name: PR for latest Stereoscope release
on:
  schedule:
    - cron: "0 8 * * *" # 3 AM EST

  workflow_dispatch:

env:
  GO_VERSION: "1.21.x"
  GO_STABLE_VERSION: true

permissions:
  contents: read

jobs:
  upgrade-stereoscope:
    runs-on: ubuntu-latest
    if: github.repository == 'anchore/syft' # only run for main repo
    steps:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0

      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
        with:
          go-version: ${{ env.GO_VERSION }}
          stable: ${{ env.GO_STABLE_VERSION }}

      - run: |
          LATEST_VERSION=$(git ls-remote https://github.com/anchore/stereoscope main | head -n1 | awk '{print $1;}')

          # update go.mod
          go get github.com/anchore/stereoscope@$LATEST_VERSION
          go mod tidy

          # export the version for use with create-pull-request
          echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_OUTPUT
        id: latest-version

      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
        id: generate-token
        with:
          app_id: ${{ secrets.TOKEN_APP_ID }}
          private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}

      - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 #v5.0.2
        with:
          signoff: true
          delete-branch: true
          branch: auto/latest-stereoscope
          labels: dependencies
          commit-message: "chore(deps): update stereoscope to ${{ steps.latest-version.outputs.LATEST_VERSION }}"
          title: "chore(deps): update stereoscope to ${{ steps.latest-version.outputs.LATEST_VERSION }}"
          body: |
            Update Stereoscope to ${{ steps.latest-version.outputs.LATEST_VERSION }}
          token: ${{ steps.generate-token.outputs.token }}