env: GO_VERSION: 1.20 on: workflow_dispatch: jobs: dep_update: runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Install Go uses: actions/setup-go@v3 with: go-version: ${{ env.GO_VERSION }} - name: Checkout uses: actions/checkout@v3 - name: Update minor and patch-level dependencies run: go get -t -u ./... - name: Tidy run: go mod tidy - name: Create pull request uses: peter-evans/create-pull-request@v4 with: title: "Update package dependencies + tidy" body: | This is a change initiated automatically on a weekly basis by a GitHub Action that updates the projects dependencies to their latest minor and patch-level versions. This lets us stay up to date incrementally so that updates are less effort to get merged compared to large monolithic updates, and gets us security updates more expediently. If the build passes, you are probably A-OK to merge and deploy this. If not, try to dig into what's not working and see if you can fix it so that the dep train stays on its rails. Note that although minor/patch level changes are handled automatically, notably major version changes like you'd find in stripe-go are not and those upgrades need to be performed manually. That should theoretically not be a problem if fixes are backported to all previous majors, but in practice they are often not, so it's worthwhile to occasionally look for new majors and integrate them. branch: "autodep" branch-suffix: "timestamp" commit-message: | Update package dependencies + tidy Weekly update to the project's package dependencies initiated by an automatic GitHub Action running on cron. Keeps upgrades less of a monolithic task and lets security-related patches trickle in more quickly. author: "Bot " committer: "Bot " delete-branch: true draft: true reviewers: | iand assignees: | iand