This Github Action will run go mod tidy on a user-defined
set of directories.
There is also an option to fail, i.e. stop the workflow in the
general case, if any of the git tracked files tracked that are modified are
files other than go.sum files.
This Github Action must be run after the following conditions are met in your Github workflow.
- Your code must be checked out. We suggest using
actions/checkout@v2. gomust be installed on the workflow runner. We suggest usingactions/setup-go@v2.
Add this action as a step after you have checked out your code and installed go on the Workflow runner.
- uses: evantorrie/mott-the-tider@v1-beta
with: # all inputs are optional
# file path pattern to go.mod files
# This defaults to `go.mod`, but can use any of the glob patterns
# as understood by @actions/glob - and includes support for multiple
# patterns, one per line, as well as negating patterns (e.g. preceded by `-`).
gomods: |
**/go.mod
-tools/go.mod
# enforce action failure if any files modified as a result of the action
# are *not* `go.sum` or `go.mod` files
# defaults to true
gomodsum_only: true
# enforce action failure if any files modified as a result of the action
# are *not* `go.sum` files
# defaults to false
gosum_only: falseHere is a typical workflow usage:
name: Mod Tidier
on: [ pull_request ]
jobs:
mod_tidier:
runs-on: ubuntu-latest
name: Clean up mismatched go.sum files
steps:
- uses: actions/checkout@v2
with:
ref: ${{ github.head_ref }}
- uses: actions/setup-go@v2
with:
go-version: '^1.14.0'
- uses: evantorrie/mott-the-tidier@v1-beta
with:
gomods: |
**/go.mod
-tools/go.mod
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: Auto-fix go.sum discrepancies-
gomodsDefaults togo.mod, i.e. top levelgo.modin repo. -
gomodsum_onlyDefaults totrue -
gosum_onlyDefaults tofalse
changedfilesNewline delimited set of git tracked files which changed during the action.
The original impetus for this action was the introduction of Dependabot into an open-source Go project.
Dependabot is a brilliant tool which will automatically create a pull
request by modifying go.mod and go.sum files for outdated
dependencies in a go module. Unfortunately, it does not look (as of this time)
at transitive dependencies of the module in question elsewhere in the repo.
Admittedly, this is usually rare in most Go projects.
On the other hand, our build workflow which runs on every PR performs
go mod tidy as one of its actions and will fail the build if any
files in the repository show as "dirty" in a git status. With the
introduct
5A45
ion of Dependabot, we would get many automatic dependency
update pull requests opened, but nearly all with Build Failed
messages due to these go mod tidy resulting in changes to go.sum files
in dependent modules elsewhere.
This action can be run as part of a workflow which targets these
Dependabot pull requests (or any Github targetable event) and
generates the correct per go mod tidy go.sum files. A subsequent
action in the workflow can auto-commit these changes back to the
PR such that the automatic Dependabot pull requests show up as
Successful in our CI system.