commit

cx-daniel-greenspan · web-flow · commit d0426105eeb4 · 2025-04-17T17:04:02.000+03:00
diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml
@@ -1,5 +1,4 @@
 name: Update checkmarx ast cli
-
 on:
   workflow_dispatch:
   repository_dispatch:
@@ -24,30 +23,50 @@ jobs:
           git config --global user.name github-actions
           git config --global user.email github-actions@github.com
 
-      - name: Set Hardcoded Checkmarx CLI version
+      - name: Get Latest Checkmarx API version
         id: checkmarx-ast-cli
         run: |
-          echo "release_tag=2.3.19" >> $GITHUB_OUTPUT
-          echo "current_tag=$(<checkmarx-ast-cli.version)" >> $GITHUB_OUTPUT
+          echo ::set-output name=release_tag::$(curl -sL https://api.github.com/repos/Checkmarx/ast-cli/releases/latest | jq -r ".tag_name")
+          echo ::set-output name=current_tag::$(<checkmarx-ast-cli.version)
 
       - name: Update Checkmarx cli version
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+        env:
+          RELEASE_TAG: ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
         run: |
-          echo "${{ steps.checkmarx-ast-cli.outputs.release_tag }}" > checkmarx-ast-cli.version
+          # Update current release
+          echo ${{ steps.checkmarx-ast-cli.outputs.release_tag }} > checkmarx-ast-cli.version
 
       - name: Download latest cli and update branch
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
         run: |
+          # Update binaries
           chmod +x ./.github/scripts/update_cli.sh
           ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
 
-      - name: Track large files with Git LFS and commit changes
+      - name: Track large files with Git LFS
         if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
         run: |
           git lfs track "src/main/wrapper/resources/cx-linux"
           git lfs track "src/main/wrapper/resources/cx.exe"
           git lfs track "src/main/wrapper/resources/cx-mac"
           git add .gitattributes
-          git add src/main/wrapper/resources/cx-linux src/main/wrapper/resources/cx.exe src/main/wrapper/resources/cx-mac checkmarx-ast-cli.version
-          git commit -m "Update Checkmarx CLI to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}" || echo "No changes to commit"
-          git push origin HEAD
+          git add src/main/wrapper/resources/cx-linux src/main/wrapper/resources/cx.exe src/main/wrapper/resources/cx-mac
+          git commit -m "Track Checkmarx CLI binaries with Git LFS"
+
+      - name: Create Pull Request
+        id: cretae_pull_request
+        if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6
+        with:
+          token: ${{ secrets.AUTOMATION_TOKEN }}
+          commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+          title: Update checkmarx-ast-cli binaries with ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+          body: |
+            Updates [checkmarx-ast-cli][1] to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}
+
+            Auto-generated by [create-pull-request][2]
+
+            [1]: https://github.com/Checkmarx/checkmarx-ast-cli
+          labels: cxone
+          branch: feature/update_cli_${{ steps.checkmarx-ast-cli.outputs.release_tag }}
