deps(deps): update aquasec/trivy docker tag to v0.57.1 (#497) #243
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - master | |
| name: release-please | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| jobs: | |
| release-please: | |
| environment: release | |
| outputs: | |
| paths_released: ${{ steps.release.outputs.paths_released }} | |
| releases_created: ${{ steps.release.outputs.releases_created }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Run release-please | |
| uses: google-github-actions/release-please-action@v4 | |
| id: release | |
| with: | |
| target-branch: ${{ github.ref_name }} | |
| token: ${{ secrets.ADMIN_PAT }} | |
| # The next 2 steps are a workaround to ensure release-please-action fixes manifest conflicts | |
| # https://github.com/googleapis/release-please/issues/1870#issuecomment-1748390833 | |
| - name: Get pending PRs | |
| shell: bash | |
| id: check-pending-prs | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.ADMIN_PAT }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| set -euo pipefail | |
| pending_prs=$(gh pr list --repo "$REPO" --label "autorelease: pending" --state open --json number --jq '.[].number') | |
| need_rebase="" | |
| if [[ -n "$pending_prs" ]]; then | |
| for pr_num in $pending_prs; do | |
| echo "Checking pr: $pr_num" | |
| mergeable=$(gh pr view --repo "$REPO" "$pr_num" --json mergeable --jq '.mergeable') | |
| echo "mergeable status: $mergeable" | |
| if [[ "$mergeable" != "MERGEABLE" ]]; then | |
| echo "pr: $pr_num is not MERGEABLE." | |
| echo "removing 'autorelease: pending' label from pr: $pr_num" | |
| gh pr edit --repo "$REPO" "$pr_num" --remove-label "autorelease: pending" | |
| need_rebase=true | |
| fi | |
| done | |
| else | |
| echo "No pending PRs found." | |
| exit 0 | |
| fi | |
| if [[ -n "$need_rebase" ]]; then | |
| echo "not MERGEABLE status PRs found." | |
| echo "need_rebase=$need_rebase" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "All pending PRs are MERGEABLE." | |
| fi | |
| - name: Rebase release-please PRs | |
| uses: google-github-actions/release-please-action@v4 | |
| if: steps.check-pending-prs.outputs.need_rebase == 'true' | |
| with: | |
| target-branch: ${{ github.ref_name }} | |
| token: ${{ secrets.ADMIN_PAT }} | |
| publish: | |
| environment: release | |
| if: always() && needs.release-please.outputs.releases_created == 'true' | |
| needs: | |
| - release-please | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Publish to npm | |
| shell: bash | |
| working-directory: javascript | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: | | |
| PATHS=(${{ join(fromJSON(needs.release-please.outputs.paths_released), ' ') }}) | |
| INCLUDE_OPTS=() | |
| for path in "${PATHS[@]}"; do | |
| package=${path/javascript\/packages/"@equisoft"} | |
| INCLUDE_OPTS+=(--include "$package" ) | |
| done | |
| echo -e "npmRegistries: \n //registry.yarnpkg.com:\n npmAlwaysAuth: true\n npmAuthToken: ${NPM_TOKEN}" >> ~/.yarnrc.yml | |
| yarn workspaces foreach -Atv "${INCLUDE_OPTS[@]}" npm publish --access public --tolerate-republish | |