Update syft #246

Workflow file for this run

.github/workflows/pb-update-syft.yml at 8d211b7

	name: Update syft
	"on":
	schedule:
	- cron: 0 4 * * 4-5
	workflow_dispatch: {}
	jobs:
	update:
	name: Update Package Dependency
	runs-on:
	- ubuntu-latest
	steps:
	- name: Docker login docker.io
	if: ${{ (github.event_name != 'pull_request' \|\| ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }}
	uses: docker/login-action@v3
	with:
	password: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_PASSWORD }}
	registry: docker.io
	username: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}
	- uses: actions/setup-go@v5
	with:
	go-version: "1.23"
	- name: Install update-package-dependency
	run: \|
	#!/usr/bin/env bash

	set -euo pipefail

	go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency@latest
	- uses: buildpacks/github-actions/setup-tools@v5.7.2
	with:
	crane-version: 0.19.1
	yj-version: 5.1.0
	- uses: actions/checkout@v4
	- name: Update Package Dependency
	id: package
	run: \|
	#!/usr/bin/env bash

	set -euo pipefail

	NEW_VERSION=$(crane ls "${DEPENDENCY}" \| grep -v latest \| sort -V \| tail -n 1)

	if [[ -e builder.toml ]]; then
	OLD_VERSION=$(yj -tj < builder.toml \| jq -r ".buildpacks[].uri \| capture(\".*${DEPENDENCY}:(?<version>.+)\") \| .version")

	update-package-dependency \
	--builder-toml builder.toml \
	--id "${DEPENDENCY}" \
	--version "${NEW_VERSION}"

	git add builder.toml
	fi

	if [[ -e package.toml ]]; then
	OLD_VERSION=$(yj -tj < package.toml \| jq -r ".dependencies[].uri \| capture(\".*${DEPENDENCY}:(?<version>.+)\") \| .version")

	update-package-dependency \
	--buildpack-toml buildpack.toml \
	--id "${BP_DEPENDENCY:-$DEPENDENCY}" \
	--version "${NEW_VERSION}"

	update-package-dependency \
	--package-toml package.toml \
	--id "${PKG_DEPENDENCY:-$DEPENDENCY}" \
	--version "${NEW_VERSION}"

	git add buildpack.toml package.toml
	fi

	git checkout -- .

	if [ "$(echo "$OLD_VERSION" \| awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" \| awk -F '.' '{print $1}')" ]; then
	LABEL="semver:major"
	elif [ "$(echo "$OLD_VERSION" \| awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" \| awk -F '.' '{print $2}')" ]; then
	LABEL="semver:minor"
	else
	LABEL="semver:patch"
	fi

	echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT"
	echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
	echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT"
	env:
	BP_DEPENDENCY: docker.io/paketo-buildpacks/syft
	DEPENDENCY: docker.io/paketobuildpacks/syft
	- uses: peter-evans/create-pull-request@v6
	with:
	author: ${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }} <${{ secrets.PAKETO_BUILDPACKS_DOCKERHUB_USERNAME }}@users.noreply.github.com>
	body: Bumps [`docker.io/paketobuildpacks/syft`](https://docker.io/paketobuildpacks/syft) from [`${{ steps.package.outputs.old-version }}`](https://docker.io/paketobuildpacks/syft:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://docker.io/paketobuildpacks/syft:${{ steps.package.outputs.new-version }}).
	branch: update/package/syft
	commit-message: \|-
	Bump docker.io/paketobuildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}

	Bumps docker.io/paketobuildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}.
	delete-branch: true
	labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade
	signoff: true
	title: Bump docker.io/paketobuildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}
	token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update syft #246

Workflow file

Update syft #246

Jobs

Run details

Workflow file for this run