From 4ddfec83d294d08e62ebdb73be2c26e8e1ad9c57 Mon Sep 17 00:00:00 2001 From: Will Murphy Date: Thu, 19 Mar 2026 08:48:01 -0400 Subject: [PATCH 1/2] fix(auto-updates): fix auto doc and tool updates Previously, the job to update tools and the job to update docs content were silently failing. Fix both jobs, and add slack failure notifications so that the team can respond sooner to future failures. Signed-off-by: Will Murphy --- .github/workflows/update-generated-docs.yaml | 24 +++++- .github/workflows/update-tools.yaml | 77 +++++++++++++++++++- 2 files changed, 98 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-generated-docs.yaml b/.github/workflows/update-generated-docs.yaml index 346e7dc8..3b48e742 100644 --- a/.github/workflows/update-generated-docs.yaml +++ b/.github/workflows/update-generated-docs.yaml @@ -20,6 +20,9 @@ permissions: contents: write pull-requests: write +env: + SLACK_NOTIFICATIONS: true + jobs: update-docs: name: Update Documentation @@ -80,9 +83,28 @@ jobs: title: "📚 Update generated documentation" body: | This PR contains automatic updates to the documentation generated from the latest tool container images (from the `update-generated-docs` workflow). - branch: update-generated-docs-${{ github.ref }} + branch: update-generated-docs labels: | documentation automated draft: false delete-branch: true + + - name: Notify Slack on failure + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1 + if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }} + with: + webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} + webhook-type: incoming-webhook + payload: | + text: "oss-docs generated documentation update failed" + blocks: + - type: section + text: + type: mrkdwn + text: | + *oss-docs generated documentation update failed* + • Workflow: `${{ github.workflow }}` + • Event: `${{ github.event_name }}` + • Job Status: `${{ job.status }}` + • <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run> diff --git a/.github/workflows/update-tools.yaml b/.github/workflows/update-tools.yaml index 205ab4aa..8f04c39f 100644 --- a/.github/workflows/update-tools.yaml +++ b/.github/workflows/update-tools.yaml @@ -8,6 +8,79 @@ on: permissions: contents: read +env: + SLACK_NOTIFICATIONS: true + jobs: - run: - uses: anchore/workflows/.github/workflows/update-tools.yaml@main + update-bootstrap-tools: + runs-on: ubuntu-latest + if: github.repository == 'anchore/oss-docs' # only run for main repo + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + with: + persist-credentials: false + + - name: Bootstrap environment + uses: ./.github/actions/bootstrap + + - name: "Update tool versions" + id: latest-versions + run: | + make update-tools + make list-tools + + export NO_COLOR=1 + delimiter="$(openssl rand -hex 8)" + + { + echo "status<<${delimiter}" + make list-tool-updates + echo "${delimiter}" + } >> $GITHUB_OUTPUT + + { + echo "### Tool version status" + echo "\`\`\`" + make list-tool-updates + echo "\`\`\`" + } >> $GITHUB_STEP_SUMMARY + + - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1 + id: generate-token + with: + app-id: ${{ secrets.TOKEN_APP_ID }} + private-key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} + + - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 #v8.1.0 + with: + signoff: true + delete-branch: true + branch: auto/latest-tools + labels: dependencies + commit-message: 'chore(deps): update tools to latest versions' + title: 'chore(deps): update tools to latest versions' + body: | + ``` + ${{ steps.latest-versions.outputs.status }} + ``` + This is an auto-generated pull request to update all of the tools to the latest versions. + token: ${{ steps.generate-token.outputs.token }} + + - name: Notify Slack on failure + uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1 + if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }} + with: + webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} + webhook-type: incoming-webhook + payload: | + text: "oss-docs tool version update failed" + blocks: + - type: section + text: + type: mrkdwn + text: | + *oss-docs tool version update failed* + • Workflow: `${{ github.workflow }}` + • Event: `${{ github.event_name }}` + • Job Status: `${{ job.status }}` + • <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run> From 864fe5879cdb01c5554788fd998f94dadb7eb910 Mon Sep 17 00:00:00 2001 From: Will Murphy Date: Thu, 19 Mar 2026 09:27:35 -0400 Subject: [PATCH 2/2] run precommit on generate Signed-off-by: Will Murphy --- tasks.d/generate.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks.d/generate.yaml b/tasks.d/generate.yaml index 6e929007..a639f25a 100644 --- a/tasks.d/generate.yaml +++ b/tasks.d/generate.yaml @@ -54,6 +54,8 @@ tasks: - "{{.VULNERABILITY_CAPABILITIES_CMD}} --update" - "{{.DATA_SOURCES_CMD}} --update" - "make lint-fix || true" + - "uv run pre-commit run end-of-file-fixer --all-files || true" + - "uv run pre-commit run trailing-whitespace --all-files || true" update-release-notes: desc: Generate release notes for all projects