fix: patch and bump kubecost images to fix cve #3961
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Update service-labeler.yaml" | |
on: | |
pull_request: | |
branches: | |
- main | |
- 'release/*' | |
paths: | |
- 'services/**/*' | |
workflow_dispatch: {} | |
jobs: | |
update-service-labels-yaml: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.head_ref }} | |
fetch-depth: 0 | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Import GPG key | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
git_tag_gpgsign: true | |
- name: Install NIX | |
uses: cachix/install-nix-action@v30 | |
- name: Install devbox | |
uses: jetify-com/[email protected] | |
with: | |
enable-cache: true | |
skip-nix-installation: true | |
- name: Update .github/service-labeler.yaml | |
run: make workflow-labeler-yaml-update | |
- name: Commit and push changes | |
run: | | |
git config user.email [email protected] | |
git config user.name d2iq-mergebot | |
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git | |
git config --global url."https://${GITHUB_TOKEN}:[email protected]/".insteadOf "https://github.com/" | |
git add .github/service-labeler.yaml | |
if output=$(git status --porcelain) && [ ! -z "$output" ]; then | |
git commit -v -m "build: Updated .github/service-labeler.yaml" | |
git push --force-with-lease | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.MERGEBOT_TOKEN }} |