Skip to content

Update Syft CLI

Update Syft CLI #587

name: Update Syft CLI
"on":
schedule:
- cron: 0 5 * * 1-5
workflow_dispatch: {}
jobs:
update:
name: Update Buildpack Dependency
runs-on:
- ubuntu-latest
steps:
- uses: actions/setup-go@v5
with:
go-version: "1.23"
- name: Install update-buildpack-dependency
run: |
#!/usr/bin/env bash
set -euo pipefail
go install -ldflags="-s -w" github.com/paketo-buildpacks/libpak/cmd/update-buildpack-dependency@latest
- uses: buildpacks/github-actions/[email protected]
with:
crane-version: 0.19.1
yj-version: 5.1.0
- uses: actions/checkout@v4
- id: dependency
uses: docker://ghcr.io/paketo-buildpacks/actions/github-release-dependency:main
with:
glob: syft_.+_linux_amd64.tar.gz
owner: anchore
repository: syft
tag_filter: v(1.*)
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}
- name: Update Buildpack Dependency
id: buildpack
run: |
#!/usr/bin/env bash
set -euo pipefail
VERSION_DEPS=$(yj -tj < buildpack.toml | jq -r ".metadata.dependencies[] | select( .id == env.ID ) | select( .version | test( env.VERSION_PATTERN ) )")
ARCH=${ARCH:-amd64}
OLD_VERSION=$(echo "$VERSION_DEPS" | jq -r 'select( .purl | contains( env.ARCH ) ) | .version')
if [ -z "$OLD_VERSION" ]; then
ARCH="" # empty means noarch
OLD_VERSION=$(echo "$VERSION_DEPS" | jq -r ".version")
fi
update-buildpack-dependency \
--buildpack-toml buildpack.toml \
--id "${ID}" \
--arch "${ARCH}" \
--version-pattern "${VERSION_PATTERN}" \
--version "${VERSION}" \
--cpe-pattern "${CPE_PATTERN:-}" \
--cpe "${CPE:-}" \
--purl-pattern "${PURL_PATTERN:-}" \
--purl "${PURL:-}" \
--uri "${URI}" \
--sha256 "${SHA256}" \
--source "${SOURCE_URI}" \
--source-sha256 "${SOURCE_SHA256}"
git add buildpack.toml
git checkout -- .
if [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $1}')" != "$(echo "$VERSION" | awk -F '.' '{print $1}')" ]; then
LABEL="semver:major"
elif [ "$(echo "$OLD_VERSION" | awk -F '.' '{print $2}')" != "$(echo "$VERSION" | awk -F '.' '{print $2}')" ]; then
LABEL="semver:minor"
else
LABEL="semver:patch"
fi
echo "old-version=${OLD_VERSION}" >> "$GITHUB_OUTPUT"
echo "new-version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "version-label=${LABEL}" >> "$GITHUB_OUTPUT"
env:
ARCH: ""
CPE: ${{ steps.dependency.outputs.cpe }}
CPE_PATTERN: ""
ID: syft
PURL: ${{ steps.dependency.outputs.purl }}
PURL_PATTERN: ""
SHA256: ${{ steps.dependency.outputs.sha256 }}
SOURCE_SHA256: ${{ steps.dependency.outputs.source_sha256 }}
SOURCE_URI: ${{ steps.dependency.outputs.source }}
URI: ${{ steps.dependency.outputs.uri }}
VERSION: ${{ steps.dependency.outputs.version }}
VERSION_PATTERN: '[\d]+\.[\d]+\.[\d]+'
- uses: peter-evans/create-pull-request@v6
with:
author: ${{ secrets.JAVA_GITHUB_USERNAME }} <${{ secrets.JAVA_GITHUB_USERNAME }}@users.noreply.github.com>
body: Bumps `Syft CLI` from `${{ steps.buildpack.outputs.old-version }}` to `${{ steps.buildpack.outputs.new-version }}`.
branch: update/buildpack/syft-cli
commit-message: |-
Bump Syft CLI from ${{ steps.buildpack.outputs.old-version }} to ${{ steps.buildpack.outputs.new-version }}
Bumps Syft CLI from ${{ steps.buildpack.outputs.old-version }} to ${{ steps.buildpack.outputs.new-version }}.
delete-branch: true
labels: ${{ steps.buildpack.outputs.version-label }}, type:dependency-upgrade
signoff: true
title: Bump Syft CLI from ${{ steps.buildpack.outputs.old-version }} to ${{ steps.buildpack.outputs.new-version }}
token: ${{ secrets.PAKETO_BOT_GITHUB_TOKEN }}