Add GitHub action that checks the latest release for vulnerabilities and reports them in an issue #163
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # This workflow updates the Tekton version insight Shipwright Build to the latest LTS. | |
| # As part of that it uses a Personal Access Token that is stored as secret in shipwrigh-io/build | |
| # using the name SHIPWRIGHT_BUILD_WRITE_WORKFLOWS. The token expires every 90 days. Instructions | |
| # to renew it can be found in the "HOW TO update SHIPWRIGHT_BUILD_WRITE_WORKFLOWS" note in the | |
| # 1Password store that Shipwright Administrators have access to. | |
| name: Update Tekton version | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| issue_comment: | |
| types: [created, edited] | |
| jobs: | |
| check-new-versions: | |
| if: contains(github.event.comment.body, '/rebase') || github.event_name == 'schedule' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.SHIPWRIGHT_BUILD_WRITE_WORKFLOWS }} | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22.x' | |
| cache: true | |
| check-latest: true | |
| - name: Update Tekton version | |
| id: update-tekton | |
| run: ./.github/bump-tekton-lts.sh --output "${GITHUB_OUTPUT}" | |
| - name: Create pull request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ secrets.SHIPWRIGHT_BUILD_WRITE_WORKFLOWS }} | |
| commit-message: Bump Tekton Pipeline from ${{ steps.update-tekton.outputs.OLD_VERSION }} to ${{ steps.update-tekton.outputs.NEW_VERSION }} | |
| title: Bump Tekton Pipeline from ${{ steps.update-tekton.outputs.OLD_VERSION }} to ${{ steps.update-tekton.outputs.NEW_VERSION }} | |
| body: | | |
| # Changes | |
| Bumps Tekton Pipeline from ${{ steps.update-tekton.outputs.OLD_VERSION }} to ${{ steps.update-tekton.outputs.NEW_VERSION }} | |
| You can trigger a rebase manually by commenting `/rebase` and resolve any conflicts with this PR. | |
| # Submitter Checklist | |
| - [ ] Includes tests if functionality changed/was added | |
| - [ ] Includes docs if changes are user-facing | |
| - [x] [Set a kind label on this PR](https://prow.k8s.io/command-help#kind) | |
| - [x] Release notes block has been filled in, or marked NONE | |
| # Release Notes | |
| ```release-note | |
| Update the the new latest Tekton LTS release ${{ steps.update-tekton.outputs.NEW_VERSION }} | |
| ``` | |
| labels: kind/dependency-change | |
| branch: bump-tekton-pipeline | |
| delete-branch: true |