24 lines
1.4 KiB
Bash
Executable File
24 lines
1.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
actions=( 'actions/checkout' 'actions/cache' 'actions/stale' 'actions/upload-artifact' 'actions/download-artifact' 'aws-actions/configure-aws-credentials' 'ossf/scorecard-action' 'erlef/setup-beam' 'slackapi/slack-github-action' 'hashicorp/setup-terraform' 'docker/login-action' 'docker/setup-buildx-action' 'docker/setup-qemu-action' 'actions/setup-java' )
|
|
for a in "${actions[@]}"; do
|
|
# shellcheck disable=SC2086
|
|
TAG=$(curl -sSfL -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$a/releases/latest | jq -r '.tag_name')
|
|
# shellcheck disable=SC2086
|
|
TAG_OBJECT=$(curl -sSfL -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$a/git/ref/tags/$TAG)
|
|
if [ "$(echo "${TAG_OBJECT}" | jq -r '.object.type')" = "commit" ]; then
|
|
COMMIT_SHA=$(echo "${TAG_OBJECT}" | jq -r '.object.sha')
|
|
else
|
|
TAG_SHA=$(echo "${TAG_OBJECT}" | jq -r '.object.sha')
|
|
# shellcheck disable=SC2086
|
|
COMMIT_SHA=$(curl -sSfL -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$a/git/tags/$TAG_SHA | jq -r '.object.sha')
|
|
fi
|
|
echo "Bumping $a to $TAG ($COMMIT_SHA)"
|
|
sed -i.bak -e "s|uses: $a.*$|uses: $a@$COMMIT_SHA # $TAG|g" .github/workflows/*.yaml
|
|
sed -i.bak -e "s|uses: $a.*$|uses: $a@$COMMIT_SHA # $TAG|g" .github/actions/*/*.yaml
|
|
rm .github/workflows/*.bak
|
|
rm .github/actions/*/*.bak
|
|
done
|