From 3ec78746b4b91f125de4e851a77997841a2dee76 Mon Sep 17 00:00:00 2001
From: John Osborne <josborne@chainguard.dev>
Date: Thu, 21 Nov 2024 13:32:36 -0500
Subject: [PATCH] Update updates.yaml

Signed-off-by: John Osborne <josborne@chainguard.dev>
---
 .github/workflows/updates.yaml | 55 ++++++++++++++++++++++++----------
 1 file changed, 40 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/updates.yaml b/.github/workflows/updates.yaml
index 028e060..039be0f 100644
--- a/.github/workflows/updates.yaml
+++ b/.github/workflows/updates.yaml
@@ -101,19 +101,44 @@ jobs:
         run: |
           gh repo list
           
-      - name: Create a new branch and commit changes
-        if: env.FIX_CVE == 'true'
-        env:
-          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
+      - name: Update Helm Values
+        shell: bash
+        run: yq -i ".image.tag = \"${{ env.LATEST_UNIQUE_TAG }}\"" helm/redis/values.yaml
+      
+      - name: Run git diff
+        id: create_pr_update
+        shell: bash
         run: |
-          git config --global user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --global push.autoSetupRemote true
-          cd $GITHUB_WORKSPACE
-          BRANCH_NAME="updates-$(date +%Y%m%d%H%M%S)"
-          git checkout -b $BRANCH_NAME
-          yq -i ".image.tag = \"${{ env.LATEST_UNIQUE_TAG }}\"" helm/redis/values.yaml
-          git add helm/redis/values.yaml
-          git commit -m "Update Helm Redis Image Tag to ${{ env.LATEST_UNIQUE_TAG }}"
-          git push origin $BRANCH_NAME
-          gh pr create --title "Update Helm Redis Image Tag" --body "This PR remediates CVEs: \"${{ env.CVE_LIST }}\"" --head "$BRANCH_NAME" --base "main" --label "CVE-fix"
+          git diff --stat
+          echo "create_pr_update=false" >> $GITHUB_OUTPUT
+          if [[ $(git diff --stat) != '' ]]; then
+            echo "create_pr_update=true" >> $GITHUB_OUTPUT
+            echo "diff<<EOF" >> "${GITHUB_OUTPUT}"
+            git diff >> "${GITHUB_OUTPUT}"
+            echo "EOF" >> "${GITHUB_OUTPUT}"
+          fi
+      
+      - uses: chainguard-dev/actions/setup-gitsign@57cb0b7560d9b9b081c15ac5ef689f73f4dda03e # main branch as of 2024-08-02
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        id: pull_request
+        with:
+          token: ${{ steps.octo-sts.outputs.token }}
+          commit-message: 'Update images digests'
+          title: 'Apply CVE Fix'
+          body: |
+            "Update Helm Redis Image Tag to ${{ env.LATEST_UNIQUE_TAG }}"
+      
+            ## Changes
+            <details>
+      
+            ```diff
+            ${{ steps.create_pr_update.outputs.diff }}
+            ```
+      
+            </details>
+          labels: automated pr, cve, patch
+          branch: 'apply-cve-fix'
+          committer: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
+          author: '${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>'
+          delete-branch: true