Merge branch 'main' into fix-shrinkwrap

edvincent · web-flow · commit b1382c809959 · 2022-08-19T07:43:13.000-07:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -609,7 +609,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@1db49f532692e649dc5dc43c7c0444dac4790137
+        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
         with:
           scan-type: "fs"
           scan-ref: "."
diff --git a/.github/workflows/npm-brew.yaml b/.github/workflows/npm-brew.yaml
@@ -67,3 +67,52 @@ jobs:
         env:
           HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}
         run: ./ci/steps/brew-bump.sh
+
+  aur:
+    needs: npm
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
+    steps:
+      # We need to checkout code-server so we can get the version
+      - name: Checkout code-server
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          path: "./code-server"
+
+      - name: Get code-server version
+        id: version
+        run: |
+          pushd code-server
+          echo "::set-output name=version::$(jq -r .version package.json)"
+          popd
+
+      - name: Checkout code-server-aur repo
+        uses: actions/checkout@v3
+        with:
+          repository: "cdrci/code-server-aur"
+          token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
+
+      - name: Configure git
+        run: |
+          git config --global user.name cdrci
+          git config --global user.email opensource@coder.com
+
+      - name: Validate package
+        uses: hapakaien/archlinux-package-action@v2
+        with:
+          pkgver: ${{ steps.version.outputs.version }}
+          updpkgsums: true
+          srcinfo: true
+
+      - name: Open PR
+        # We need to git push -u otherwise gh will prompt
+        # asking where to push the branch.
+        run: |
+          git checkout -b update-version-${{ steps.version.outputs.version }}
+          git add . 
+          git commit -m "chore: updating version to ${{ steps.version.outputs.version }}"
+          git push -u origin $(git branch --show)
+          gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ steps.version.outputs.version }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
diff --git a/.github/workflows/trivy-docker.yaml b/.github/workflows/trivy-docker.yaml
@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@1db49f532692e649dc5dc43c7c0444dac4790137
+        uses: aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true
