Update package dependencies #87
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| name: Update package dependencies | |
| jobs: | |
| dep_update: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Update minor and patch-level dependencies | |
| run: go get -t -u ./... | |
| - name: Tidy | |
| run: go mod tidy | |
| - name: Create pull request | |
| uses: peter-evans/create-pull-request@v4 | |
| with: | |
| title: "Update package dependencies + tidy" | |
| body: | | |
| This is a change initiated automatically on a weekly basis by a | |
| GitHub Action that updates the projects dependencies to their latest | |
| minor and patch-level versions. This lets us stay up to date | |
| incrementally so that updates are less effort to get merged compared | |
| to large monolithic updates, and gets us security updates more | |
| expediently. | |
| If the build passes, you are probably A-OK to merge and deploy this. | |
| If not, try to dig into what's not working and see if you can fix it | |
| so that the dep train stays on its rails. | |
| Note that although minor/patch level changes are handled | |
| automatically, notably major version changes like you'd find in | |
| stripe-go are not and those upgrades need to be performed manually. | |
| That should theoretically not be a problem if fixes are backported | |
| to all previous majors, but in practice they are often not, so it's | |
| worthwhile to occasionally look for new majors and integrate them. | |
| branch: "autodep" | |
| branch-suffix: "timestamp" | |
| commit-message: | | |
| Update package dependencies + tidy | |
| Weekly update to the project's package dependencies initiated by an | |
| automatic GitHub Action running on cron. Keeps upgrades less of a | |
| monolithic task and lets security-related patches trickle in more | |
| quickly. | |
| author: "Bot <[email protected]>" | |
| committer: "Bot <[email protected]>" | |
| delete-branch: true | |
| draft: true | |
| reviewers: | | |
| iand | |
| assignees: | | |
| iand |