check for bandit updates #975

	name: check for bandit updates
	on: {workflow_dispatch, schedule: [cron: '0 0 * * *']}
	jobs:
	check-for-updates:
	runs-on: ubuntu-22.04
	name: check for bandit updates
	env:
	GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
	steps:
	- uses: actions/checkout@v3
	- name: setup python
	uses: actions/setup-python@v2
	with:
	python-version: 3.11
	architecture: x64
	- id: version
	name: check version
	run: \|
	pip install -U bandit
	version="$(pip freeze \| grep 'bandit==' \| sed -E 's#bandit==(.*)#\1#g')"
	sed -i -E "s#(bandit==)(.*)#\1$version#g" requirements.txt
	echo "version=$version" >>$GITHUB_OUTPUT
	echo "message=automatic bandit update [$version]" >>$GITHUB_OUTPUT
	- uses: peter-evans/create-pull-request@v3.10.0
	id: new_pull_request
	with:
	delete-branch: true
	title: ${{ steps.version.outputs.message }}
	commit-message: ${{ steps.version.outputs.message }}
	branch: automatic-bandit-update
	token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
	- if: steps.new_pull_request.outputs.pull-request-url != ''
	run: gh pr merge --auto --squash ${{ steps.new_pull_request.outputs.pull-request-url }}

Provide feedback