From a406f17aab75e1d62a9d9b757495a43b725f7dde Mon Sep 17 00:00:00 2001 From: Priya Ananthasankar Date: Mon, 5 Jan 2026 11:53:52 -0800 Subject: [PATCH 1/5] Fixed github token --- .github/workflows/update-pinned-libs.yml | 64 +++++++++++++++--------- 1 file changed, 39 insertions(+), 25 deletions(-) diff --git a/.github/workflows/update-pinned-libs.yml b/.github/workflows/update-pinned-libs.yml index 58c8461e..39771b36 100644 --- a/.github/workflows/update-pinned-libs.yml +++ b/.github/workflows/update-pinned-libs.yml @@ -81,30 +81,44 @@ jobs: fi echo "Updated ISTIO_VERSION to ${LATEST}" + - name: Create and push branch with updates + if: steps.compare-istio.outputs.needs_update == 'true' + run: | + BRANCH_NAME="update-pinned-libs-$(date +%Y%m%d)" + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git checkout -b "$BRANCH_NAME" + git add linux/base.Dockerfile + git commit -m "chore: update pinned library versions" + git push origin "$BRANCH_NAME" + echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT + id: push-branch + - name: Create Pull Request if: steps.compare-istio.outputs.needs_update == 'true' - uses: peter-evans/create-pull-request@v6 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "chore: update pinned library versions" - title: "chore: update pinned library versions" - body: | - ## Automated Library Version Updates - - This PR updates the following pinned library versions: - - ${{ steps.compare-istio.outputs.needs_update == 'true' && format('- **Istio**: `{0}` → `{1}`', steps.current-istio.outputs.version, steps.latest-istio.outputs.version) || '' }} - - ### Changes - - Updated version variables in [linux/base.Dockerfile](linux/base.Dockerfile) - - ### Release Notes - ${{ steps.compare-istio.outputs.needs_update == 'true' && format('- [Istio {0}](https://github.com/istio/istio/releases/tag/{0})', steps.latest-istio.outputs.version) || '' }} - - --- - *This PR was automatically created by the Update Pinned Library Versions workflow.* - branch: update-pinned-libs-${{ github.run_number }} - delete-branch: true - labels: | - dependencies - automated + env: + GH_TOKEN: ${{ github.token }} + run: | + CURRENT_VERSION="${{ steps.current-istio.outputs.version }}" + LATEST_VERSION="${{ steps.latest-istio.outputs.version }}" + BRANCH_NAME="${{ steps.push-branch.outputs.branch }}" + + gh pr create \ + --title "chore: update pinned library versions" \ + --body "## Automated Library Version Updates + + This PR updates the following pinned library versions: + + - **Istio**: ${CURRENT_VERSION} to ${LATEST_VERSION} + + ### Changes + - Updated version variables in linux/base.Dockerfile + + ### Release Notes + - Istio ${LATEST_VERSION}: https://github.com/istio/istio/releases/tag/${LATEST_VERSION} + + --- + This PR was automatically created by the Update Pinned Library Versions workflow." \ + --base master \ + --head "${BRANCH_NAME}" \ + --label "dependencies,automated" From 94ec7612e338467bed78970061d24326d7e7fddb Mon Sep 17 00:00:00 2001 From: Priya Ananthasankar Date: Mon, 5 Jan 2026 13:25:44 -0800 Subject: [PATCH 2/5] Fixed token --- .github/workflows/update-pinned-libs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-pinned-libs.yml b/.github/workflows/update-pinned-libs.yml index 39771b36..b881ef19 100644 --- a/.github/workflows/update-pinned-libs.yml +++ b/.github/workflows/update-pinned-libs.yml @@ -97,7 +97,7 @@ jobs: - name: Create Pull Request if: steps.compare-istio.outputs.needs_update == 'true' env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} run: | CURRENT_VERSION="${{ steps.current-istio.outputs.version }}" LATEST_VERSION="${{ steps.latest-istio.outputs.version }}" From e7d1c63a2dd607cd6c3f3e457fedd8e9b1c01860 Mon Sep 17 00:00:00 2001 From: Priya Ananthasankar Date: Mon, 5 Jan 2026 14:31:21 -0800 Subject: [PATCH 3/5] Fixed labels --- .github/workflows/update-pinned-libs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-pinned-libs.yml b/.github/workflows/update-pinned-libs.yml index b881ef19..3e08fb0c 100644 --- a/.github/workflows/update-pinned-libs.yml +++ b/.github/workflows/update-pinned-libs.yml @@ -121,4 +121,4 @@ jobs: This PR was automatically created by the Update Pinned Library Versions workflow." \ --base master \ --head "${BRANCH_NAME}" \ - --label "dependencies,automated" + --label "version_upgrade, automated_pr" From ab2a12aaf06e32dbb4022f55c378d7ab86b5f426 Mon Sep 17 00:00:00 2001 From: Priya Ananthasankar Date: Mon, 5 Jan 2026 14:38:32 -0800 Subject: [PATCH 4/5] Fixed labels --- .github/workflows/update-pinned-libs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-pinned-libs.yml b/.github/workflows/update-pinned-libs.yml index 3e08fb0c..5b7d4656 100644 --- a/.github/workflows/update-pinned-libs.yml +++ b/.github/workflows/update-pinned-libs.yml @@ -121,4 +121,4 @@ jobs: This PR was automatically created by the Update Pinned Library Versions workflow." \ --base master \ --head "${BRANCH_NAME}" \ - --label "version_upgrade, automated_pr" + --label "version_upgrade,automated_pr" From 78b6635f8dc36706ca665deae9411acec7c763f4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 5 Jan 2026 22:39:04 +0000 Subject: [PATCH 5/5] chore: update pinned library versions --- linux/base.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/base.Dockerfile b/linux/base.Dockerfile index 15b22c50..58dbc156 100644 --- a/linux/base.Dockerfile +++ b/linux/base.Dockerfile @@ -172,7 +172,7 @@ RUN chmod 755 /usr/local/bin/ansible* \ # Install specific version of Istio from GitHub releases -ENV ISTIO_VERSION=1.28.1 +ENV ISTIO_VERSION=1.28.2 RUN export TMP_DIR=$(mktemp -d) \ && cd "${TMP_DIR}" \ && curl -L https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux-amd64.tar.gz -o istio.tar.gz \