Skip to Content

Create Automatically Updating Repo in GitHub

Last modified by chrisby on 2025/04/22 14:54

Use Case

  • Private GitHub repo, with other private repositories as dependencies
  • Need for fully automated dependency updates, including testing and merging them to main branch

GitHub Actions

The GitHub actions are used for CI purposes. One job is auto update, which can be enabled as follows:

  • Repo > Settings >
    • General >
      • Pull Requests > enable "Allow auto-merge".
      • Branches > Add classic branch protection rule
        • Branch name pattern: main
        • Enable "Require status checks to pass before merging".
    • Actions > General > Workflow permissions > enable "Allow GitHub Actions to create and approve pull requests"
      • If option is greyed out, then probably the project policy is dictated by the repository policy. Simply do this in repository settings then.
  • Copy the workflow file from this project. The key configs are the "permissions" to include "contents: write, pull-requests: write" and the "auto-merge" step.

If you don't need a private module from the same repository, you  must delete the "Authenticate for private modules" job. Otherwise, the following steps are necessary:

  • GitHub > Profile > Settings > Developer Settings > Personal Access Tokens > Tokens (classic) > Generate new token
    • Name: ACTIONS_TOKEN
    • Select scopes: "repo"
    • Copy the token
  • Repo > Settings > Secrets and variables > Actions > New repository secret >
    • Name: MY_TOKEN
      • You need to set "environment: MY_TOKEN" in the workflow file to use its environment secrets
    • Environment Secrets > Add environment secret
      • Name: ACTIONS_TOKEN
      • Value:

Add this to the workflow file:

- name: Authenticate for private modules
        env:
          ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
        run: |
          git config --global url."https://${ACTIONS_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"
          go env -w GOPRIVATE=github.com/ocelot-cloud/*

This is a sample file how the weekly updates can be conducted via GitHub Actions. Create .github/workflows/weekly-update.yml:

name: Weekly Update

on:
  schedule:
    - cron: '0 2 * * 3'
  workflow_dispatch:

permissions:
  contents: write
  pull-requests: write

jobs:
  weekly-update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: ./.github/actions/setup

      - name: Run ci-runner update
        run: |
          go get -u ./...
          go mod tidy
          go build
          # execute the test suite to check whether the updates did not break anything

      - name: Commit and create PR
        id: cpr
        uses: peter-evans/create-pull-request@v5
        with:
          commit-message: "chore: weekly ci-runner update"
          branch: weekly/ci-update
          title: "Weekly CI Runner Update"
          delete-branch: true
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Enable Auto-Merge
        if: steps.cpr.outputs.pull-request-operation == 'created'
        uses: peter-evans/enable-pull-request-automerge@v3
        with:
          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
          merge-method: squash

Git Configuration

On your local PC, you need to tell the SDK to use SSH instead of HTTPS to get access.

git config --global url."ssh://git@github.com/".insteadOf "https://github.com/"
go env -w GOPRIVATE=github.com/ocelot-cloud/*