anchore · willmurphyscode · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
diff --git a/.github/workflows/update-generated-docs.yaml b/.github/workflows/update-generated-docs.yaml
@@ -20,6 +20,9 @@ permissions:
   contents: write
   pull-requests: write
 
+env:
+  SLACK_NOTIFICATIONS: true
+
 jobs:
   update-docs:
     name: Update Documentation
@@ -80,9 +83,28 @@ jobs:
           title: "📚 Update generated documentation"
           body: |
             This PR contains automatic updates to the documentation generated from the latest tool container images (from the `update-generated-docs` workflow).
-          branch: update-generated-docs-${{ github.ref }}
+          branch: update-generated-docs
           labels: |
             documentation
             automated
           draft: false
           delete-branch: true
+
+      - name: Notify Slack on failure
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1
+        if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }}
+        with:
+          webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: "oss-docs generated documentation update failed"
+            blocks:
+              - type: section
+                text:
+                  type: mrkdwn
+                  text: |
+                    *oss-docs generated documentation update failed*
+                    • Workflow: `${{ github.workflow }}`
+                    • Event: `${{ github.event_name }}`
+                    • Job Status: `${{ job.status }}`
+                    • <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run>
diff --git a/.github/workflows/update-tools.yaml b/.github/workflows/update-tools.yaml
@@ -8,6 +8,79 @@ on:
 permissions:
   contents: read
 
+env:
+  SLACK_NOTIFICATIONS: true
+
 jobs:
-  run:
-    uses: anchore/workflows/.github/workflows/update-tools.yaml@main
+  update-bootstrap-tools:
+    runs-on: ubuntu-latest
+    if: github.repository == 'anchore/oss-docs' # only run for main repo
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Bootstrap environment
+        uses: ./.github/actions/bootstrap
+
+      - name: "Update tool versions"
+        id: latest-versions
+        run: |
+          make update-tools
+          make list-tools
+
+          export NO_COLOR=1
+          delimiter="$(openssl rand -hex 8)"
+
+          {
+            echo "status<<${delimiter}"
+            make list-tool-updates
+            echo "${delimiter}"
+          } >> $GITHUB_OUTPUT
+
+          {
+            echo "### Tool version status"
+            echo "\`\`\`"
+            make list-tool-updates
+            echo "\`\`\`"
+          } >> $GITHUB_STEP_SUMMARY
+
+      - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf #v2.2.1
+        id: generate-token
+        with:
+          app-id: ${{ secrets.TOKEN_APP_ID }}
+          private-key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
+
+      - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 #v8.1.0
+        with:
+          signoff: true
+          delete-branch: true
+          branch: auto/latest-tools
+          labels: dependencies
+          commit-message: 'chore(deps): update tools to latest versions'
+          title: 'chore(deps): update tools to latest versions'
+          body: |
+            ```
+            ${{ steps.latest-versions.outputs.status }}
+            ```
+            This is an auto-generated pull request to update all of the tools to the latest versions.
+          token: ${{ steps.generate-token.outputs.token }}
+
+      - name: Notify Slack on failure
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a #v2.1.1
+        if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }}
+        with:
+          webhook: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: "oss-docs tool version update failed"
+            blocks:
+              - type: section
+                text:
+                  type: mrkdwn
+                  text: |
+                    *oss-docs tool version update failed*
+                    • Workflow: `${{ github.workflow }}`
+                    • Event: `${{ github.event_name }}`
+                    • Job Status: `${{ job.status }}`
+                    • <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run>
diff --git a/tasks.d/generate.yaml b/tasks.d/generate.yaml
@@ -54,6 +54,8 @@ tasks:
       - "{{.VULNERABILITY_CAPABILITIES_CMD}} --update"
       - "{{.DATA_SOURCES_CMD}} --update"
       - "make lint-fix || true"
+      - "uv run pre-commit run end-of-file-fixer --all-files || true"
+      - "uv run pre-commit run trailing-whitespace --all-files || true"
 
   update-release-notes:
     desc: Generate release notes for all projects