Skip to Content
Last modified by chrisby on 2025/04/22 14:54
From version 2.6
edited by chrisby
on 2025/04/22 14:54
Change comment: There is no comment for this version
To version 2.1
edited by chrisby
on 2025/04/22 14:12
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,92 +1,0 @@
1 -### Use Case
2 -
3 -* Private GitHub repo, with other private repositories as dependencies
4 -* Need for fully automated dependency updates, including testing and merging them to main branch
5 -
6 -### GitHub Actions
7 -
8 -The GitHub actions are used for CI purposes. One job is auto update, which can be enabled as follows:
9 -
10 -* Repo > Settings >
11 - * General >
12 - * Pull Requests > enable "Allow auto-merge".
13 - * Branches > Add classic branch protection rule
14 - * Branch name pattern: main
15 - * Enable "Require status checks to pass before merging".
16 - * Actions > General > Workflow permissions > enable "Allow GitHub Actions to create and approve pull requests"
17 - * If option is greyed out, then probably the project policy is dictated by the repository policy. Simply do this in repository settings then.
18 -* Copy the workflow file from this project. The key configs are the "permissions" to include "contents: write, pull-requests: write" and the "auto-merge" step.
19 -
20 -If you don't need a private module from the same repository, you must delete the "Authenticate for private modules" job. Otherwise, the following steps are necessary:
21 -
22 -* GitHub > Profile > Settings > Developer Settings > Personal Access Tokens > Tokens (classic) > Generate new token
23 - * Name: ACTIONS_TOKEN
24 - * Select scopes: "repo"
25 - * Copy the token
26 -* Repo > Settings > Secrets and variables > Actions > New repository secret >
27 - * Name: MY_TOKEN
28 - * You need to set "environment: MY_TOKEN" in the workflow file to use its environment secrets
29 - * Environment Secrets > Add environment secret
30 - * Name: ACTIONS_TOKEN
31 - * Value:
32 -
33 -Add this to the workflow file:
34 -
35 - - name: Authenticate for private modules
36 - env:
37 - ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
38 - run: |
39 - git config --global url."https://${ACTIONS_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
40 - go env -w GOPRIVATE=github.com/ocelot-cloud/*
41 -
42 -This is a sample file how the weekly updates can be conducted via GitHub Actions. Create `.github/workflows/weekly-update.yml`:
43 -
44 - name: Weekly Update
45 -
46 - on:
47 - schedule:
48 - - cron: '0 2 * * 3'
49 - workflow_dispatch:
50 -
51 - permissions:
52 - contents: write
53 - pull-requests: write
54 -
55 - jobs:
56 - weekly-update:
57 - runs-on: ubuntu-latest
58 - steps:
59 - - uses: actions/checkout@v4
60 -
61 - - uses: ./.github/actions/setup
62 -
63 - - name: Run ci-runner update
64 - run: |
65 - go get -u ./...
66 - go mod tidy
67 - go build
68 - # execute the test suite to check whether the updates did not break anything
69 -
70 - - name: Commit and create PR
71 - id: cpr
72 - uses: peter-evans/create-pull-request@v5
73 - with:
74 - commit-message: "chore: weekly ci-runner update"
75 - branch: weekly/ci-update
76 - title: "Weekly CI Runner Update"
77 - delete-branch: true
78 - token: ${{ secrets.GITHUB_TOKEN }}
79 -
80 - - name: Enable Auto-Merge
81 - if: steps.cpr.outputs.pull-request-operation == 'created'
82 - uses: peter-evans/enable-pull-request-automerge@v3
83 - with:
84 - pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
85 - merge-method: squash
86 -
87 -### Git Configuration
88 -
89 -On your local PC, you need to tell the SDK to use SSH instead of HTTPS to get access.
90 -
91 - git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
92 - go env -w GOPRIVATE=github.com/ocelot-cloud/*