GitHub Actions used by go-openapi workflows.
These actions are currently used by the CI workflows run at github.com/go-openapi.
To use this action in your workflow, reference it using the standard GitHub Actions syntax:
- Install all tools
- uses: go-openapi/gh-actions@v0.1.6- Install each tool independently
- uses: go-openapi/gh-actions/install/gotestsum@v0.1.6
- uses: go-openapi/gh-actions/install/go-junit-report@v0.1.6
- uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@v0.1.6
- uses: go-openapi/gh-actions/install/svu@v0.1.6- Download a specific version
- uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@v0.1.6
with:
version: v0.0.12All tools are currently installed using downloaded released binaries.
CI workflows may use and pin released actions instead of resorting to a go install ...@latest
command.
This is mostly motivated by the need to pin CI dependencies to a specific commit and use only vetted versions of the installed tooling.
Our actions try to install tools from binary releases whenever applicable.
Automated version tracking is obtained thanks to a dummy go.mod module declaration in this repo,
which allows dependabot to track our target tools and post updates.
A vulnerability scan on the source repo of the tools must be passed for such an update to be approved and merged.
- wait-pending-jobs: an action that waits for all jobs to have run (not just status checks) on a PR
- uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@v0.2.0
with:
pr-url: ${{ github.event.pull_request.html_url }}
github-token: ${{ secrets.GITHUB_TOKEN }}
# Optional: exclude the current run (default: true)
exclude-current-run: 'true'
# Optional: patterns to match workflow names for exclusion (default: 'auto-merge,contributors')
exclude-workflow-patterns: 'auto-merge,release'This action solves a timing issue where:
- Auto-merge triggers as soon as required status checks pass
- Non-required jobs (like coverage upload) are still running
- The PR gets merged and branch deleted while jobs are still in progress
- Running jobs fail because the branch no longer exists
When multiple jobs in the same workflow use this action in parallel (e.g., both dependabot and actions-bot jobs), they can end up waiting for each other. The action includes smart defaults to prevent deadlocks:
exclude-current-run: Automatically excludes the current workflow run from the wait list (default:true)exclude-workflow-patterns: Case-insensitive pattern matching against workflow names (default:'auto-merge,contributors')- Patterns use substring matching:
'auto-merge'matches'Dependabot auto-merge','PR auto-merge', etc. - Override the default by providing your own comma-separated list of patterns
- Patterns use substring matching:
See https://github.com/go-openapi/gh-actions/releases
This library ships under the SPDX-License-Identifier: Apache-2.0.
Maintainers can cut a new release by either:
- running this workflow
- or pushing a semver tag
- signed tags are preferred
- The tag message is prepended to release notes
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@bot-go-openapi[bot]](https://avatars.githubusercontent.com/in/2380228?s=64&v=4){kind=small}