name: PR for latest Stereoscope release
on:
  schedule:
    - cron: "0 8 * * *" # 3 AM EST

  workflow_dispatch:

env:
  GO_VERSION: "1.21.x"
  GO_STABLE_VERSION: true

permissions:
  contents: read

jobs:
  upgrade-stereoscope:
    runs-on: ubuntu-latest
    if: github.repository == 'anchore/syft' # only run for main repo
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7

      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #v5.0.2
        with:
          go-version: ${{ env.GO_VERSION }}
          stable: ${{ env.GO_STABLE_VERSION }}

      - name: Bootstrap environment
        uses: ./.github/actions/bootstrap

      - run: |
          LATEST_VERSION=$(git ls-remote https://github.com/anchore/stereoscope main | head -n1 | awk '{print $1;}')

          # update go.mod
          go get github.com/anchore/stereoscope@$LATEST_VERSION
          go mod tidy

          # export the version for use with create-pull-request
          echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_OUTPUT
        id: latest-version

      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
        id: generate-token
        with:
          app_id: ${{ secrets.TOKEN_APP_ID }}
          private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}

      - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0
        with:
          signoff: true
          delete-branch: true
          branch: auto/latest-stereoscope
          labels: dependencies
          commit-message: "chore(deps): update stereoscope to ${{ steps.latest-version.outputs.LATEST_VERSION }}"
          title: "chore(deps): update stereoscope to ${{ steps.latest-version.outputs.LATEST_VERSION }}"
          body: |
            Update Stereoscope to ${{ steps.latest-version.outputs.LATEST_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}