rpm_updates.yml

name: update rpm packages

on:
  workflow_dispatch:
  schedule:
    - cron: '0 19 * * 0' # 7pm UTC on Sundays

jobs:
  update-rpm-packages:
    runs-on: ubuntu-22.04
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
          token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || github.token }}
      - uses: ./.github/actions/setup_nix
        with:
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          cachixToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
      - name: Update Microsoft RPMs
        run: |
          nix run .#rpm-pin-vendor -- kata-packages-uvm kata-packages-uvm-coco systemd libseccomp > packages/by-name/microsoft/kata-image/package-index.json
      - name: Update Kata RPMs
        run: |
          nix run .#rpm-pin-vendor -- kata-packages-uvm kata-packages-uvm-coco systemd libseccomp core-packages-base-image > packages/by-name/kata/kata-image/package-index.json
      - name: Create PR
        uses: peter-evans/create-pull-request@8867c4aba1b742c39f8d0ba35429c2dfa4b6cb20 # v7.0.1
        with:
          title: "deps: update pinned rpm packages"
          body: "Automated updated created by [rpm_updates workflow](https://github.com/edgelesssys/contrast/blob/main/.github/workflows/rpm_updates.yml)."
          commit-message: "deps: update pinned rpm packages"
          base: main
          draft: false
          labels: "dependencies"
          committer: edgelessci <edgelessci@users.noreply.github.com>
          author: edgelessci <edgelessci@users.noreply.github.com>
          token: ${{ secrets.NUNKI_CI_COMMIT_PUSH_PR }}