Skip to content

Commit

Permalink
Chore/ci automate updates (#42)
Browse files Browse the repository at this point in the history
* ci(dependencies): automate dependencies updates

Signed-off-by: Frederic BIDON <[email protected]>

* ci: auto-merge dependabot PRs

    * enabled auto-merge for go-openapi minor version bumps, not just
      patches

Signed-off-by: Frederic BIDON <[email protected]>

---------

Signed-off-by: Frederic BIDON <[email protected]>
  • Loading branch information
fredbi authored Jan 31, 2024
1 parent 16e0c88 commit d61a37a
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 4 deletions.
57 changes: 57 additions & 0 deletions .github/dependabot.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "friday"
open-pull-requests-limit: 2 # <- default is 5
groups: # <- group all github actions updates in a single PR
# 1. development-dependencies are auto-merged
development-dependencies:
dependency-type: development
patterns:
- '*'

- package-ecosystem: "gomod"
# We define 4 groups of dependencies to regroup update pull requests:
# - development (e.g. test dependencies)
# - go-openapi updates
# - golang.org (e.g. golang.org/x/... packages)
# - other dependencies (direct or indirect)
#
# * All groups are checked once a week and each produce at most 1 PR.
# * All dependabot PRs are auto-approved
#
# Auto-merging policy, when requirements are met:
# 1. development-dependencies are auto-merged
# 2. golang.org-dependencies are auto-merged
# 3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge.
# 4. other dependencies require a manual merge
directory: "/"
schedule:
interval: "weekly"
day: "friday"
open-pull-requests-limit: 4
groups:
development-dependencies:
dependency-type: development
patterns:
- "github.com/stretchr/testify"

golang.org-dependencies:
dependency-type: production
patterns:
- "golang.org/*"

go-openapi-dependencies:
dependency-type: production
patterns:
- "github.com/go-openapi/*"

other-dependencies:
dependency-type: production
exclude-patterns:
- "github.com/go-openapi/*"
- "github.com/stretchr/testify"
- "golang.org/*"
43 changes: 43 additions & 0 deletions .github/workflows/auto-merge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Dependabot auto-merge
on: pull_request

permissions:
contents: write
pull-requests: write

jobs:
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v1

- name: Auto-approve all dependabot PRs
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Auto-merge dependabot PRs for development dependencies
if: contains(steps.metadata.outputs.dependency-group, 'development-dependencies')
run: gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Auto-merge dependabot PRs for go-openapi patches
if: contains(steps.metadata.outputs.dependency-group, 'go-openapi-dependencies') && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
run: gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Auto-merge dependabot PRs for golang.org updates
if: contains(steps.metadata.outputs.dependency-group, 'golang.org-dependencies')
run: gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

8 changes: 4 additions & 4 deletions .github/workflows/go-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ jobs:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: stable
check-latest: true
Expand All @@ -31,13 +31,13 @@ jobs:

steps:
- name: Run unit tests
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version: '${{ matrix.go_version }}'
check-latest: true
cache: true

- uses: actions/checkout@v3
- uses: actions/checkout@v4

- run: go test -v -race -coverprofile="coverage-${{ matrix.os }}.${{ matrix.go_version }}.out" -covermode=atomic -coverpkg=$(go list)/... ./...

Expand Down

0 comments on commit d61a37a

Please sign in to comment.