Skip to Content

Wiki source code of Create Automatically Updating Repo in GitHub

Last modified by chrisby on 2025/04/22 14:54

Show last authors

author	version	line-number	content
		1	### Use Case
		2
		3	* Private GitHub repo, with other private repositories as dependencies
		4	* Need for fully automated dependency updates, including testing and merging them to main branch
		5
		6	### GitHub Actions
		7
		8	The GitHub actions are used for CI purposes. One job is auto update, which can be enabled as follows:
		9
		10	* Repo > Settings >
		11	* General >
		12	* Pull Requests > enable "Allow auto-merge".
		13	* Branches > Add classic branch protection rule
		14	* Branch name pattern: main
		15	* Enable "Require status checks to pass before merging".
		16	* Actions > General > Workflow permissions > enable "Allow GitHub Actions to create and approve pull requests"
		17	* If option is greyed out, then probably the project policy is dictated by the repository policy. Simply do this in repository settings then.
		18	* Copy the workflow file from this project. The key configs are the "permissions" to include "contents: write, pull-requests: write" and the "auto-merge" step.
		19
		20	If you don't need a private module from the same repository, you must delete the "Authenticate for private modules" job. Otherwise, the following steps are necessary:
		21
		22	* GitHub > Profile > Settings > Developer Settings > Personal Access Tokens > Tokens (classic) > Generate new token
		23	* Name: ACTIONS_TOKEN
		24	* Select scopes: "repo"
		25	* Copy the token
		26	* Repo > Settings > Secrets and variables > Actions > New repository secret >
		27	* Name: MY_TOKEN
		28	* You need to set "environment: MY_TOKEN" in the workflow file to use its environment secrets
		29	* Environment Secrets > Add environment secret
		30	* Name: ACTIONS_TOKEN
		31	* Value:
		32
		33	Add this to the workflow file:
		34
		35	- name: Authenticate for private modules
		36	env:
		37	ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
		38	run: \|
		39	git config --global url."https://${ACTIONS_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
		40	go env -w GOPRIVATE=github.com/ocelot-cloud/*
		41
		42	This is a sample file how the weekly updates can be conducted via GitHub Actions. Create `.github/workflows/weekly-update.yml`:
		43
		44	name: Weekly Update
		45
		46	on:
		47	schedule:
		48	- cron: '0 2 * * 3'
		49	workflow_dispatch:
		50
		51	permissions:
		52	contents: write
		53	pull-requests: write
		54
		55	jobs:
		56	weekly-update:
		57	runs-on: ubuntu-latest
		58	steps:
		59	- uses: actions/checkout@v4
		60
		61	- uses: ./.github/actions/setup
		62
		63	- name: Run ci-runner update
		64	run: \|
		65	go get -u ./...
		66	go mod tidy
		67	go build
		68	# execute the test suite to check whether the updates did not break anything
		69
		70	- name: Commit and create PR
		71	id: cpr
		72	uses: peter-evans/create-pull-request@v5
		73	with:
		74	commit-message: "chore: weekly ci-runner update"
		75	branch: weekly/ci-update
		76	title: "Weekly CI Runner Update"
		77	delete-branch: true
		78	token: ${{ secrets.GITHUB_TOKEN }}
		79
		80	- name: Enable Auto-Merge
		81	if: steps.cpr.outputs.pull-request-operation == 'created'
		82	uses: peter-evans/enable-pull-request-automerge@v3
		83	with:
		84	pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
		85	merge-method: squash
		86
		87	### Git Configuration
		88
		89	On your local PC, you need to tell the SDK to use SSH instead of HTTPS to get access.
		90
		91	git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
		92	go env -w GOPRIVATE=github.com/ocelot-cloud/*