GitHub's dependabot supports updating reusable workflows.
Here is an example of how to enable dependabot, and what an update PR looks like.
When updating a repository to use the latest reusable CI workflow on the main
branch, <latest SHA> should be used following the safest security and
stability recommendations:
Stability Recommendations
Do this by simply updating the SHA in the user repository's
.github/workflows/go.yml to the SHA of the current main branch
(example).
If you created a PR to update the reusable workflow, then this will be available
after the PR is merged.
Copy the following into your repository's .github/workflows/go.yml:
name: Go
on:
push:
branches: [ master ]
pull_request:
schedule:
- cron: "0 0 * * *"
jobs:
go:
uses: openconfig/common-ci/.github/workflows/go.yml@<latest SHA>
linter:
uses: openconfig/common-ci/.github/workflows/linter.yml@<latest SHA>Then copy the sample linter configurations folder into your repository:
cp -r common-ci/.github/linters YOUR-REPO/.github/lintersAt this point, you may wish to change the configuration of these linters to suit your own repository.
If you do not want to maintain linter configuration, then you may use the basic
workflow, which only involves copying the following into your repository's
.github/workflows/go.yml:
name: Go
on:
push:
branches: [ master ]
pull_request:
schedule:
- cron: "0 0 * * *"
jobs:
go:
uses: openconfig/common-ci/.github/workflows/basic_go.yml@<latest SHA>Some flags are supported for customizing the CI workflow, for example,
jobs:
go:
uses: openconfig/common-ci/.github/workflows/basic_go.yml@<latest SHA>
with:
static-analysis-excludes-regex: exampleoc
skip-gofmt: true
skip-staticcheck: trueFor all supported flags, see the corresponding reusable workflow definitions under .github/workflows.