Trunk Upgrade #18

	name: Trunk Upgrade
	on:
	schedule:
	- cron: 0 1 * * 2
	workflow_call: {}
	workflow_dispatch: {}

	permissions: {}
	concurrency:
	group: ${{ github.workflow }}-${{ github.repository }}
	cancel-in-progress: true

	jobs:
	get-temp-token:
	uses: 3ware/workflows/.github/workflows/get-workflow-token.yaml@57a900982a56bebaf91e660a56adb7f021690d15 # v4.0.0
	secrets: inherit

	trunk-upgrade:
	needs: [get-temp-token]
	name: Upgrade Trunk
	permissions:
	contents: write # For trunk to create PRs
	pull-requests: write # For trunk to create PRs
	runs-on: ubuntu-latest
	timeout-minutes: 30
	steps:
	- name: Checkout
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Decrypt the installation access token
	id: decrypt-token
	env:
	KEY: ${{ secrets.PGP_SECRET_SIGNING_PASSPHRASE }}
	run: \|
	DECRYPTED_TOKEN=$(gpg --decrypt --quiet --batch --passphrase "$KEY" \
	--output - <(echo "${{ needs.get-temp-token.outputs.temp-token }}" \
	\| base64 --decode))
	echo "::add-mask::$DECRYPTED_TOKEN"
	echo "temp-token=$DECRYPTED_TOKEN" >> $GITHUB_OUTPUT

	- name: Trunk Upgrade
	uses: trunk-io/trunk-action/upgrade@8e4c812061ece3fa253bbfa5a80ee1caefa19eb1 # v1.22.9
	with:
	github-token: ${{ steps.decrypt-token.outputs.temp-token }}
	prefix: "ci(trunk): "

Provide feedback