aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
82f7575aa167bdbce9d43d783a8a1d84cbcc720f
trivy-action/.github/workflows/bump-trivy.yaml
T
Nikita Pivkin 82f7575aa1 chore: comment on deployment steps
2026-04-13 13:51:31 +06:00

68 lines
2.3 KiB
YAML
Raw Blame History

name: Bump trivy
on:
workflow_dispatch:
inputs:
trivy_version:
required: true
type: string
description: 'The Trivy version in x.x.x format'
run-name: Bump trivy to v${{ inputs.trivy_version }}
jobs:
bump:
runs-on: ubuntu-2404-2core
permissions:
contents: read # for actions/checkout
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
persist-credentials: false
- name: Update Trivy versions
env:
NEW_VERSION: ${{ inputs.trivy_version }}
run: make bump-trivy
- name: Setup Bats and bats libs
id: setup-bats
uses: bats-core/bats-action@42fcc8700f773c075a16a90eb11674c0318ad507 # 3.0.1
- name: Install Trivy
run: make ensure-trivy TRIVY_INSTALL_DIR=/usr/local/bin
- name: Update golden files
env:
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
run: make update-golden
- name: Run tests
env:
BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
run: make test
# - name: Create PR
# env:
# GH_TOKEN: ${{ secrets.TRIVY_ACTION_DEPLOY_TOKEN }}
# TRIVY_VERSION: ${{ inputs.trivy_version }}
# REPO: ${{ github.repository }}
# BASE_BRANCH: ${{ github.event.repository.default_branch }}
# run: |
# gh auth setup-git
# git config user.name "github-actions[bot]"
# git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
# BRANCH="bump-trivy-${TRIVY_VERSION}"
# git checkout -b "${BRANCH}"
# git add action.yaml README.md test/
# git commit -m "chore(deps): Update trivy to v${TRIVY_VERSION}"
# git push origin "${BRANCH}"
# PR_RESPONSE=$(gh api repos/${REPO}/pulls \
# --method POST \
# --field title="chore(deps): Update trivy to v${TRIVY_VERSION}" \
# --field body="This PR was automatically generated by the bump-trivy workflow." \
# --field base="${BASE_BRANCH}" \
# --field head="${BRANCH}")
# echo "Pull Request Number - $(echo "${PR_RESPONSE}" | jq -r '.number')"
# echo "Pull Request URL - $(echo "${PR_RESPONSE}" | jq -r '.html_url')"
Reference in New Issue View Git Blame Copy Permalink