9eff2e4375
Dependabot ignores updates to Go modules that do not have semantic version tags. See: https://github.com/dependabot/dependabot-core/issues/3017. Therefore, this change replaces dependabot with a custom workflow with upgrades Go dependencies using `go get -u ./...` and creates a PR. This PR will be auto-merged using the existing logic for cadobot-generated PRs.
41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
name: deps
|
|
permissions:
|
|
contents: read
|
|
on:
|
|
schedule:
|
|
- cron: "22 5 * * 1"
|
|
jobs:
|
|
upgrade:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install Go
|
|
uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
|
|
with:
|
|
go-version: 1.18.x
|
|
- name: Checkout code
|
|
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
|
|
with:
|
|
persist-credentials: false
|
|
- name: Upgrade Modules
|
|
run: go get -u ./...
|
|
- name: Tidy
|
|
run: go mod tidy
|
|
- name: Diff
|
|
run: git diff
|
|
- name: Generate Bot Token
|
|
uses: tibdex/github-app-token@586e1a624db6a5a4ac2c53daeeded60c5e3d50fe # v1.5.2
|
|
id: bot
|
|
with:
|
|
app_id: ${{ secrets.APP_ID }}
|
|
private_key: ${{ secrets.APP_PRIVATE_KEY }}
|
|
- name: Create Pull Request
|
|
uses: peter-evans/create-pull-request@bd72e1b7922d417764d27d30768117ad7da78a0e # v4.0.2
|
|
with:
|
|
token: ${{ steps.bot.outputs.token }}
|
|
commit-message: "all: upgrade direct dependencies"
|
|
branch: auto-upgrade-deps
|
|
base: master
|
|
delete-branch: true
|
|
title: "all: upgrade direct dependencies"
|
|
body: "Auto-generated upgrade of module dependencies."
|