{"id":33595013,"url":"https://github.com/go-openapi/gh-actions","last_synced_at":"2026-03-07T18:07:04.545Z","repository":{"id":323339824,"uuid":"1092908473","full_name":"go-openapi/gh-actions","owner":"go-openapi","description":"github actions used by go-openapi workflows","archived":false,"fork":false,"pushed_at":"2026-03-06T03:46:19.000Z","size":2656,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-03-06T08:24:26.620Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/go-openapi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":".github/DCO.md","cla":null}},"created_at":"2025-11-09T14:49:28.000Z","updated_at":"2026-03-06T03:46:23.000Z","dependencies_parsed_at":"2026-02-26T06:06:47.090Z","dependency_job_id":null,"html_url":"https://github.com/go-openapi/gh-actions","commit_stats":null,"previous_names":["go-openapi/gh-actions"],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/go-openapi/gh-actions","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-openapi%2Fgh-actions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-openapi%2Fgh-actions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-openapi%2Fgh-actions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-openapi%2Fgh-actions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/go-openapi","download_url":"https://codeload.github.com/go-openapi/gh-actions/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-openapi%2Fgh-actions/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30225613,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T17:00:40.062Z","status":"ssl_error","status_checked_at":"2026-03-07T17:00:39.026Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-11-29T21:03:33.764Z","updated_at":"2026-03-07T18:07:04.539Z","avatar_url":"https://github.com/go-openapi.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gh-actions\n\n\u003c!-- Badges: status  --\u003e\n[![Tests][test-badge]][test-url] \u003c!--[![Coverage][cov-badge]][cov-url]--\u003e [![CI vuln scan][vuln-scan-badge]][vuln-scan-url] [![CodeQL][codeql-badge]][codeql-url]\n\u003c!-- Badges: release \u0026 docker images  --\u003e\n\u003c!-- Badges: code quality  --\u003e\n\u003c!-- Badges: license \u0026 compliance --\u003e\n[![Release][release-badge]][release-url] [![Go Report Card][gocard-badge]][gocard-url] [![CodeFactor Grade][codefactor-badge]][codefactor-url] [![License][license-badge]][license-url]\n\u003c!-- Badges: documentation \u0026 support --\u003e\n\u003c!-- Badges: others \u0026 stats --\u003e\n[![GoDoc][godoc-badge]][godoc-url] [![Discord Channel][discord-badge]][discord-url] [![go version][goversion-badge]][goversion-url] ![Top language][top-badge] ![Commits since latest release][commits-badge]\n\n---\n\nGitHub Actions used by go-openapi workflows.\n\n## Announcements\n\n* **2025-12-19** : new community chat on discord\n  * a new discord community channel is available to be notified of changes and support users\n  * our venerable Slack channel remains open, and will be eventually discontinued on **2026-03-31**\n\nYou may join the discord community by clicking the invite link on the discord badge (also above). [![Discord Channel][discord-badge]][discord-url]\n\nOr join our Slack channel: [![Slack Channel][slack-logo]![slack-badge]][slack-url]\n\n## Status\n\nThese actions are currently used by the CI workflows run at `github.com/go-openapi`.\n\n## Usage\n\nTo use this action in your workflow, reference it using the standard GitHub Actions syntax:\n\n* Install all tools\n\n```yaml\n- uses: go-openapi/gh-actions@v0.1.6\n```\n\n* Install each tool independently\n```yaml\n- uses: go-openapi/gh-actions/install/gotestsum@v0.1.6\n- uses: go-openapi/gh-actions/install/go-junit-report@v0.1.6\n- uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@v0.1.6\n- uses: go-openapi/gh-actions/install/svu@v0.1.6\n```\n\n* Download a specific version\n\n```yaml\n- uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@v0.1.6\n  with:\n    version: v0.0.12\n```\n\n## Installed tools\n\nAll tools are currently installed using downloaded released binaries.\n\n* [gotestsum](https://github.com/gotestyourself/gotestsum/)\n* [go-junit-report](https://github.com/jstemmer/go-junit-report)\n* [go-ctrf-json-reporter](https://github.com/ctrf-io/go-ctrf-json-reporter)\n* [svu](https://github.com/caarlos0/svu)\n\n### Background\n\nCI workflows may use and pin released actions instead of resorting to a `go install ...@latest`\ncommand.\n\nThis is mostly motivated by the need to pin CI dependencies to a specific commit and use only\nvetted versions of the installed tooling.\n\nOur actions try to install tools from binary releases whenever applicable.\n\nAutomated version tracking is obtained thanks to a dummy `go.mod` module declaration in this repo,\nwhich allows dependabot to track our target tools and post updates.\n\nA vulnerability scan on the source repo of the tools must be passed for such an update to be approved and merged.\n\n## Additional reusable actions\n\n### wait-pending-jobs\n\nAn action that waits for all jobs to have run (not just status checks) on a PR.\n\n```yaml\n- uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@v0.2.0\n  with:\n    pr-url: ${{ github.event.pull_request.html_url }}\n    github-token: ${{ secrets.GITHUB_TOKEN }}\n    # Optional: exclude the current run (default: true)\n    exclude-current-run: 'true'\n    # Optional: patterns to match workflow names for exclusion (default: 'auto-merge,contributors')\n    exclude-workflow-patterns: 'auto-merge,release'\n```\n\n**Background:** This action solves a timing issue where auto-merge triggers as soon as required status checks pass, but non-required jobs (like coverage upload) are still running. The PR gets merged and branch deleted while jobs are still in progress, causing them to fail.\n\nWhen multiple jobs in the same workflow use this action in parallel, they can end up waiting for each other. The action includes smart defaults to prevent deadlocks:\n\n* `exclude-current-run`: Automatically excludes the current workflow run from the wait list (default: `true`)\n* `exclude-workflow-patterns`: Case-insensitive pattern matching against workflow names (default: `'auto-merge,contributors'`)\n  - Patterns use substring matching: `'auto-merge'` matches `'Dependabot auto-merge'`, `'PR auto-merge'`, etc.\n  - Override the default by providing your own comma-separated list of patterns\n\n### bot-credentials\n\nSecurely configures bot credentials for automated operations including GPG signing and GitHub App authentication. This action addresses the security vulnerability where using `secrets[inputs.secret-name]` exposes ALL organization secrets to the workflow runner.\n\n**Features:**\n* GPG signing for commits and tags\n* GitHub App token generation\n* Both features can be enabled independently\n* Secure: only passes explicitly named secrets (not all secrets)\n* Flexible: works with custom secret names for any organization\n\n**Usage example 1: go-openapi repos (using default secret names)**\n\nFor go-openapi repositories, the action automatically uses the organization's standard secret names (`CI_BOT_GPG_PRIVATE_KEY`, `CI_BOT_GPG_PASSPHRASE`, `CI_BOT_SIGNING_KEY`, `CI_BOT_APP_ID`, `CI_BOT_APP_PRIVATE_KEY`) when called with `secrets: inherit`:\n\n```yaml\njobs:\n  release:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v6\n      - uses: go-openapi/gh-actions/ci-jobs/bot-credentials@master\n        id: bot\n        with:\n          enable-gpg-signing: 'true'\n          enable-github-app: 'true'\n          # No secret parameters needed! Falls back to go-openapi defaults\n          gpg-private-key: ${{ secrets.CI_BOT_GPG_PRIVATE_KEY }}\n          gpg-passphrase: ${{ secrets.CI_BOT_GPG_PASSPHRASE }}\n          gpg-fingerprint: ${{ secrets.CI_BOT_SIGNING_KEY }}\n          github-app-id: ${{ secrets.CI_BOT_APP_ID }}\n          github-app-private-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}\n      - run: |\n          git commit -m \"Signed commit\"  # Automatically GPG signed\n      - uses: peter-evans/create-pull-request@v8\n        with:\n          token: ${{ steps.bot.outputs.app-token }}\n```\n\n**Usage example 2: Other organizations (using custom secret names)**\n\nFor other organizations with different secret names (e.g., personal repos on `github.com/fredbi`):\n\n```yaml\njobs:\n  release:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v6\n      - uses: go-openapi/gh-actions/ci-jobs/bot-credentials@master\n        id: bot\n        with:\n          enable-gpg-signing: 'true'\n          enable-github-app: 'true'\n          # Pass your custom secret names explicitly\n          gpg-private-key: ${{ secrets.FREDBI_GPG_PRIVATE_KEY }}\n          gpg-passphrase: ${{ secrets.FREDBI_GPG_PASSPHRASE }}\n          gpg-fingerprint: ${{ secrets.FREDBI_SIGNING_KEY }}\n          github-app-id: ${{ secrets.FREDBI_APP_ID }}\n          github-app-private-key: ${{ secrets.FREDBI_APP_PRIVATE_KEY }}\n      - run: |\n          git commit -m \"Signed commit\"  # Automatically GPG signed\n      - uses: peter-evans/create-pull-request@v8\n        with:\n          token: ${{ steps.bot.outputs.app-token }}\n```\n\n**Background:** This action was created to solve the security issue identified in [ci-workflows#43](https://github.com/go-openapi/ci-workflows/pull/43). Using `secrets[inputs.secret-name]` causes GitHub Actions to expose ALL organization and repository secrets to the workflow runner. This action requires secrets to be passed as actual values, ensuring only explicitly named secrets are accessible.\n\n### detect-go-monorepo\n\nThis action detects the presence of multiple go modules in a git repo (i.e. a go mono-repo).\n\nIt returns a `is-monorepo` indicator and several ways to iterate over modules\n(by module import name, by folder, as JSON - e.g. for matrix jobs -, as bash-compatible lists).\n\nRequires: go setup, git checkout\n\n```yaml\noutputs:\n  is-monorepo:\n    description: |\n      Indicates if the current repo is a go mono repo.\n\n  modules-count:\n    description: |\n      Counts how many modules have been detected.\n\n  modules:\n    description: |\n      A JSON array of modules with name (go import path) and path (folder in the current checkout).\n\n  paths:\n    description: |\n      A JSON array of modules paths\n\n  bash-paths:\n    description: |\n      A bash-compatible array of modules paths.\n\n  bash-subpaths:\n    description: |\n      A bash-compatible array of modules paths with the \"/...\" suffix.\n\n  names:\n    description: |\n      A JSON array of modules names (import paths)\n\n  relative-names:\n    description: |\n      A JSON array of modules relative module names (relative imports).\n      The root module always yields an empty string.\n      These are pure relative paths without leading \".\" or \"/\".\n\n      Example: github.com/go-openapi/swag/jsonutils yields \"jsonutils\"\n\n  bash-relative-names:\n    description: |\n      A bash-compatible array of modules relative names (relative imports).\n      The root module always yields an empty string.\n      These are pure relative paths without leading \".\" or \"/\".\n\n      Example: github.com/go-openapi/swag/jsonutils yields \"jsonutils\"\n\n  root-module:\n    description: |\n      The name (go import path) of the root module in the go mono repo.\n```\n\n**Usage example**\n\n```yaml\njobs:\n  lint:\n    name: Lint\n    runs-on: ubuntu-latest\n    outputs:\n      is-monorepo: ${{ steps.detect-monorepo.outputs.is-monorepo }}\n      bash-subpaths: ${{ steps.detect-monorepo.outputs.bash-subpaths }}\n      module-names: ${{ steps.detect-monorepo.outputs.names }}\n    steps:\n      -\n        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1\n        with:\n          fetch-depth: 0\n      -\n        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0\n        with:\n          go-version: stable\n          check-latest: true\n          cache: true\n          cache-dependency-path: '**/go.sum'\n      -\n        name: Detect go mono-repo\n        id: detect-monorepo\n        uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@master # v1.4.0\n      -\n        name: golangci-lint\n        if: ${{ steps.detect-monorepo.outputs.is-monorepo != 'true' }}\n        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0\n        with:\n          version: latest\n          only-new-issues: true\n          skip-cache: true\n\n      # Carry out the linting the traditional way, within a shell loop\n      -\n        name: Lint multiple modules\n        if: ${{ steps.detect-monorepo.outputs.is-monorepo == 'true' }}\n        # golangci-lint doesn't support go.work to lint multiple modules in one single pass\n        run: |\n          set -euxo pipefail\n          git fetch origin master\n          git show --no-patch --oneline origin/master\n          while read -r module_location ; do\n            pushd \"${module_location}\"\n            golangci-lint run --new-from-rev origin/master\n            popd\n          done \u003c \u003c(echo ${{ steps.detect-monorepo.outputs.bash-paths }})\n```\n\n### detect-go-version\n\nThis action detects the current go version and reports the minor version.\n\nIts intent is to report about the availability of certain features useful for testing,\nthat are not available in all instances of a matrix job spanning over multiple go versions.\n\nAt this moment, we are mostly interested about the possibility to run a simplified test script\nusing `go test work`.\n\nRequires: go setup, git checkout\n\n```yaml\noutputs:\n  go-minor-version:\n    description: |\n      The minor version of go that is installed.\n\n      Example: go1.25.4 yields 25\n\n  is-gotestwork-supported:\n    description: |\n      Tells if go test work is available (e.g. go1.25 and go.work exists)\n```\n\n**Usage example**\n\n```yaml\njobs:\n  test:\n    name: Unit tests mono-repo\n    needs: [ lint ]\n    runs-on: ${{ matrix.os }}\n    strategy:\n      matrix:\n        os: [ ubuntu-latest, macos-latest, windows-latest ]\n        go: ['oldstable', 'stable' ]\n    steps:\n      -\n        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1\n      -\n        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0\n        id: go-setup\n        with:\n          go-version: '${{ matrix.go }}'\n          check-latest: true\n          cache: true\n          cache-dependency-path: '**/go.sum'\n      -\n        name: Detect go version capabilities\n        id: detect-go-version\n        uses: go-openapi/gh-actions/ci-jobs/detect-go-version@master # v1.4.0\n      -\n        name: Install gotestsum\n        uses: go-openapi/gh-actions/install/gotestsum@eb161ed408645b24aaf6120cd5e4a893cf2c0af2 # v1.3.1\n      -\n        name: Run unit tests on all modules (go1.25+ with go.work) [monorepo]\n        if: ${{ needs.lint.outputs.is-monorepo == 'true' \u0026\u0026 steps.detect-go-version.outputs.is-gotestwork-supported == 'true' }}\n        # with go.work file enabled, go test recognizes sub-modules and collects all packages to be covered\n        # without specifying -coverpkg.\n        # ...\n```\n\n### Bump next tag\n\nThis action uses svu to compute the next release tag depending on the request kind of bump (patch, minor, major).\n\n```yaml\ninputs:\n  bump-patch:\n    description: Bump a patch version release\n    type: string\n    required: false\n    default: 'true'\n  bump-minor:\n    description: Bump a minor version release\n    type: string\n    required: false\n    default: 'false'\n  bump-major:\n    description: Bump a major version release\n    type: string\n    required: false\n    default: 'false'\n```\n\n```yaml\noutputs:\n  next-tag:\n    description: |\n      The bumped release tag.\n```\n\n**Usage example**\n\n```yaml\njob:\n  determine-next-tag:\n    name: Determine next tag [monorepo]\n    needs: [detect-modules]\n    if: ${{ needs.detect-modules.outputs.is-monorepo == 'true' }}\n    runs-on: ubuntu-latest\n    outputs:\n      next-tag: ${{ steps.bump-release.outputs.next-tag }}\n    steps:\n      -\n        name: Checkout code\n        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1\n        with:\n          fetch-depth: 0\n      -\n        name: Determine next tag\n        id: bump-release\n        uses: go-openapi/gh-actions/ci-jobs/next-tag@master # v1.4.0\n        with:\n          bump-patch: ${{ inputs.bump-patch }}\n          bump-minor: ${{ inputs.bump-minor }}\n          bump-major: ${{ inputs.bump-major }}\n```\n\n## Change log\n\nSee \u003chttps://github.com/go-openapi/gh-actions/releases\u003e\n\n\n## Licensing\n\nThis library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE).\n\n## Other documentation\n\n* [All-time contributors](./CONTRIBUTORS.md)\n* [Contributing guidelines](.github/CONTRIBUTING.md)\n\n## Cutting a new release\n\nMaintainers can cut a new release by either:\n\n* running [this workflow](https://github.com/go-openapi/gh-actions/actions/workflows/bump-release.yml)\n* or pushing a semver tag\n  * signed tags are preferred\n  * The tag message is prepended to release notes\n\n\u003c!-- Badges: status  --\u003e\n[test-badge]: https://github.com/go-openapi/gh-actions/actions/workflows/test.yml/badge.svg\n[test-url]: https://github.com/go-openapi/gh-actions/actions/workflows/test.yml\n\u003c!--\n[cov-badge]: https://codecov.io/gh/go-openapi/gh-actions/branch/master/graph/badge.svg\n[cov-url]: https://codecov.io/gh/go-openapi/gh-actions\n--\u003e\n[vuln-scan-badge]: https://github.com/go-openapi/gh-actions/actions/workflows/scanner.yml/badge.svg\n[vuln-scan-url]: https://github.com/go-openapi/gh-actions/actions/workflows/scanner.yml\n[codeql-badge]: https://github.com/go-openapi/gh-actions/actions/workflows/codeql.yml/badge.svg\n[codeql-url]: https://github.com/go-openapi/gh-actions/actions/workflows/codeql.yml\n\u003c!-- Badges: release \u0026 docker images  --\u003e\n[release-badge]: https://badge.fury.io/gh/go-openapi%2Fgh-actions.svg\n[release-url]: https://badge.fury.io/gh/go-openapi%2Fgh-actions\n[gomod-badge]: https://badge.fury.io/go/github.com%2Fgo-openapi%2Fgh-actions.svg\n[gomod-url]: https://badge.fury.io/go/github.com%2Fgo-openapi%2Fgh-actions\n\u003c!-- Badges: code quality  --\u003e\n[gocard-badge]: https://goreportcard.com/badge/github.com/go-openapi/gh-actions\n[gocard-url]: https://goreportcard.com/report/github.com/go-openapi/gh-actions\n[codefactor-badge]: https://img.shields.io/codefactor/grade/github/go-openapi/gh-actions\n[codefactor-url]: https://www.codefactor.io/repository/github/go-openapi/gh-actions\n\u003c!-- Badges: documentation \u0026 support --\u003e\n[doc-badge]: https://img.shields.io/badge/doc-site-blue?link=https%3A%2F%2Fgoswagger.io%2Fgo-openapi%2F\n[doc-url]: https://goswagger.io/go-openapi\n[godoc-badge]: https://pkg.go.dev/badge/github.com/go-openapi/gh-actions\n[godoc-url]: http://pkg.go.dev/github.com/go-openapi/gh-actions\n[slack-logo]: https://a.slack-edge.com/e6a93c1/img/icons/favicon-32.png\n[slack-badge]: https://img.shields.io/badge/slack-blue?link=https%3A%2F%2Fgoswagger.slack.com%2Farchives%2FC04R30YM\n[slack-url]: https://goswagger.slack.com/archives/C04R30YMU\n[discord-badge]: https://img.shields.io/discord/1446918742398341256?logo=discord\u0026label=discord\u0026color=blue\n[discord-url]: https://discord.gg/DrafRmZx\n\n\u003c!-- Badges: license \u0026 compliance --\u003e\n[license-badge]: http://img.shields.io/badge/license-Apache%20v2-orange.svg\n[license-url]: https://github.com/go-openapi/gh-actions/?tab=Apache-2.0-1-ov-file#readme\n\u003c!-- Badges: others \u0026 stats --\u003e\n[goversion-badge]: https://img.shields.io/github/go-mod/go-version/go-openapi/gh-actions\n[goversion-url]: https://github.com/go-openapi/gh-actions/blob/master/go.mod\n[top-badge]: https://img.shields.io/github/languages/top/go-openapi/gh-actions\n[commits-badge]: https://img.shields.io/github/commits-since/go-openapi/gh-actions/latest\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgo-openapi%2Fgh-actions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgo-openapi%2Fgh-actions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgo-openapi%2Fgh-actions/lists"}