name: PR for latest Syft release
on:
  schedule:
    - cron: "0 8 * * *" # 3 AM EST

  workflow_dispatch:

env:
  GO_VERSION: "1.18.x"
  GO_STABLE_VERSION: true

permissions:
  contents: read

jobs:
  upgrade-syft:
    runs-on: ubuntu-latest
    if: github.repository == 'anchore/grype' # only run for main repo
    steps:
      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.5.0

      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: ${{ env.GO_VERSION }}
          stable: ${{ env.GO_STABLE_VERSION }}

      - run: |
          LATEST_VERSION=$(curl "https://api.github.com/repos/anchore/syft/releases/latest" 2>/dev/null | jq -r '.tag_name')

          # update go.mod
          go get github.com/anchore/syft@$LATEST_VERSION
          go mod tidy

          # export the version for use with create-pull-request
          echo "::set-output name=LATEST_VERSION::$LATEST_VERSION"
        id: latest-version

      - uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0
        id: generate-token
        with:
          app_id: ${{ secrets.TOKEN_APP_ID }}
          private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}

      - uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
        with:
          signoff: true
          delete-branch: true
          branch: auto/latest
          labels: dependencies
          commit-message: "Update Syft to ${{ steps.latest-version.outputs.LATEST_VERSION }}"
          title: "Update Syft to ${{ steps.latest-version.outputs.LATEST_VERSION }}"
          body: |
            Update Syft to ${{ steps.latest-version.outputs.LATEST_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}