] \| select(.\| test(\"$IMAGE_TAG_REGEXP\"))" \| sort \| tail -1)
	if [[ -z $IMAGE_TAG ]]; then
	echo Fetched image tag is empty, most likely your IMAGE_TAG_REGEXP is incorrect
	exit 1
	fi
	echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"
	- shell: bash
	name: Schedule security-config update
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	git config user.name "github-actions[bot]"
	git config user.email "41898282+github-actions[bot]@users.noreply.github.com"

	git fetch origin
	git checkout -f autobump/sec-scanners-config
	git reset --hard origin/main
	sed -i "s/europe-docker\.pkg\.dev\/kyma-project\/prod\/istio-manager\:.*/europe-docker\.pkg\.dev\/kyma-project\/prod\/istio-manager\:$IMAGE_TAG/" sec-scanners-config.yaml
	git add .
	if git diff-index --quiet HEAD; then
	echo "No changes detected - no action required"
	exit 0
	fi
	git commit -m "chore: automatic update sec-scanners-config.yaml" -m "Generated by GitHub Actions"
	git push -f -u origin autobump/sec-scanners-config
	gh pr create --base main --head autobump/sec-scanners-config --fill \|\| true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update sec-scanners-config.yaml #1371

Workflow file

Update sec-scanners-config.yaml #1371

Jobs

Run details

Workflow file for this run