-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a GitHub Actions to automatically update the go version matrix #177
Conversation
e91a806
to
4c7ac81
Compare
4c7ac81
to
efe7dcf
Compare
efe7dcf
to
dc143fa
Compare
on: | ||
schedule: | ||
# Run every hour. | ||
- cron: '0 * * * *' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets run this less frequently, like every month. Not sure how frequently go versions are made available.
schedule: | ||
# Run every hour. | ||
- cron: '0 * * * *' | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets define the default token permission for the jobs in this action
# Declare default permissions as read only.
permissions: read-all
sed -i "0,/^ go: \[.*/s// go: \[$versions_str\]/" .github/workflows/lint.yml | ||
|
||
- name: Create Pull Request | ||
uses: peter-evans/create-pull-request@v4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to pin version by hash similar to:
https://github.com/GoogleCloudPlatform/functions-framework-go/blob/master/.github/workflows/scorecard.yml
- name: Create Pull Request | ||
uses: peter-evans/create-pull-request@v4 | ||
with: | ||
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to avoid using PATs.
Github provides a special token {{secrets.GITHUB_TOKEN}} which expires after a job runs.
More info in: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
Lets verify if it is a good fit here
I'm going to use a central repo to setup the GitHub Actions to update all the repos. Closing this pull request. |
This one has the same questions and concerns as golang/appengine#307 (comment)