Get latest tfsec version #827

Summary
Jobs
- update-tfsec
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Get latest tfsec version

	on:
	schedule:
	- cron: '0 14 * * *'

	jobs:
	update-tfsec:
	runs-on: ubuntu-latest
	env:
	CURRENT_IMAGE_DIRECTORY: 'milmove-infra-tf132'
	steps:
	- uses: actions/checkout@v2
	with:
	token: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
	- name: Set release version and current version variables
	id: get-versions
	run: \|
	echo ::set-output name=current_tag::$(grep TFSEC_VERSION $CURRENT_IMAGE_DIRECTORY/Dockerfile \| head -1 \| cut -d'=' -f 2)
	echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/aquasecurity/tfsec/releases/latest \| jq -r ".tag_name[1:]")
	- name: Get sha256sum
	if: ${{ steps.get-versions.outputs.release_tag != steps.get-versions.outputs.current_tag }}
	id: checksum
	env:
	NEW_VERSION: ${{ steps.get-versions.outputs.release_tag }}
	run: \|
	echo ::set-output name=current_sha256sum::$(grep TFSEC_SHA256SUM $CURRENT_IMAGE_DIRECTORY/Dockerfile \| head -1 \| cut -d'=' -f 2)
	curl -sL https://github.com/aquasecurity/tfsec/releases/download/v${NEW_VERSION}/tfsec-linux-amd64 --output "shafile"
	echo ::set-output name=release_sha256sum::$(sha256sum shafile \| cut -d' ' -f 1)
	- name: Change release version in Dockerfile
	if: ${{ steps.get-versions.outputs.release_tag != steps.get-versions.outputs.current_tag }}
	id: update-version
	env:
	OLD_VERSION: ${{ steps.get-versions.outputs.current_tag }}
	NEW_VERSION: ${{ steps.get-versions.outputs.release_tag }}
	OLD_SHA256SUM: ${{ steps.checksum.outputs.current_sha256sum }}
	NEW_SHA256SUM: ${{ steps.checksum.outputs.release_sha256sum }}
	run: \|
	sed -i --expression="s/TFSEC_VERSION=$OLD_VERSION/TFSEC_VERSION=$NEW_VERSION/" $CURRENT_IMAGE_DIRECTORY/Dockerfile
	sed -i --expression="s/TFSEC_SHA256SUM=$OLD_SHA256SUM/TFSEC_SHA256SUM=$NEW_SHA256SUM/" $CURRENT_IMAGE_DIRECTORY/Dockerfile
	- name: set up Git
	if: ${{ steps.get-versions.outputs.release_tag != steps.get-versions.outputs.current_tag }}
	env:
	GITHUB_TOKEN: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
	GITHUB_ACTOR_NAME: "robot-mymove"
	GITHUB_ACTOR_EMAIL: "milmovesysadmins@caci.com"
	run: \|
	git config --global user.name "${GITHUB_ACTOR_NAME}"
	git config --global user.email "${GITHUB_ACTOR_EMAIL}"
	- name: Create Pull Request
	if: ${{ steps.get-versions.outputs.release_tag != steps.get-versions.outputs.current_tag }}
	uses: peter-evans/create-pull-request@v3
	with:
	token: ${{ secrets.ROBOT_MYMOVE_TOKEN }}
	commit-message: Update tfsec to new version
	author: ${GITHUB_ACTOR_NAME} <${GITHUB_ACTOR_EMAIL}>
	branch: tfsec-update-${{ steps.get-versions.outputs.release_tag }}
	delete-branch: true
	title: Update tfsec Version to ${{ steps.get-versions.outputs.release_tag }}
	body: \|
	Automated update from tfsec version ${{ steps.get-versions.outputs.current_tag }} to version ${{ steps.get-versions.outputs.release_tag }}
	Release Notes: https://github.com/aquasecurity/tfsec/releases/tag/v${{ steps.get-versions.outputs.release_tag }}
	reviewers: josiahzimmerman-caci edwardharriscaci

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Get latest tfsec version #827

Workflow file

Get latest tfsec version #827

Jobs

Run details

Workflow file for this run