build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 (#513) #252
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Please | |
| on: | |
| push: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'Target branch to prepare releases from (leave empty for default behavior).' | |
| required: false | |
| default: '' | |
| type: string | |
| permissions: {} | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| prs: ${{ steps.release.outputs.prs }} | |
| steps: | |
| - name: Generate GitHub token | |
| uses: actions/create-github-app-token@v2.2.1 | |
| id: generate-token | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| permission-pull-requests: write | |
| permission-contents: write | |
| - uses: googleapis/release-please-action@v4.4.0 | |
| id: release | |
| with: | |
| target-branch: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref != '' && github.event.inputs.ref || github.ref_name }} | |
| token: ${{ steps.generate-token.outputs.token }} | |
| update-lockfiles: | |
| needs: release-please | |
| if: ${{ needs.release-please.outputs.prs }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| pr: ${{ fromJson(needs.release-please.outputs.prs) }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate GitHub token | |
| uses: actions/create-github-app-token@v2.2.1 | |
| id: generate-token | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| permission-contents: write | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| ref: ${{ matrix.pr.headBranchName }} | |
| fetch-depth: 0 | |
| token: ${{ steps.generate-token.outputs.token }} | |
| - name: Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Cache cargo | |
| uses: Swatinem/rust-cache@v2.8.2 | |
| with: | |
| shared-key: 'ubuntu-22.04-x86_64' | |
| - name: Update cargo workspace lockfile | |
| run: cargo update -w | |
| - name: Setup Node (LTS) | |
| if: contains(join(matrix.pr.files, ','), 'vacs-client') | |
| uses: actions/setup-node@v6.2.0 | |
| with: | |
| node-version: 'lts/*' | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| vacs-client/package-lock.json | |
| vacs-client/frontend/package-lock.json | |
| - name: Update npm workspace lockfile | |
| if: contains(join(matrix.pr.files, ','), 'vacs-client') | |
| working-directory: vacs-client | |
| run: npm install --package-lock-only | |
| - name: Commit updated lockfiles | |
| run: | | |
| git config user.name "vacs-bot[bot]" | |
| git config user.email "248978301+vacs-bot[bot]@users.noreply.github.com" | |
| git add Cargo.lock vacs-client/package-lock.json | |
| if ! git diff --staged --quiet; then | |
| git commit -m "chore(lockfile): refresh cargo & npm lockfiles after version bumps" | |
| git push | |
| else | |
| echo "No lockfile changes detected." | |
| fi |