fix(ci): check branch existence instead of open PRs for checkout strategy

.github/workflows/update-stores.yml

@@ -1,6 +1,8 @@
 name: Create Cert Store Update Pull Request
 
 on:
+  schedule:
+    - cron: '0 0 * * *'
   repository_dispatch:
     types: targetRepo-event
   workflow_dispatch:
@@ -16,6 +18,12 @@ jobs:
   create_pull_request:
     runs-on: ubuntu-latest
     steps:
+      - name: Set TARGET_REPO_BRANCH from schedule
+        if: github.event_name == 'schedule'
+        run: |
+          echo "TARGET_REPO_BRANCH=latest" | tee -a $GITHUB_ENV
+          echo "KFUTIL_ARG=all" | tee -a $GITHUB_ENV
+
       - name: Set TARGET_REPO_BRANCH from workflow_dispatch input
         if: github.event_name == 'workflow_dispatch'
         id: set-local-env-vars
@@ -39,41 +47,39 @@ jobs:
 
       - name: Check Open PRs for Existing Branch
         id: check-branch
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
         with:
           script: |
-            // Look for open pull requests
             const owner = context.repo.owner;
             const repo = context.repo.repo;
-            const pulls = await github.rest.pulls.list({
-              owner,
-              repo,
-              state: "open"
-            });
-            // Filter out ones matching our branch naming convention
-            const filteredData = pulls.data.filter(item => item.head.ref === '${{ env.BRANCH_NAME }}');
-            const isBranch = (filteredData.length > 0)
-            if (isBranch) {
-              const {
-                head: { ref: incomingBranch }, base: { ref: baseBranch }
-              } = pulls.data[0]
-              core.setOutput('PR_BRANCH', 'commit'); // Just commit since the branch exists
-              console.log(`incomingBranch: ${incomingBranch}`)
-              console.log(`baseBranch: ${baseBranch}`)
-            } else {
-              core.setOutput('PR_BRANCH', 'create') // No branch, create one
+            const branchName = '${{ env.BRANCH_NAME }}';
+
+            // Check if the branch itself exists
+            let branchExists = false;
+            try {
+              await github.rest.git.getRef({ owner, repo, ref: `heads/${branchName}` });
+              branchExists = true;
+            } catch (e) {
+              branchExists = false;
             }
-            console.log(`Branch exists? ${filteredData.length > 0}`)
-            console.log(`Branch name: ${{env.BRANCH_NAME}}`)
+
+            // Check for an open PR targeting this branch
+            const pulls = await github.rest.pulls.list({ owner, repo, state: "open" });
+            const hasOpenPR = pulls.data.some(item => item.head.ref === branchName);
+
+            console.log(`Branch exists: ${branchExists}, Open PR: ${hasOpenPR}, Branch name: ${branchName}`);
+            core.setOutput('PR_BRANCH', branchExists ? 'commit' : 'create');
+            core.setOutput('HAS_OPEN_PR', String(hasOpenPR));
 
       - name: set env.PR_BRANCH value for jobs
         run: |
           echo "PR_BRANCH=${{steps.check-branch.outputs.PR_BRANCH}}" | tee -a $GITHUB_ENV
+          echo "HAS_OPEN_PR=${{steps.check-branch.outputs.HAS_OPEN_PR}}" | tee -a $GITHUB_ENV
 
       # If the branch with an open PR already exists, first check out that branch from kfutil
       - name: Check out existing repo merge branch
         if: env.PR_BRANCH == 'commit'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: 'keyfactor/kfutil'
           sparse-checkout: |
@@ -86,7 +92,7 @@ jobs:
       # If the branch does not exist, first check out the main branch from kfutil.
       - name: Check out main
         if: env.PR_BRANCH == 'create'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: 'keyfactor/kfutil'
           sparse-checkout: |
@@ -103,7 +109,7 @@ jobs:
 
       # Checkout and run the python tool
       - name: Check out python merge tool repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           repository: 'keyfactor/integration-tools'
           path: './tools/'
@@ -118,7 +124,7 @@ jobs:
 
       - name: Save Store Types JSON Artifact
         if: success()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: store-types
           path: |
@@ -127,14 +133,14 @@ jobs:
 
       - name: Save Invalid Store Types JSON Artifact
         if: success()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: invalid-repos
           path: ./tools/store-type-merge/invalid_repos.json
 
       - name: Save logs directory
         if: success()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: logs
           path: ./tools/store-type-merge/log
@@ -164,7 +170,7 @@ jobs:
       #  Both steps will contain a check for the UPDATE_FILE variable before running
       - name: Add and Commit to newly created branch
         if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'create' }}
-        uses: Keyfactor/add-and-commit@v9.1.3
+        uses: Keyfactor/add-and-commit@v9.1.4
         env:
           GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
         with:
@@ -179,7 +185,7 @@ jobs:
 
       - name: Add and Commit to existing branch
         if: ${{ env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'commit' }}
-        uses: Keyfactor/add-and-commit@v9.1.3
+        uses: Keyfactor/add-and-commit@v9.1.4
         env:
           GITHUB_TOKEN: ${{ secrets.SDK_SYNC_PAT }}
         with:
@@ -192,7 +198,7 @@ jobs:
           cwd: './merge-folder/'
 
       - name: Create new PR for the newly created branch
-        if: env.UPDATE_FILE == 'T' && env.PR_BRANCH == 'create'
+        if: env.UPDATE_FILE == 'T' && env.HAS_OPEN_PR == 'false'
         uses: actions/github-script@v7
         with:
           script: |
@@ -207,7 +213,7 @@ jobs:
             const response = await github.rest.pulls.create({
               owner,
               repo,
-              title: 'New Pull Request - ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}',
+              title: 'Store Types Update - ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}}',
               head: newBranch,
               base: baseBranch,
               body: 'The cert store update from ${{env.KFUTIL_ARG}}:${{env.TARGET_REPO_BRANCH}} needs to be verified and merged if correct.',