gh-actions

---

GitHub Actions used by go-openapi workflows.

Status

These actions are currently used by the CI workflows run at github.com/go-openapi.

Usage

To use this action in your workflow, reference it using the standard GitHub Actions syntax:

• Install all tools

- uses: go-openapi/gh-actions@v1

• Install each tool independently

- uses: go-openapi/gh-actions/install/gotestsum@v1
- uses: go-openapi/gh-actions/install/go-junit-report@v1
- uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@v1

Installed tools

All tools are currently installed using downloaded released binaries.

• gotestsum
• go-junit-report
• go-ctrf-json-reporter
• svu

Motivation

This repository currently exposes "installer" actions for some testing go tools.

CI workflows may use and pin released actions instead of resorting to a go install ...@latest command.

This is mostly motivated by the need to pin CI dependencies to a specific commit and use only vetted versions of the installed tooling.

Our actions try to install tools from binary releases whenever applicable.

Automated version tracking is obtained thanks to a dummy go.mod module declaration in this repo, which allows dependabot to track our target tools and post updates.

A vulnerability scan on the source repo of the tools must be passed for such an update to be approved and merged.

Change log

See https://github.com/go-openapi/gh-actions/releases

Licensing

This library ships under the SPDX-License-Identifier: Apache-2.0.

Other documentation

• All-time contributors
• Contributing guidelines

Cutting a new release

Maintainers can cut a new release by either:

• running this workflow
• or pushing a semver tag
  • signed tags are preferred
  • The tag message is prepended to release notes