Update syft #228
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update syft | |
"on": | |
schedule: | |
- cron: 0 4 * * 4-5 | |
workflow_dispatch: {} | |
jobs: | |
update: | |
name: Update Package Dependency | |
runs-on: | |
- ubuntu-latest | |
steps: | |
- name: Docker login docker.io | |
if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} | |
uses: docker/login-action@v3 | |
with: | |
password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }} | |
registry: docker.io | |
username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
- name: Install update-package-dependency | |
run: | | |
#!/usr/bin/env bash | |
set -euo pipefail | |
go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency@latest | |
- uses: buildpacks/github-actions/[email protected] | |
with: | |
crane-version: 0.19.1 | |
yj-version: 5.1.0 | |
- uses: actions/checkout@v4 | |
- name: Update Package Dependency | |
id: package | |
run: | | |
#!/usr/bin/env bash | |
set -euo pipefail | |
NEW_VERSION=$(crane ls "${DEPENDENCY}" | grep -v latest | sort -V | tail -n 1) | |
if [[ -e builder.toml ]]; then | |
OLD_VERSION=$(yj -tj < builder.toml | jq -r ".buildpacks[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version") | |
update-package-dependency \ | |
--builder-toml builder.toml \ | |
--id "${DEPENDENCY}" \ | |
--version "${NEW_VERSION}" | |
git add builder.toml | |
fi | |
if [[ -e package.toml ]]; then | |
OLD_VERSION=$(yj -tj < package.toml | jq -r ".dependencies[].uri | capture(\".*${DEPENDENCY}:(?<version>.+)\") | .version") | |
update-package-dependency \ | |
--buildpack-toml buildpack.toml \ | |
--id "${BP_DEPENDENCY:-$DEPENDENCY}" \ | |
--version "${NEW_VERSION}" | |
update-package-dependency \ | |
--package-toml package.toml \ | |
--id "${PKG_DEPENDENCY:-$DEPENDENCY}" \ | |
--version "${NEW_VERSION}" | |
git add buildpack.toml package.toml | |
fi | |
git checkout -- . | |
if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $1}')" ]; then | |
LABEL="semver:major" | |
elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $2}')" ]; then | |
LABEL="semver:minor" | |
else | |
LABEL="semver:patch" | |
fi | |
echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT" | |
echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT" | |
env: | |
BP_DEPENDENCY: docker.io/paketo-buildpacks/syft | |
DEPENDENCY: docker.io/paketobuildpacks/syft | |
- uses: peter-evans/create-pull-request@v6 | |
with: | |
author: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} <${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}@users.noreply.github.com> | |
body: Bumps [`docker.io/paketobuildpacks/syft`](https://docker.io/paketobuildpacks/syft) from [`${{ steps.package.outputs.old-version }}`](https://docker.io/paketobuildpacks/syft:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://docker.io/paketobuildpacks/syft:${{ steps.package.outputs.new-version }}). | |
branch: update/packages | |
commit-message: |- | |
Bump docker.io/paketobuildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} | |
Bumps docker.io/paketobuildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}. | |
delete-branch: true | |
labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade | |
signoff: true | |
title: Bump docker.io/paketobuildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} | |
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }} |