Add workflow for automatic PR for new stereoscope updates

[kzantow]

This PR adds a nightly check for updates to stereoscope and automatically creates a PR if there has been something merged to main that has not been updated in Syft.

[github-actions]

Benchmark Test Results

Benchmark results from the latest changes vs base branch

name old time/op new time/op delta ImagePackageCatalogers/ruby-gemspec-cataloger-2 1.20ms ± 4% 1.18ms ± 5% ~ (p=0.421 n=5+5) ImagePackageCatalogers/python-package-cataloger-2 2.99ms ± 1% 3.06ms ± 5% ~ (p=0.063 n=4+5) ImagePackageCatalogers/php-composer-installed-cataloger-2 1.00ms ± 3% 0.95ms ± 1% -4.99% (p=0.008 n=5+5) ImagePackageCatalogers/javascript-package-cataloger-2 681µs ± 2% 641µs ± 1% -5.81% (p=0.016 n=4+5) ImagePackageCatalogers/dpkgdb-cataloger-2 811µs ± 1% 751µs ± 1% -7.40% (p=0.008 n=5+5) ImagePackageCatalogers/rpmdb-cataloger-2 727µs ± 2% 689µs ± 3% -5.26% (p=0.008 n=5+5) ImagePackageCatalogers/java-cataloger-2 14.2ms ± 3% 14.1ms ± 2% ~ (p=1.000 n=5+5) ImagePackageCatalogers/apkdb-cataloger-2 1.31ms ± 2% 1.23ms ± 4% -6.18% (p=0.008 n=5+5) ImagePackageCatalogers/go-module-binary-cataloger-2 2.23µs ± 2% 2.14µs ± 2% -3.88% (p=0.008 n=5+5) name old alloc/op new alloc/op delta ImagePackageCatalogers/ruby-gemspec-cataloger-2 184kB ± 0% 184kB ± 0% ~ (p=0.841 n=5+5) ImagePackageCatalogers/python-package-cataloger-2 896kB ± 0% 896kB ± 0% ~ (p=0.690 n=5+5) ImagePackageCatalogers/php-composer-installed-cataloger-2 196kB ± 0% 196kB ± 0% +0.11% (p=0.048 n=5+5) ImagePackageCatalogers/javascript-package-cataloger-2 140kB ± 0% 140kB ± 0% ~ (p=0.056 n=5+5) ImagePackageCatalogers/dpkgdb-cataloger-2 175kB ± 0% 175kB ± 0% +0.18% (p=0.016 n=5+5) ImagePackageCatalogers/rpmdb-cataloger-2 163kB ± 0% 163kB ± 0% ~ (p=1.000 n=5+5) ImagePackageCatalogers/java-cataloger-2 3.29MB ± 0% 3.29MB ± 0% ~ (p=1.000 n=5+5) ImagePackageCatalogers/apkdb-cataloger-2 1.24MB ± 0% 1.24MB ± 0% ~ (p=0.548 n=5+5) ImagePackageCatalogers/go-module-binary-cataloger-2 672B ± 0% 672B ± 0% ~ (all equal) name old allocs/op new allocs/op delta ImagePackageCatalogers/ruby-gemspec-cataloger-2 3.66k ± 0% 3.66k ± 0% ~ (all equal) ImagePackageCatalogers/python-package-cataloger-2 14.8k ± 0% 14.8k ± 0% ~ (p=0.683 n=5+5) ImagePackageCatalogers/php-composer-installed-cataloger-2 4.94k ± 0% 4.94k ± 0% ~ (p=0.238 n=4+5) ImagePackageCatalogers/javascript-package-cataloger-2 2.72k ± 0% 2.72k ± 0% ~ (all equal) ImagePackageCatalogers/dpkgdb-cataloger-2 3.93k ± 0% 3.93k ± 0% ~ (all equal) ImagePackageCatalogers/rpmdb-cataloger-2 4.01k ± 0% 4.01k ± 0% ~ (all equal) ImagePackageCatalogers/java-cataloger-2 52.2k ± 0% 52.2k ± 0% ~ (p=0.667 n=5+5) ImagePackageCatalogers/apkdb-cataloger-2 4.81k ± 0% 4.81k ± 0% ~ (p=1.000 n=5+5) ImagePackageCatalogers/go-module-binary-cataloger-2 15.0 ± 0% 15.0 ± 0% ~ (all equal) 

[spiffcs]

Nice addition! Just one comment on possibly acting only if the versions have changed.

[spiffcs]

Are we get the current version that syft is using from the go.mod file?

If we find that this version is the same as LATEST_VERSION are we then able to short circuit the PR?

My thinking here is that if we can make it only every night where the versions change we have a chance to reduce the PR noise that could get introduced to our notifications feed.

[kzantow]

As noted in the Grype PR, the auto-PR won't be created if there are no changes 👍

accident