Skip to Content
Last modified by chrisby on 2025/04/22 14:54
From version 2.2
edited by chrisby
on 2025/04/22 14:13
Change comment: There is no comment for this version
To version 2.6
edited by chrisby
on 2025/04/22 14:54
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,45 +1,92 @@
1 +### Use Case
1 1  
3 +* Private GitHub repo, with other private repositories as dependencies
4 +* Need for fully automated dependency updates, including testing and merging them to main branch
5 +
2 2  ### GitHub Actions
3 3  
4 4  The GitHub actions are used for CI purposes. One job is auto update, which can be enabled as follows:
9 +
5 5  * Repo > Settings >
6 - * General >
7 - * Pull Requests > enable "Allow auto-merge".
8 - * Branches > Add classic branch protection rule
9 - * Branch name pattern: main
10 - * Enable "Require status checks to pass before merging".
11 - * Actions > General > Workflow permissions > enable "Allow GitHub Actions to create and approve pull requests"
12 - * If option is greyed out, then probably the project policy is dictated by the repository policy. Simply do this in repository settings then.
11 + * General >
12 + * Pull Requests > enable "Allow auto-merge".
13 + * Branches > Add classic branch protection rule
14 + * Branch name pattern: main
15 + * Enable "Require status checks to pass before merging".
16 + * Actions > General > Workflow permissions > enable "Allow GitHub Actions to create and approve pull requests"
17 + * If option is greyed out, then probably the project policy is dictated by the repository policy. Simply do this in repository settings then.
13 13  * Copy the workflow file from this project. The key configs are the "permissions" to include "contents: write, pull-requests: write" and the "auto-merge" step.
14 14  
15 15  If you don't need a private module from the same repository, you must delete the "Authenticate for private modules" job. Otherwise, the following steps are necessary:
21 +
16 16  * GitHub > Profile > Settings > Developer Settings > Personal Access Tokens > Tokens (classic) > Generate new token
17 - * Name: ACTIONS_TOKEN
18 - * Select scopes: "repo"
19 - * Copy the token
20 -* Repo > Settings > Secrets and variables > Actions > New repository secret >
21 - * Name: MY_TOKEN
22 - * You need to set "environment: MY_TOKEN" in the workflow file to use its environment secrets
23 - * Environment Secrets > Add environment secret
24 24   * Name: ACTIONS_TOKEN
25 - * Value: <the token you copied before>
24 + * Select scopes: "repo"
25 + * Copy the token
26 +* Repo > Settings > Secrets and variables > Actions > New repository secret >
27 + * Name: MY_TOKEN
28 + * You need to set "environment: MY_TOKEN" in the workflow file to use its environment secrets
29 + * Environment Secrets > Add environment secret
30 + * Name: ACTIONS_TOKEN
31 + * Value:
26 26  
27 27  Add this to the workflow file:
28 28  
29 -```yaml
30 - - name: Authenticate for private modules
31 - env:
32 - ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
33 - run: |
34 - git config --global url."https://${ACTIONS_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
35 - go env -w GOPRIVATE=github.com/ocelot-cloud/*
36 -```
35 + - name: Authenticate for private modules
36 + env:
37 + ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
38 + run: |
39 + git config --global url."https://${ACTIONS_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
40 + go env -w GOPRIVATE=github.com/ocelot-cloud/*
37 37  
38 -### Private Go Repository Dependency
42 +This is a sample file how the weekly updates can be conducted via GitHub Actions. Create `.github/workflows/weekly-update.yml`:
39 39  
40 -If you are developing with Go and need a private repository as a dependency, you need to tell the SDK to use SSH instead of HTTPS to get access.
44 + name: Weekly Update
45 +
46 + on:
47 + schedule:
48 + - cron: '0 2 * * 3'
49 + workflow_dispatch:
50 +
51 + permissions:
52 + contents: write
53 + pull-requests: write
54 +
55 + jobs:
56 + weekly-update:
57 + runs-on: ubuntu-latest
58 + steps:
59 + - uses: actions/checkout@v4
60 +
61 + - uses: ./.github/actions/setup
62 +
63 + - name: Run ci-runner update
64 + run: |
65 + go get -u ./...
66 + go mod tidy
67 + go build
68 + # execute the test suite to check whether the updates did not break anything
69 +
70 + - name: Commit and create PR
71 + id: cpr
72 + uses: peter-evans/create-pull-request@v5
73 + with:
74 + commit-message: "chore: weekly ci-runner update"
75 + branch: weekly/ci-update
76 + title: "Weekly CI Runner Update"
77 + delete-branch: true
78 + token: ${{ secrets.GITHUB_TOKEN }}
79 +
80 + - name: Enable Auto-Merge
81 + if: steps.cpr.outputs.pull-request-operation == 'created'
82 + uses: peter-evans/enable-pull-request-automerge@v3
83 + with:
84 + pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
85 + merge-method: squash
41 41  
42 -```bash
43 -git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
44 -go env -w GOPRIVATE=github.com/ocelot-cloud/*
45 -```
87 +### Git Configuration
88 +
89 +On your local PC, you need to tell the SDK to use SSH instead of HTTPS to get access.
90 +
91 + git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
92 + go env -w GOPRIVATE=github.com/ocelot-cloud/*