From 8831bb20b3ec936ed4672faf94f93efba36a66ee Mon Sep 17 00:00:00 2001 From: paketo-bot Date: Fri, 26 Nov 2021 05:10:25 +0000 Subject: [PATCH] Bump pipeline from 1.15.1 to 1.15.1 Bumps pipeline from 1.15.1 to 1.15.1. Signed-off-by: GitHub --- .github/workflows/update-syft.yml | 134 ++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 .github/workflows/update-syft.yml diff --git a/.github/workflows/update-syft.yml b/.github/workflows/update-syft.yml new file mode 100644 index 00000000..2c0f3d37 --- /dev/null +++ b/.github/workflows/update-syft.yml @@ -0,0 +1,134 @@ +name: Update syft +"on": + schedule: + - cron: 0 12-23 * * 1-5 + workflow_dispatch: {} +jobs: + update: + name: Update Package Dependency + runs-on: + - ubuntu-latest + steps: + - name: Docker login gcr.io + if: ${{ (github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork) && (github.actor != 'dependabot[bot]') }} + uses: docker/login-action@v1 + with: + password: ${{ secrets.JAVA_GCLOUD_SERVICE_ACCOUNT_KEY }} + registry: gcr.io + username: _json_key + - uses: actions/setup-go@v2 + with: + go-version: "1.16" + - name: Install update-package-dependency + run: | + #!/usr/bin/env bash + + set -euo pipefail + + GO111MODULE=on go get -u -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-package-dependency + - name: Install crane + run: | + #!/usr/bin/env bash + + set -euo pipefail + + echo "Installing crane ${CRANE_VERSION}" + + mkdir -p "${HOME}"/bin + echo "${HOME}/bin" >> "${GITHUB_PATH}" + + curl \ + --show-error \ + --silent \ + --location \ + "https://github.com/google/go-containerregistry/releases/download/v${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \ + | tar -C "${HOME}/bin" -xz crane + env: + CRANE_VERSION: 0.6.0 + - name: Install yj + run: | + #!/usr/bin/env bash + + set -euo pipefail + + echo "Installing yj ${YJ_VERSION}" + + mkdir -p "${HOME}"/bin + echo "${HOME}/bin" >> "${GITHUB_PATH}" + + curl \ + --location \ + --show-error \ + --silent \ + --output "${HOME}"/bin/yj \ + "https://github.com/sclevine/yj/releases/download/v${YJ_VERSION}/yj-linux" + + chmod +x "${HOME}"/bin/yj + env: + YJ_VERSION: 5.0.0 + - uses: actions/checkout@v2 + - name: Update Package Dependency + id: package + run: | + #!/usr/bin/env bash + + set -euo pipefail + + NEW_VERSION=$(crane ls "${DEPENDENCY}" | grep -v latest | sort -V | tail -n 1) + + if [[ -e builder.toml ]]; then + OLD_VERSION=$(yj -tj < builder.toml | jq -r ".buildpacks[].uri | capture(\".*${DEPENDENCY}:(?.+)\") | .version") + + update-package-dependency \ + --builder-toml builder.toml \ + --id "${DEPENDENCY}" \ + --version "${NEW_VERSION}" + + git add builder.toml + fi + + if [[ -e package.toml ]]; then + OLD_VERSION=$(yj -tj < package.toml | jq -r ".dependencies[].uri | capture(\".*${DEPENDENCY}:(?.+)\") | .version") + + update-package-dependency \ + --buildpack-toml buildpack.toml \ + --id "${BP_DEPENDENCY:-$DEPENDENCY}" \ + --version "${NEW_VERSION}" + + update-package-dependency \ + --package-toml package.toml \ + --id "${PKG_DEPENDENCY:-$DEPENDENCY}" \ + --version "${NEW_VERSION}" + + git add buildpack.toml package.toml + fi + + git checkout -- . + + if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $1}')" ]; then + LABEL="semver:major" + elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$NEW_VERSION" | awk -F '.' '{print $2}')" ]; then + LABEL="semver:minor" + else + LABEL="semver:patch" + fi + + echo "::set-output name=old-version::${OLD_VERSION}" + echo "::set-output name=new-version::${NEW_VERSION}" + echo "::set-output name=version-label::${LABEL}" + env: + DEPENDENCY: gcr.io/paketo-buildpacks/syft + - uses: peter-evans/create-pull-request@v3 + with: + author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com> + body: Bumps [`gcr.io/paketo-buildpacks/syft`](https://gcr.io/paketo-buildpacks/syft) from [`${{ steps.package.outputs.old-version }}`](https://gcr.io/paketo-buildpacks/syft:${{ steps.package.outputs.old-version }}) to [`${{ steps.package.outputs.new-version }}`](https://gcr.io/paketo-buildpacks/syft:${{ steps.package.outputs.new-version }}). + branch: update/package/syft + commit-message: |- + Bump gcr.io/paketo-buildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} + + Bumps gcr.io/paketo-buildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }}. + delete-branch: true + labels: ${{ steps.package.outputs.version-label }}, type:dependency-upgrade + signoff: true + title: Bump gcr.io/paketo-buildpacks/syft from ${{ steps.package.outputs.old-version }} to ${{ steps.package.outputs.new-version }} + token: ${{ secrets.JAVA_GITHUB_TOKEN }}