syft/.github/workflows/update-bootstrap-tools.yml

name: PR for latest versions of tools
on:
  schedule:
    - cron: "0 8 * * *" # 3 AM EST

  workflow_dispatch:

permissions:
  contents: read

jobs:
  update-bootstrap-tools:
    runs-on: ubuntu-latest
    if: github.repository == 'anchore/syft' # only run for main repo
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
        with:
          persist-credentials: false

      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap
        with:
          bootstrap-apt-packages: ""
          go-dependencies: false

      - name: "Update tool versions"
        id: latest-versions
        run: |
          make update-tools
          make list-tools
          
          export NO_COLOR=1
          delimiter="$(openssl rand -hex 8)"
          
          {
            echo "status<<${delimiter}"
            make list-tool-updates
            echo "${delimiter}"
          } >> $GITHUB_OUTPUT
          
          {
            echo "### Tool version status"
            echo "\`\`\`"
            make list-tool-updates
            echo "\`\`\`"
          } >> $GITHUB_STEP_SUMMARY

      - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1
        id: generate-token
        with:
          app-id: ${{ secrets.TOKEN_APP_ID }}
          private-key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}

      - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 #v8.0.0
        with:
          signoff: true
          delete-branch: true
          branch: auto/latest-tools
          labels: dependencies
          commit-message: 'chore(deps): update tools to latest versions'
          title: 'chore(deps): update tools to latest versions'
          body: |
            ```
            ${{ steps.latest-versions.outputs.status }}
            ```
            This is an auto-generated pull request to update all of the tools to the latest versions.
          token: ${{ steps.generate-token.outputs.token }}