Add workflow for automatic PR for new stereoscope updates #954
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Benchmark Test ResultsBenchmark results from the latest changes vs base branch |
spiffcs
previously approved these changes
Apr 13, 2022
| stable: ${{ env.GO_STABLE_VERSION }} | ||
|
|
||
| - run: | | ||
| LATEST_VERSION=$(git ls-remote https://github.com/anchore/stereoscope main | head -n1 | awk '{print $1;}') |
There was a problem hiding this comment.
Are we get the current version that syft is using from the go.mod file?
If we find that this version is the same as LATEST_VERSION are we then able to short circuit the PR?
My thinking here is that if we can make it only every night where the versions change we have a chance to reduce the PR noise that could get introduced to our notifications feed.
There was a problem hiding this comment.
As noted in the Grype PR, the auto-PR won't be created if there are no changes 👍
spiffcs
approved these changes
Apr 13, 2022
spiffcs
added a commit
that referenced
this pull request
May 2, 2022
* main: (31 commits) reduce noise of log output (#976) add version info and remove double config call (#977) Rename syft-id to package-id (#970) update to cyclonedx-go 0.5.2 (#971) refactor command package to remove globals and add dependency injection fix: #953 Derive language from pURL - https://github.com/anchore/syft… (#957) Fix typo in CPE-parsing error (#966) Preserve syft IDs on SBOM decode (#963) Update GitHub format package_url and correlator (#961) Ensure SPDXIDs are valid (#955) Auto-PR needs to run go mod tidy (#958) Add workflow for automatic PR for new stereoscope updates (#954) Minor readme update to correct format information (#948) Update spdx22json to only take uppercase checksum algorithm (#946) add additional vendors for springframework (#945) Add digest property to parent and nested java package metadata (#941) Update write permissions and log into ghcr.io for release (#942) Retry auth URL lookup without docker credentialhelper workaround (#939) Ensure that all cyclonedx components have bom-refs (#914) Additionally publish docker images to GHCR (#934) ... Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
rigzba21
pushed a commit
to rigzba21/syft
that referenced
this pull request
May 5, 2022
Signed-off-by: rigzba21 <jonathan.velando01@gmail.com>
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a nightly check for updates to stereoscope and automatically creates a PR if there has been something merged to main that has not been updated in Syft.