diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index ff94a7d..c099f1c 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -11,6 +11,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} - name: Setup Node.js uses: actions/setup-node@v4 @@ -34,11 +36,35 @@ jobs: docker run --rm -v ${{ github.workspace }}:/src aquasec/trivy:latest fs /src \ --scanners secret \ --format table > trivy-secret-report.txt - + # custom check - name: Check for outdated npm packages run: | npm outdated > npm-outdated-report.txt || echo "Some packages may be outdated." + + - name: Automatically update outdated npm packages + run: | + npm update + + - name: Commit and Push Changes if Packages Are Updated + run: | + git config --global user.email "actions@github.com" + git config --global user.name "GitHub Actions" + git add . + git commit -m "chore: update outdated npm packages" || echo "No changes to commit" + git push origin HEAD || echo "No changes to push" + + - name: Create Pull Request for Dependency Updates + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + branch: "dependency-updates" + base: ${{ github.base_ref }} + title: "chore: update outdated npm packages" + body: | + This PR updates the following npm packages to their latest versions. + - Automatically generated by the CI. + labels: "dependencies, automated" - name: Handling empty files run: | @@ -93,4 +119,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: trivy scan (vs and ss) - path: trivy-V-and-S-Scan-report.md \ No newline at end of file + path: trivy-V-and-S-Scan-report.md