name: Bump trivy on: workflow_dispatch: inputs: trivy_version: required: true type: string description: 'The Trivy version in x.x.x format' run-name: Bump trivy to v${{ inputs.trivy_version }} jobs: bump: runs-on: ubuntu-latest permissions: contents: read steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: persist-credentials: false - name: Update Trivy versions env: NEW_VERSION: ${{ inputs.trivy_version }} run: make bump-trivy - name: Setup Bats and bats libs id: setup-bats uses: bats-core/bats-action@42fcc8700f773c075a16a90eb11674c0318ad507 # 3.0.1 - name: Install Trivy env: TRIVY_VERSION: ${{ inputs.trivy_version }} run: | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin "v${TRIVY_VERSION}" trivy --version - name: Update golden files env: BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }} run: make update-golden - name: Run tests env: BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }} run: make test - name: Create PR id: create-pr uses: peter-evans/create-pull-request@4e1beaa7521e8b457b572c090b25bd3db56bf1c5 # v5 with: token: ${{ secrets.ORG_REPO_TOKEN }} title: "chore(deps): Update trivy to v${{ inputs.trivy_version }}" commit-message: "chore(deps): Update trivy to v${{ inputs.trivy_version }}" committer: github-actions[bot] author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> branch-suffix: timestamp branch: bump-trivy delete-branch: true - name: Check outputs env: PR_NUMBER: ${{ steps.create-pr.outputs.pull-request-number }} PR_URL: ${{ steps.create-pr.outputs.pull-request-url }} run: | echo "Pull Request Number - ${PR_NUMBER}" echo "Pull Request URL - ${PR_URL}"