Skip to content

Update package dependencies #79

Update package dependencies

Update package dependencies #79

Workflow file for this run

on:
workflow_dispatch:
name: Update package dependencies
jobs:
dep_update:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Update minor and patch-level dependencies
run: go get -t -u ./...
- name: Tidy
run: go mod tidy
- name: Create pull request
uses: peter-evans/create-pull-request@v4
with:
title: "Update package dependencies + tidy"
body: |
This is a change initiated automatically on a weekly basis by a
GitHub Action that updates the projects dependencies to their latest
minor and patch-level versions. This lets us stay up to date
incrementally so that updates are less effort to get merged compared
to large monolithic updates, and gets us security updates more
expediently.
If the build passes, you are probably A-OK to merge and deploy this.
If not, try to dig into what's not working and see if you can fix it
so that the dep train stays on its rails.
Note that although minor/patch level changes are handled
automatically, notably major version changes like you'd find in
stripe-go are not and those upgrades need to be performed manually.
That should theoretically not be a problem if fixes are backported
to all previous majors, but in practice they are often not, so it's
worthwhile to occasionally look for new majors and integrate them.
branch: "autodep"
branch-suffix: "timestamp"
commit-message: |
Update package dependencies + tidy
Weekly update to the project's package dependencies initiated by an
automatic GitHub Action running on cron. Keeps upgrades less of a
monolithic task and lets security-related patches trickle in more
quickly.
author: "Bot <[email protected]>"
committer: "Bot <[email protected]>"
delete-branch: true
draft: true
reviewers: |
iand
assignees: |
iand