mirror of
https://github.com/aquasecurity/trivy-action.git
synced 2026-05-14 03:02:40 +00:00
dependabot[bot]
1994662b55
* chore(deps): bump the actions group with 5 updates Bumps the actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) | `e6c2c5e321ed9123bda567646e2f96565e34abe1` | `3fb12ec12f41e471780db15c232d5dd185dcb514` | | [actions/cache](https://github.com/actions/cache) | `4.2.4` | `5.0.4` | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [bats-core/bats-action](https://github.com/bats-core/bats-action) | `3.0.1` | `4.0.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.2` | Updates `aquasecurity/setup-trivy` from e6c2c5e321ed9123bda567646e2f96565e34abe1 to 3fb12ec12f41e471780db15c232d5dd185dcb514 - [Release notes](https://github.com/aquasecurity/setup-trivy/releases) - [Commits](https://github.com/aquasecurity/setup-trivy/compare/e6c2c5e321ed9123bda567646e2f96565e34abe1...3fb12ec12f41e471780db15c232d5dd185dcb514) Updates `actions/cache` from 4.2.4 to 5.0.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `bats-core/bats-action` from 3.0.1 to 4.0.0 - [Release notes](https://github.com/bats-core/bats-action/releases) - [Commits](https://github.com/bats-core/bats-action/compare/42fcc8700f773c075a16a90eb11674c0318ad507...77d6fb60505b4d0d1d73e48bd035b55074bbfb43) Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...b1d7e1fb5de872772f31590499237e7cce841e8e) --- updated-dependencies: - dependency-name: aquasecurity/setup-trivy dependency-version: 3fb12ec12f41e471780db15c232d5dd185dcb514 dependency-type: direct:production dependency-group: actions - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: bats-core/bats-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> * style: change setup-trivy version in comment --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
68 lines
2.3 KiB
YAML
68 lines
2.3 KiB
YAML
name: Bump trivy
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
trivy_version:
|
|
required: true
|
|
type: string
|
|
description: 'The Trivy version in x.x.x format'
|
|
|
|
run-name: Bump trivy to v${{ inputs.trivy_version }}
|
|
|
|
jobs:
|
|
bump:
|
|
runs-on: ubuntu-2404-2core
|
|
permissions:
|
|
contents: read # for actions/checkout
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Update Trivy versions
|
|
env:
|
|
NEW_VERSION: ${{ inputs.trivy_version }}
|
|
run: make bump-trivy
|
|
|
|
- name: Setup Bats and bats libs
|
|
id: setup-bats
|
|
uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0
|
|
|
|
- name: Install Trivy
|
|
run: make ensure-trivy TRIVY_INSTALL_DIR=/usr/local/bin
|
|
|
|
- name: Update golden files
|
|
env:
|
|
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
|
|
run: make update-golden
|
|
|
|
- name: Run tests
|
|
env:
|
|
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
|
|
run: make test
|
|
|
|
- name: Create PR
|
|
env:
|
|
GH_TOKEN: ${{ secrets.TRIVY_ACTION_DEPLOY_TOKEN }}
|
|
TRIVY_VERSION: ${{ inputs.trivy_version }}
|
|
REPO: ${{ github.repository }}
|
|
BASE_BRANCH: ${{ github.event.repository.default_branch }}
|
|
run: |
|
|
gh auth setup-git
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
BRANCH="bump-trivy-${TRIVY_VERSION}"
|
|
git checkout -b "${BRANCH}"
|
|
git add action.yaml README.md test/
|
|
git commit -m "chore(deps): Update trivy to v${TRIVY_VERSION}"
|
|
git push origin "${BRANCH}"
|
|
PR_RESPONSE=$(gh api repos/${REPO}/pulls \
|
|
--method POST \
|
|
--field title="chore(deps): Update trivy to v${TRIVY_VERSION}" \
|
|
--field body="This PR was automatically generated by the bump-trivy workflow." \
|
|
--field base="${BASE_BRANCH}" \
|
|
--field head="${BRANCH}")
|
|
echo "Pull Request Number - $(echo "${PR_RESPONSE}" | jq -r '.number')"
|
|
echo "Pull Request URL - $(echo "${PR_RESPONSE}" | jq -r '.html_url')"
|