Skip to content

fix: patch and bump kubecost images to fix cve #3961

fix: patch and bump kubecost images to fix cve

fix: patch and bump kubecost images to fix cve #3961

name: "Update service-labeler.yaml"
on:
pull_request:
branches:
- main
- 'release/*'
paths:
- 'services/**/*'
workflow_dispatch: {}
jobs:
update-service-labels-yaml:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Install NIX
uses: cachix/install-nix-action@v30
- name: Install devbox
uses: jetify-com/[email protected]
with:
enable-cache: true
skip-nix-installation: true
- name: Update .github/service-labeler.yaml
run: make workflow-labeler-yaml-update
- name: Commit and push changes
run: |
git config user.email [email protected]
git config user.name d2iq-mergebot
git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
git config --global url."https://${GITHUB_TOKEN}:[email protected]/".insteadOf "https://github.com/"
git add .github/service-labeler.yaml
if output=$(git status --porcelain) && [ ! -z "$output" ]; then
git commit -v -m "build: Updated .github/service-labeler.yaml"
git push --force-with-lease
fi
env:
GITHUB_TOKEN: ${{ secrets.MERGEBOT_TOKEN }}