Skip to Content
Last modified by chrisby on 2025/04/22 14:54
From version 1.4
edited by chrisby
on 2025/04/22 14:10
Change comment: There is no comment for this version
To version 2.6
edited by chrisby
on 2025/04/22 14:54
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,0 +1,92 @@
1 +### Use Case
2 +
3 +* Private GitHub repo, with other private repositories as dependencies
4 +* Need for fully automated dependency updates, including testing and merging them to main branch
5 +
6 +### GitHub Actions
7 +
8 +The GitHub actions are used for CI purposes. One job is auto update, which can be enabled as follows:
9 +
10 +* Repo > Settings >
11 + * General >
12 + * Pull Requests > enable "Allow auto-merge".
13 + * Branches > Add classic branch protection rule
14 + * Branch name pattern: main
15 + * Enable "Require status checks to pass before merging".
16 + * Actions > General > Workflow permissions > enable "Allow GitHub Actions to create and approve pull requests"
17 + * If option is greyed out, then probably the project policy is dictated by the repository policy. Simply do this in repository settings then.
18 +* Copy the workflow file from this project. The key configs are the "permissions" to include "contents: write, pull-requests: write" and the "auto-merge" step.
19 +
20 +If you don't need a private module from the same repository, you must delete the "Authenticate for private modules" job. Otherwise, the following steps are necessary:
21 +
22 +* GitHub > Profile > Settings > Developer Settings > Personal Access Tokens > Tokens (classic) > Generate new token
23 + * Name: ACTIONS_TOKEN
24 + * Select scopes: "repo"
25 + * Copy the token
26 +* Repo > Settings > Secrets and variables > Actions > New repository secret >
27 + * Name: MY_TOKEN
28 + * You need to set "environment: MY_TOKEN" in the workflow file to use its environment secrets
29 + * Environment Secrets > Add environment secret
30 + * Name: ACTIONS_TOKEN
31 + * Value:
32 +
33 +Add this to the workflow file:
34 +
35 + - name: Authenticate for private modules
36 + env:
37 + ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
38 + run: |
39 + git config --global url."https://${ACTIONS_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
40 + go env -w GOPRIVATE=github.com/ocelot-cloud/*
41 +
42 +This is a sample file how the weekly updates can be conducted via GitHub Actions. Create `.github/workflows/weekly-update.yml`:
43 +
44 + name: Weekly Update
45 +
46 + on:
47 + schedule:
48 + - cron: '0 2 * * 3'
49 + workflow_dispatch:
50 +
51 + permissions:
52 + contents: write
53 + pull-requests: write
54 +
55 + jobs:
56 + weekly-update:
57 + runs-on: ubuntu-latest
58 + steps:
59 + - uses: actions/checkout@v4
60 +
61 + - uses: ./.github/actions/setup
62 +
63 + - name: Run ci-runner update
64 + run: |
65 + go get -u ./...
66 + go mod tidy
67 + go build
68 + # execute the test suite to check whether the updates did not break anything
69 +
70 + - name: Commit and create PR
71 + id: cpr
72 + uses: peter-evans/create-pull-request@v5
73 + with:
74 + commit-message: "chore: weekly ci-runner update"
75 + branch: weekly/ci-update
76 + title: "Weekly CI Runner Update"
77 + delete-branch: true
78 + token: ${{ secrets.GITHUB_TOKEN }}
79 +
80 + - name: Enable Auto-Merge
81 + if: steps.cpr.outputs.pull-request-operation == 'created'
82 + uses: peter-evans/enable-pull-request-automerge@v3
83 + with:
84 + pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
85 + merge-method: squash
86 +
87 +### Git Configuration
88 +
89 +On your local PC, you need to tell the SDK to use SSH instead of HTTPS to get access.
90 +
91 + git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
92 + go env -w GOPRIVATE=github.com/ocelot-cloud/*