Update updates.yaml

Signed-off-by: John Osborne <josborne@chainguard.dev>
chainguard-dev · Nov 19, 2024 · e44a994 · e44a994
1 parent 0311632
commit e44a994
Showing 1 changed file with 28 additions and 23 deletions.
diff --git a/.github/workflows/updates.yaml b/.github/workflows/updates.yaml
@@ -32,7 +32,7 @@ jobs:
       - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0
         id: octo-sts
         with:
-          scope: ${{ github.repository }}
+          scope: chainguard-dev/chainguard-migration-demo
           identity: updates
 
       - name: Install Crane
@@ -94,28 +94,33 @@ jobs:
             echo "No CVE fixes available"
             echo "FIX_CVE=false" >> $GITHUB_ENV
           fi
-
-      - name: Create a new branch and commit changes
-        if: env.FIX_CVE == 'true'
-        env:
-          CI_COMMIT_MESSAGE: "Update Helm Redis Image Tag"
-          CI_COMMIT_AUTHOR: github-actions[bot]
-          GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
+    
+      - env:
           GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
         run: |
-          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --global push.autoSetupRemote true
+          gh repo list
           
-          BRANCH_NAME="update-helm-redis-image-tag"
-          git checkout -b $BRANCH_NAME
-          yq -i ".image.tag = \"${{ env.LATEST_UNIQUE_TAG }}\"" helm/redis/values.yaml
-          git add helm/redis/values.yaml
-          git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
-          git push
-          gh pr create \
-            --title "Update Helm Redis Image Tag" \
-            --body "This PR remdiates CVEs: \"${{ env.CVE_LIST }}\"" \
-            --head "$BRANCH_NAME" \
-            --base "main" \
-            --label "CVE-fix"
+      - name: Create a new branch and commit changes
+          if: env.FIX_CVE == 'true'
+          env:
+            CI_COMMIT_MESSAGE: "Update Helm Redis Image Tag"
+            CI_COMMIT_AUTHOR: github-actions[bot]
+            GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
+            GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
+          run: |
+            git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git config --global push.autoSetupRemote true
+            
+            BRANCH_NAME="update-helm-redis-image-tag"
+            git checkout -b $BRANCH_NAME
+            yq -i ".image.tag = \"${{ env.LATEST_UNIQUE_TAG }}\"" helm/redis/values.yaml
+            git add helm/redis/values.yaml
+            git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
+            git push
+            gh pr create \
+              --title "Update Helm Redis Image Tag" \
+              --body "This PR remdiates CVEs: \"${{ env.CVE_LIST }}\"" \
+              --head "$BRANCH_NAME" \
+              --base "main" \
+              --label "CVE-fix"