trivy-action/.github/workflows/bump-trivy.yaml

name: Bump trivy

on:
  workflow_dispatch:
    inputs:
      trivy_version:
        required: true
        type: string
        description: 'The Trivy version in x.x.x format'

run-name: Bump trivy to v${{ inputs.trivy_version }}

jobs:
  bump:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Update Trivy versions
        env:
          NEW_VERSION: ${{ inputs.trivy_version }}
        run: make bump-trivy

      - name: Setup Bats and bats libs
        id: setup-bats
        uses: bats-core/bats-action@3.0.1

      - name: Install Trivy
        run: |
          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v${{ inputs.trivy_version }}
          trivy --version

      - name: Update golden files
        env:
          BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
        run: make update-golden

      - name: Run tests
        env:
          BATS_LIB_PATH: ${{ steps.setup-bats.outputs.lib-path }}
        run: make test

      - name: Create PR
        id: create-pr
        uses: peter-evans/create-pull-request@v5
        with:
          token: ${{ secrets.ORG_REPO_TOKEN }}
          title: "chore(deps): Update trivy to v${{ inputs.trivy_version }}"
          commit-message: "chore(deps): Update trivy to v${{ inputs.trivy_version }}"
          committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
          branch-suffix: timestamp
          branch: bump-trivy
          delete-branch: true

      - name: Check outputs
        run: |
          echo "Pull Request Number - ${{ steps.create-pr.outputs.pull-request-number }}"
          echo "Pull Request URL - ${{ steps.create-pr.outputs.pull-request-url }}"