.github: replace dependabot with deps workflow (mmcloughlin#277)

Dependabot ignores updates to Go modules that do not have semantic version tags. See: dependabot/dependabot-core#3017. Therefore, this change replaces dependabot with a custom workflow with upgrades Go dependencies using `go get -u ./...` and creates a PR. This PR will be auto-merged using the existing logic for cadobot-generated PRs.
greatroar · May 1, 2022 · 9eff2e4 · 9eff2e4
1 parent e24610d
commit 9eff2e4
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 10 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/workflows/deps.yml b/.github/workflows/deps.yml
@@ -0,0 +1,40 @@
+name: deps
+permissions:
+  contents: read
+on:
+  schedule:
+    - cron: "22 5 * * 1"
+jobs:
+  upgrade:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3
+        with:
+          go-version: 1.18.x
+      - name: Checkout code
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
+        with:
+          persist-credentials: false
+      - name: Upgrade Modules
+        run: go get -u ./...
+      - name: Tidy
+        run: go mod tidy
+      - name: Diff
+        run: git diff
+      - name: Generate Bot Token
+        uses: tibdex/github-app-token@586e1a624db6a5a4ac2c53daeeded60c5e3d50fe # v1.5.2
+        id: bot
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@bd72e1b7922d417764d27d30768117ad7da78a0e # v4.0.2
+        with:
+          token: ${{ steps.bot.outputs.token }}
+          commit-message: "all: upgrade direct dependencies"
+          branch: auto-upgrade-deps
+          base: master
+          delete-branch: true
+          title: "all: upgrade direct dependencies"
+          body: "Auto-generated upgrade of module dependencies."