From ecb535a9c8fd9709a73759303afd2779e5e96dca Mon Sep 17 00:00:00 2001
From: Fede Barcelona <fede_rico_94@hotmail.com>
Date: Tue, 23 Sep 2025 12:36:39 +0200
Subject: [PATCH 1/2] ci: add automatic release on package.json version change

---
 .github/git-chglog/CHANGELOG.tpl.md | 27 ++++++++++
 .github/git-chglog/config.yml       | 32 ++++++++++++
 .github/workflows/release.yml       | 77 +++++++++++++++++++++++++++++
 3 files changed, 136 insertions(+)
 create mode 100644 .github/git-chglog/CHANGELOG.tpl.md
 create mode 100644 .github/git-chglog/config.yml
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/git-chglog/CHANGELOG.tpl.md b/.github/git-chglog/CHANGELOG.tpl.md
new file mode 100644
index 0000000..fd65e5d
--- /dev/null
+++ b/.github/git-chglog/CHANGELOG.tpl.md
@@ -0,0 +1,27 @@
+{{ range .Versions }}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+
+{{ range .Commits -}}
+* {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{ end }}
+{{ end -}}
+
+{{- if .RevertCommits -}}
+### Reverts
+
+{{ range .RevertCommits -}}
+* {{ .Revert.Header }}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
diff --git a/.github/git-chglog/config.yml b/.github/git-chglog/config.yml
new file mode 100644
index 0000000..59700df
--- /dev/null
+++ b/.github/git-chglog/config.yml
@@ -0,0 +1,32 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/sysdiglabs/scan-action
+options:
+  commits:
+    # filters:
+    #   Type:
+    #     - feat
+    #     - fix
+    #     - perf
+    #     - refactor
+  commit_groups:
+    title_maps:
+      feat: Features
+      fix: Bug Fixes
+      perf: Performance Improvements
+      refactor: Code Refactoring
+      ci: Continuous Integration
+      docs: Documentation
+      chore: Small Modifications
+      build: Compilation & Dependencies
+  header:
+    pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
+    pattern_maps:
+      - Type
+      - Scope
+      - Subject
+  notes:
+    keywords:
+      - BREAKING CHANGE
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..6abc8c9
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,77 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - package.json
+
+jobs:
+  check-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      changes: ${{ steps.check_changes.outputs.changes }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+
+      - name: Check if the package.version has changed
+        id: check_changes
+        run: |
+          set -euo pipefail
+          curr=$(jq -r '.version' package.json)
+          prev=$(git show HEAD^:package.json 2>/dev/null | jq -r '.version' || echo "")
+          if [ -n "$prev" ] && [ "$curr" != "$prev" ]; then
+            echo "changes=detected" >> "$GITHUB_OUTPUT"
+          else
+            echo "changes=none" >> "$GITHUB_OUTPUT"
+          fi
+
+  release:
+    runs-on: ubuntu-latest
+    needs: check-changes
+    if: needs.check-changes.outputs.changes == 'detected'
+    permissions:
+      contents: write
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Get current version
+        id: version
+        run: echo "version=v$(jq -r '.version' package.json)" >> "$GITHUB_OUTPUT"
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Install git-chglog
+        run: nix profile install nixpkgs#git-chglog
+
+      - name: Tag with version ${{ steps.version.outputs.version }}
+        run: git tag "${{ steps.version.outputs.version }}"
+
+      - name: Generate changelog
+        run: git-chglog -c .github/git-chglog/config.yml -o RELEASE_CHANGELOG.md "${{ steps.version.outputs.version }}"
+
+      - name: Create release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ steps.version.outputs.version }}
+          tag_name: ${{ steps.version.outputs.version }}
+          prerelease: false
+          body_path: RELEASE_CHANGELOG.md
+
+      - name: Create major tag
+        run: |
+          MAJOR_VERSION=$(echo ${{ steps.version.outputs.version }} | cut -d. -f1)
+          git tag -f "$MAJOR_VERSION"
+          git push -f origin "$MAJOR_VERSION"

From 4cb9c14f8621b7835957ea12783836a1fade7ba6 Mon Sep 17 00:00:00 2001
From: Fede Barcelona <fede_rico_94@hotmail.com>
Date: Tue, 23 Sep 2025 12:38:31 +0200
Subject: [PATCH 2/2] chore: update to 6.1.2

---
 dist/index.js                  | 2 +-
 package.json                   | 2 +-
 tests/fixtures/sarif-test.json | 6 +++---
 tests/sarif.test.ts            | 6 +++---
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 46cca8d..f843d91 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -28843,7 +28843,7 @@ module.exports = parseParams
 /***/ ((module) => {
 
 "use strict";
-module.exports = JSON.parse('{"name":"secure-inline-scan-action","version":"6.1.1","description":"This actions performs image analysis on locally built container image and posts the result of the analysis to Sysdig Secure.","main":"index.js","scripts":{"lint":"eslint . --ignore-pattern \'build/*\'","build":"tsc","prepare":"npm run build && ncc build build/index.js -o dist --source-map --license licenses.txt","test":"jest","all":"npm run lint && npm run prepare && npm run test"},"repository":{"type":"git","url":"git+https://github.com/sysdiglabs/secure-inline-scan-action.git"},"keywords":["sysdig","secure","container","image","scanning","docker"],"author":"airadier","license":"Apache-2.0","bugs":{"url":"https://github.com/sysdiglabs/secure-inline-scan-action/issues"},"homepage":"https://github.com/sysdiglabs/secure-inline-scan-action#readme","dependencies":{"@actions/core":"^1.10.1","@actions/exec":"^1.1.0","@actions/github":"^6.0.1"},"devDependencies":{"@types/jest":"^29.5.12","@types/tmp":"^0.2.6","@vercel/ncc":"^0.36.1","eslint":"^7.32.0","jest":"^29.7.0","tmp":"^0.2.1","ts-jest":"^29.2.3","typescript":"^5.5.4"}}');
+module.exports = JSON.parse('{"name":"secure-inline-scan-action","version":"6.1.2","description":"This actions performs image analysis on locally built container image and posts the result of the analysis to Sysdig Secure.","main":"index.js","scripts":{"lint":"eslint . --ignore-pattern \'build/*\'","build":"tsc","prepare":"npm run build && ncc build build/index.js -o dist --source-map --license licenses.txt","test":"jest","all":"npm run lint && npm run prepare && npm run test"},"repository":{"type":"git","url":"git+https://github.com/sysdiglabs/secure-inline-scan-action.git"},"keywords":["sysdig","secure","container","image","scanning","docker"],"author":"airadier","license":"Apache-2.0","bugs":{"url":"https://github.com/sysdiglabs/secure-inline-scan-action/issues"},"homepage":"https://github.com/sysdiglabs/secure-inline-scan-action#readme","dependencies":{"@actions/core":"^1.10.1","@actions/exec":"^1.1.0","@actions/github":"^6.0.1"},"devDependencies":{"@types/jest":"^29.5.12","@types/tmp":"^0.2.6","@vercel/ncc":"^0.36.1","eslint":"^7.32.0","jest":"^29.7.0","tmp":"^0.2.1","ts-jest":"^29.2.3","typescript":"^5.5.4"}}');
 
 /***/ })
 
diff --git a/package.json b/package.json
index 70e2d86..b84eb9a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "secure-inline-scan-action",
-  "version": "6.1.1",
+  "version": "6.1.2",
   "description": "This actions performs image analysis on locally built container image and posts the result of the analysis to Sysdig Secure.",
   "main": "index.js",
   "scripts": {
diff --git a/tests/fixtures/sarif-test.json b/tests/fixtures/sarif-test.json
index e80cbaa..cfba23a 100644
--- a/tests/fixtures/sarif-test.json
+++ b/tests/fixtures/sarif-test.json
@@ -8,9 +8,9 @@
           "name": "sysdig-cli-scanner",
           "fullName": "Sysdig Vulnerability CLI Scanner",
           "informationUri": "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner",
-          "version": "6.1.1",
-          "semanticVersion": "6.1.1",
-          "dottedQuadFileVersion": "6.1.1.0",
+          "version": "6.1.2",
+          "semanticVersion": "6.1.2",
+          "dottedQuadFileVersion": "6.1.2.0",
           "rules": [
             {
               "id": "CVE-2023-48795",
diff --git a/tests/sarif.test.ts b/tests/sarif.test.ts
index 8110040..9a9f741 100644
--- a/tests/sarif.test.ts
+++ b/tests/sarif.test.ts
@@ -30,9 +30,9 @@ describe("input parsing", () => {
               name: "sysdig-cli-scanner",
               fullName: "Sysdig Vulnerability CLI Scanner",
               informationUri: "https://docs.sysdig.com/en/docs/installation/sysdig-secure/install-vulnerability-cli-scanner",
-              version: "6.1.1",
-              semanticVersion: "6.1.1",
-              dottedQuadFileVersion: "6.1.1.0",
+              version: "6.1.2",
+              semanticVersion: "6.1.2",
+              dottedQuadFileVersion: "6.1.2.0",
               rules: []
             }
           },