syft/.github/workflows/update-cpe-dictionary-index.yml

name: PR to update CPE dictionary index
on:
  schedule:
    - cron: "0 1 * * 1" # every monday at 1 AM

  workflow_dispatch:

permissions:
  contents: read

env:
  GO_VERSION: "1.21.x"
  GO_STABLE_VERSION: true

jobs:
  upgrade-cpe-dictionary-index:
    runs-on: ubuntu-latest
    if: github.repository == 'anchore/syft' # only run for main repo
    steps:
      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0

      - uses: actions/setup-go@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
        with:
          go-version: ${{ env.GO_VERSION }}
          stable: ${{ env.GO_STABLE_VERSION }}

      - run: |
          make generate-cpe-dictionary-index          

      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
        id: generate-token
        with:
          app_id: ${{ secrets.TOKEN_APP_ID }}
          private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}

      - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 #v5.0.2
        with:
          signoff: true
          delete-branch: true
          branch: auto/latest-cpe-dictionary-index
          labels: dependencies
          commit-message: "chore(deps): update CPE dictionary index"
          title: "chore(deps): update CPE dictionary index"
          body: |
            Update CPE dictionary index based on the latest available CPE dictionary            
          token: ${{ steps.generate-token.outputs.token }}