Use dedup for trivy version check

reviewdog · Dec 25, 2024 · ff5fe38 · ff5fe38
1 parent d9b123e
commit ff5fe38
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 0 deletions.
diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml
@@ -34,3 +34,31 @@ jobs:
           branch: depup/reviewdog
           base: main
           labels: "bump:minor"
+
+  trivy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: haya14busa/action-depup@v1
+        id: depup
+        with:
+          file: .github/workflows/tests.yml
+          version_name: TRIVY_VERSION
+          repo: aquasecurity/trivy
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: "chore(deps): update trivy to ${{ steps.depup.outputs.latest }}"
+          commit-message: "chore(deps): update trivy to ${{ steps.depup.outputs.latest }}"
+          body: |
+            Update trivy to [v${{ steps.depup.outputs.latest }}](https://github.com/aquasecurity/trivy/releases/tag/v${{ steps.depup.outputs.latest }})
+            Compare [v${{ steps.depup.outputs.current }}...v${{ steps.depup.outputs.latest }}](https://github.com/aquasecurity/trivy/compare/v${{ steps.depup.outputs.current }}...v${{ steps.depup.outputs.latest }})
+
+            This PR is auto generated by [depup workflow](https://github.com/${{ github.repository }}/actions?query=workflow%3Adepup).
+          branch: depup/trivy
+          base: main
+          labels: "bump:minor"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -213,3 +213,48 @@ jobs:
             echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
             exit 1
           fi
+
+  test-trivy-version:
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: [ubuntu-latest, macos-latest, windows-latest]
+    name: trivy (${{ matrix.platform }})
+    runs-on: ${{ matrix.platform }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ./
+        continue-on-error: true
+        id: test
+        env:
+          INPUT_TRIVY_VERSION: v0.50.0
+        with:
+          github_token: ${{ secrets.github_token }}
+          trivy_command: config
+          trivy_target: .
+          reporter: github-check
+          level: info
+          working_directory: testdata/config/terraform/with_detections
+
+      # The check is expected to fail on the test data
+      - name: Check return codes
+        if: success() || failure ()
+        run: |
+          trivy_return="${{ steps.test.outputs.trivy-return-code }}"
+          reviewdog_return="${{ steps.test.outputs.reviewdog-return-code }}"
+
+          if [[ "$trivy_return" -eq 1 ]]; then
+            echo "trivy correctly returned failure ${trivy_return}"
+          else
+            echo "trivy returned ${trivy_return}, expected '1'. Failing..."
+            exit 1
+          fi
+
+          if [[ "$reviewdog_return" -eq 0 ]]; then
+            echo "reviewdog correctly returned success: ${reviewdog_return}"
+          else
+            echo "reviewdog returned ${reviewdog_return}, expected '0'. Failing..."
+            exit 1
+          fi