Keep kubescape github-action workflow up to date

[HollowMan6]

I notice that the kubescape version is a bit of old. I have tried to check if we can add an input to allow users to specify the Kubescape image version, but unfortunately this seems like not supported and all the two methods failed:

• https://github.com/HollowMan6/github-action/commit/b7bbbf7
• https://github.com/HollowMan6/github-action/commit/cd1c4d2

So I think there will be two way to go:

• Always use the latest tag.
• Whenever kubescape upstream makes a new release, bump version tag and make a new release of this github-action with that version tag , so that users can choose the version they want to use. (Maybe this is a better way? I can help automate this process)

[HollowMan6]

Just investigated the second way and switched into that. I will add a trigger at the upstream release workflow later: https://github.com/kubescape/kubescape/pull/1186

One of the drawback for this way is that it actually doesn't support publishing to GitHub Marketplace automatically as GitHub forbids us to do so, so we have to edit and update the release manually for each new version to publish the Action to the GitHub Marketplace: https://github.com/cli/cli/issues/5193#issuecomment-1036278907

So I fully understand if you don't like this and we can switch back into the first way instead.

In addition, I removed the build.yaml workflow as it looks like it's no longer needed. I also find that we actually don't need to make sure that workflows have Read and write permissions if we grant the following permissions explicitly in the workflow definition:

actions: read
contents: read
security-events: write

So I add those permissions grant explicitly in the workflow and remove the prerequisites for the ease of users.

[HollowMan6]

@dwertent

The auto version bumping workflow has failed:

remote: error: GH006: Protected branch update failed for refs/heads/main.        
remote: error: At least 1 approving review is required by reviewers with write access.        
To https://github.com/kubescape/github-action
 ! [remote rejected] main -> main (protected branch hook declined)
error: failed to push some refs to 'https://github.com/kubescape/github-action'

https://github.com/kubescape/github-action/actions/runs/4853461414/jobs/8649657320

Maybe you want to remove the branch protection for main or make some exceptions to it (although I don't know how to make such exception) to get it fixed.

[HollowMan6]

Just opened another PR to change the behavior of this release workflow.

• https://github.com/kubescape/github-action/pull/42

I think you may prefer that way instead of disabling the branch protection for main.

[TRohit20]

I don't think we need to change the branch protection rules, we can have an action to auto-approve the PR when raised by a specific user. @HollowMan6

[HollowMan6]

Just opened another PR to change the behavior of this release workflow.

• Version bumps start PRs instead of committing directly #42

I think you may prefer that way instead of disabling the branch protection for main.

I don't think we need to change the branch protection rules, we can have an action to auto-approve the PR when raised by a specific user. @HollowMan6

Yeah, go ahead if you want to add the auto-approving

[HollowMan6]

We didn't change the the branch protection rules here, it's now using the PR: https://github.com/kubescape/github-action/pull/56