diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml index 337231539f6..75404f47b43 100644 --- a/.github/actions/bootstrap/action.yaml +++ b/.github/actions/bootstrap/action.yaml @@ -21,6 +21,9 @@ inputs: description: "Compute test fixture fingerprints" required: true default: "true" + tools: + description: "whether to install tools" + default: "true" bootstrap-apt-packages: description: "Space delimited list of tools to install via apt" default: "libxml2-utils" @@ -41,11 +44,13 @@ runs: - name: Restore tool cache id: tool-cache uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + if: inputs.tools == 'true' with: path: ${{ github.workspace }}/.tool key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-tool-${{ hashFiles('.binny.yaml') }} - name: Install project tools + if: inputs.tools == 'true' shell: bash run: make tools diff --git a/.github/workflows/update-anchore-dependencies.yml b/.github/workflows/update-anchore-dependencies.yml new file mode 100644 index 00000000000..bf0a90939a4 --- /dev/null +++ b/.github/workflows/update-anchore-dependencies.yml @@ -0,0 +1,49 @@ +name: PR to update Anchore dependencies +on: + workflow_dispatch: + inputs: + repos: + description: "List of dependencies to update" + required: true + type: string + +permissions: + contents: read + +jobs: + update: + runs-on: ubuntu-latest + if: github.repository_owner == 'anchore' # only run for main repo (not forks) + steps: + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1 + + - name: Bootstrap environment + uses: ./.github/actions/bootstrap + with: + tools: false + bootstrap-apt-packages: "" + + - name: Update dependencies + id: update + uses: anchore/workflows/.github/actions/update-go-dependencies@main + with: + repos: ${{ github.event.inputs.repos }} + + - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0 + id: generate-token + with: + app_id: ${{ secrets.TOKEN_APP_ID }} + private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} + + - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f #v7.0.5 + with: + signoff: true + delete-branch: true + draft: ${{ steps.update.outputs.draft }} + # do not change this branch, as other workflows depend on it + branch: auto/integration + labels: dependencies,pre-release + commit-message: "chore(deps): update anchore dependencies" + title: "chore(deps): update anchore dependencies" + body: ${{ steps.update.outputs.summary }} + token: ${{ steps.generate-token.outputs.token }} diff --git a/.github/workflows/update-syft-release.yml b/.github/workflows/update-syft-release.yml deleted file mode 100644 index 6d2d2b41aec..00000000000 --- a/.github/workflows/update-syft-release.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: PR for latest Syft release -on: - schedule: - - cron: "0 8 * * *" # 3 AM EST - - workflow_dispatch: - -env: - GO_VERSION: "1.21.x" - GO_STABLE_VERSION: true - -permissions: - contents: read - -jobs: - upgrade-syft: - runs-on: ubuntu-latest - if: github.repository == 'anchore/grype' # only run for main repo - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 - with: - go-version: ${{ env.GO_VERSION }} - stable: ${{ env.GO_STABLE_VERSION }} - - - name: Get latest Syft version - id: latest-version - env: - GITHUB_TOKEN: ${{ github.token }} - run: | - LATEST_VERSION=$(gh release view --json name -q '.name' -R anchore/syft) - - # update go.mod - go get github.com/anchore/syft@$LATEST_VERSION - go mod tidy - - # export the version for use with create-pull-request - echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_OUTPUT - - - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - id: generate-token - with: - app_id: ${{ secrets.TOKEN_APP_ID }} - private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} - - - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 - with: - signoff: true - delete-branch: true - branch: auto/latest-syft - labels: dependencies - commit-message: "chore(deps): update Syft to ${{ steps.latest-version.outputs.LATEST_VERSION }}" - title: "chore(deps): update Syft to ${{ steps.latest-version.outputs.LATEST_VERSION }}" - body: | - Update Syft to ${{ steps.latest-version.outputs.LATEST_VERSION }} - token: ${{ steps.generate-token.outputs.token }}