Create a GitHub Actions to automatically update the go version matrix #177
Conversation
chizhg
force-pushed
the
ci-update-workflow
branch
from
e91a806
to
4c7ac81
Compare
chizhg
force-pushed
the
ci-update-workflow
branch
from
4c7ac81
to
efe7dcf
Compare
chizhg
force-pushed
the
ci-update-workflow
branch
from
efe7dcf
to
dc143fa
Compare
| on: | ||
| schedule: | ||
| # Run every hour. | ||
| - cron: '0 * * * *' |
There was a problem hiding this comment.
Lets run this less frequently, like every month. Not sure how frequently go versions are made available.
| schedule: | ||
| # Run every hour. | ||
| - cron: '0 * * * *' | ||
|
|
There was a problem hiding this comment.
Lets define the default token permission for the jobs in this action
# Declare default permissions as read only.
permissions: read-all
| sed -i "0,/^ go: \[.*/s// go: \[$versions_str\]/" .github/workflows/lint.yml | ||
|
|
||
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@v4 |
There was a problem hiding this comment.
We might want to pin version by hash similar to:
https://github.com/GoogleCloudPlatform/functions-framework-go/blob/master/.github/workflows/scorecard.yml
| - name: Create Pull Request | ||
| uses: peter-evans/create-pull-request@v4 | ||
| with: | ||
| token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} |
There was a problem hiding this comment.
We might want to avoid using PATs.
Github provides a special token {{secrets.GITHUB_TOKEN}} which expires after a job runs.
More info in: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
Lets verify if it is a good fit here
|
I'm going to use a central repo to setup the GitHub Actions to update all the repos. Closing this pull request. |
This one has the same questions and concerns as golang/appengine#307 (comment)