Update Trivy Plugin Version #34

Workflow file for this run

.github/workflows/update-plugin.yml at 8f66d5c

	name: Update Trivy Plugin Version

	on:
	workflow_dispatch:
	inputs:
	force_update:
	description: 'Force update even if version is the same'
	required: false
	default: false
	type: boolean
	schedule:
	# Run weekly on Tuesdays at 6:00 AM UTC
	- cron: '0 6 * * 2'

	permissions:
	contents: write
	pull-requests: write

	jobs:
	update-plugin-version:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Get latest Trivy plugin version
	id: plugin_version
	run: \|
	echo "🔍 Fetching latest Trivy plugin version from GitHub API..."

	# Get latest release version from GitHub API
	LATEST_VERSION=$(curl -s https://api.github.com/repos/ambient-innovation/trivy-plugin-gitlab-codequality/releases/latest \| jq -r '.tag_name')

	if [ "$LATEST_VERSION" = "null" ] \|\| [ -z "$LATEST_VERSION" ]; then
	echo "❌ Failed to fetch latest Trivy plugin version"
	exit 1
	fi

	echo "latest_version=${LATEST_VERSION}" >> $GITHUB_OUTPUT
	echo "✅ Latest Trivy plugin version: ${LATEST_VERSION}"

	- name: Get current Trivy plugin version
	id: current_version
	run: \|
	echo "🔍 Extracting current Trivy plugin version from template..."

	# Extract current version from trivy-scanning.template.yaml
	CURRENT_VERSION=$(grep -E "TRIVY_PLUGIN_VERSION:" trivy-scanning.template.yaml \| sed -E 's/.TRIVY_PLUGIN_VERSION:[[:space:]]"([^"]+)".*/\1/')

	if [ -z "$CURRENT_VERSION" ]; then
	echo "❌ Failed to extract current Trivy plugin version"
	exit 1
	fi

	echo "current_version=${CURRENT_VERSION}" >> $GITHUB_OUTPUT
	echo "✅ Current Trivy plugin version: ${CURRENT_VERSION}"

	- name: Check if update needed
	id: check_update
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"
	FORCE_UPDATE="${{ github.event.inputs.force_update }}"

	echo "🔄 Comparing versions:"
	echo " Current: ${CURRENT}"
	echo " Latest: ${LATEST}"

	if [ "$CURRENT" = "$LATEST" ] && [ "$FORCE_UPDATE" != "true" ]; then
	echo "ℹ️ Trivy plugin is already at the latest version (${LATEST})"
	echo "update_needed=false" >> $GITHUB_OUTPUT
	else
	echo "🚀 Update needed from ${CURRENT} to ${LATEST}"
	echo "update_needed=true" >> $GITHUB_OUTPUT
	fi

	- name: Update trivy-scanning.template.yaml
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"

	echo "📝 Updating trivy-scanning.template.yaml..."

	# Update the Trivy plugin version
	sed -i "s\|TRIVY_PLUGIN_VERSION: \"${CURRENT}\"\|TRIVY_PLUGIN_VERSION: \"${LATEST}\"\|g" trivy-scanning.template.yaml

	echo "✅ Updated Trivy plugin version from ${CURRENT} to ${LATEST}"

	# Show the changes
	echo "🔍 Changes made:"
	git diff trivy-scanning.template.yaml \|\| true

	- name: Update CHANGELOG.md
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"

	echo "📝 Updating CHANGELOG.md..."

	# Create a temporary file with the updated changelog
	{
	# Copy everything until [Unreleased] section
	while IFS= read -r line; do
	echo "$line"
	if [[ "$line" =~ ^\#\#[[:space:]]*\[Unreleased\] ]]; then
	break
	fi
	done < CHANGELOG.md

	# Add the new entry to [Unreleased] section
	echo ""
	echo "### Changed"
	echo "- Updated Trivy GitLab CodeQuality plugin from ${CURRENT} to ${LATEST}"
	echo ""

	# Copy the rest of the file, skipping the old [Unreleased] content until next section
	in_unreleased_section=false
	found_next_section=false

	while IFS= read -r line; do
	if [[ "$line" =~ ^\#\#[[:space:]]*\[Unreleased\] ]]; then
	in_unreleased_section=true
	continue
	fi

	# Start of next section (either version or other ##)
	if [[ "$line" =~ ^\#\#[[:space:]] ]] && [ "$in_unreleased_section" = true ]; then
	in_unreleased_section=false
	found_next_section=true
	fi

	if [ "$in_unreleased_section" = false ] && [ "$found_next_section" = true ]; then
	echo "$line"
	elif [ "$in_unreleased_section" = false ] && [ "$found_next_section" = false ]; then
	# We haven't reached the [Unreleased] section yet, skip
	continue
	fi
	done < CHANGELOG.md

	} > CHANGELOG.tmp && mv CHANGELOG.tmp CHANGELOG.md

	echo "✅ Updated CHANGELOG.md with Trivy plugin version update"

	- name: Update CHANGELOG-en.md
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"

	echo "📝 Updating CHANGELOG-en.md..."

	# Create a temporary file with the updated changelog
	{
	# Copy everything until [Unreleased] section
	while IFS= read -r line; do
	echo "$line"
	if [[ "$line" =~ ^\#\#[[:space:]]*\[Unreleased\] ]]; then
	break
	fi
	done < CHANGELOG-en.md

	# Add the new entry to [Unreleased] section
	echo ""
	echo "### Changed"
	echo "- Updated Trivy GitLab CodeQuality plugin from ${CURRENT} to ${LATEST}"
	echo ""

	# Copy the rest of the file, skipping the old [Unreleased] content until next section
	in_unreleased_section=false
	found_next_section=false

	while IFS= read -r line; do
	if [[ "$line" =~ ^\#\#[[:space:]]*\[Unreleased\] ]]; then
	in_unreleased_section=true
	continue
	fi

	# Start of next section (either version or other ##)
	if [[ "$line" =~ ^\#\#[[:space:]] ]] && [ "$in_unreleased_section" = true ]; then
	in_unreleased_section=false
	found_next_section=true
	fi

	if [ "$in_unreleased_section" = false ] && [ "$found_next_section" = true ]; then
	echo "$line"
	elif [ "$in_unreleased_section" = false ] && [ "$found_next_section" = false ]; then
	# We haven't reached the [Unreleased] section yet, skip
	continue
	fi
	done < CHANGELOG-en.md

	} > CHANGELOG-en.tmp && mv CHANGELOG-en.tmp CHANGELOG-en.md

	echo "✅ Updated CHANGELOG-en.md with Trivy plugin version update"

	- name: Commit changes
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"

	echo "💾 Committing changes..."

	# Configure git
	git config --local user.email "action@github.com"
	git config --local user.name "GitHub Action"

	# Create a new branch for the update
	BRANCH_NAME="update-trivy-plugin-${LATEST}"
	git checkout -b "$BRANCH_NAME"

	# Add and commit changes
	git add trivy-scanning.template.yaml CHANGELOG.md CHANGELOG-en.md
	git commit -m "chore: update Trivy plugin from ${CURRENT} to ${LATEST}

	Updated Trivy GitLab CodeQuality plugin version in template
	Updated changelog with version change"

	echo "✅ Changes committed to branch $BRANCH_NAME"

	- name: Push changes
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	BRANCH_NAME="update-trivy-plugin-${{ steps.plugin_version.outputs.latest_version }}"
	echo "🚀 Pushing changes to branch $BRANCH_NAME..."
	git push origin "$BRANCH_NAME"
	echo "✅ Changes pushed to branch $BRANCH_NAME"

	- name: Create pull request
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"
	BRANCH_NAME="update-trivy-plugin-${LATEST}"

	echo "📄 Creating pull request..."
	gh pr create \
	--title "chore: update Trivy plugin to ${LATEST}" \
	--body "This pull request updates the Trivy GitLab CodeQuality plugin version from ${CURRENT} to ${LATEST}.

	### Changes:
	- Updated `trivy-scanning.template.yaml` with the new plugin version.
	- Updated `CHANGELOG.md` and `CHANGELOG-en.md` with the version change.

	Please review and merge this pull request to apply the update." \
	--base main \
	--head "$BRANCH_NAME" \
	--label update,automation
	echo "✅ Pull request created"

	- name: Output summary
	if: steps.check_update.outputs.update_needed == 'true'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"
	LATEST="${{ steps.plugin_version.outputs.latest_version }}"

	echo "## 🎉 Trivy Plugin Update Summary" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "✅ Successfully updated Trivy GitLab CodeQuality plugin" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "- From: ${CURRENT}" >> $GITHUB_STEP_SUMMARY
	echo "- To: ${LATEST}" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "### 📋 Files Updated" >> $GITHUB_STEP_SUMMARY
	echo "- \`trivy-scanning.template.yaml\` - Updated plugin version" >> $GITHUB_STEP_SUMMARY
	echo "- \`CHANGELOG.md\` - Added update entry" >> $GITHUB_STEP_SUMMARY
	echo "- \`CHANGELOG-en.md\` - Added update entry" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "### 🚀 Next Steps" >> $GITHUB_STEP_SUMMARY
	echo "A new release will be automatically created with the updated plugin version." >> $GITHUB_STEP_SUMMARY

	- name: No update needed
	if: steps.check_update.outputs.update_needed == 'false'
	run: \|
	CURRENT="${{ steps.current_version.outputs.current_version }}"

	echo "## ℹ️ No Update Needed" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "Trivy plugin is already at the latest version: ${CURRENT}" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "To force an update, re-run this workflow with the 'Force update' option enabled." >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Trivy Plugin Version #34

Workflow file

Update Trivy Plugin Version #34

Uh oh!

Workflow file for this run