Merge pull request #372 from alphagov/sengi/dont-prevent-security-upd…

…ates Eliminate patch version update toil.
alphagov · Jul 27, 2023 · 98130a3 · 98130a3
2 parents 4c948d8 + 763e648
commit 98130a3
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 29 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,11 +1,11 @@
+---
 version: 2
 updates:
-  - package-ecosystem: gomod
+  - package-ecosystem: docker
     directory: /
     schedule:
       interval: daily
-
-  - package-ecosystem: docker
+  - package-ecosystem: gomod
     directory: /
     schedule:
-      interval: weekly
+      interval: daily
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
         with:
-          go-version: '1.20.4'
+          go-version-file: go.mod
       - run: make unit_tests
       - run: make integration_tests
         env:

diff --git a/.go-version b/.go-version
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20.5-alpine AS builder
+FROM golang:1.20-alpine AS builder
 ARG TARGETARCH TARGETOS
 WORKDIR /src
 COPY . ./

diff --git a/README.md b/README.md
@@ -77,35 +77,18 @@ DEBUG=1 DEBUG_ROUTER=1 make test
 
 This project uses [Go Modules](https://github.com/golang/go/wiki/Modules) to vendor its dependencies. To update the dependencies:
 
-    go mod vendor
+1. Run `go mod tidy && go mod vendor`.
+1. Check for any errors and commit.
 
-### Updating the version of Go
+Occasionally an old module may need updating explicitly via `go get -u
+<repo-of-module>`, for example `go get -u github.com/streadway/quantile`
 
-Dependabot raises PR's to update the dependencies for Router. This includes raising a PR when a new version of Go is available. However to update the version of Go, it's necessary to do more than just merge this dependabot PR. Here is an [example PR](https://github.com/alphagov/router/pull/345/files) with all the below changes, and here are the steps:
-
-1. Dependabot's PR will modify the Go version in the Dockerfile (and thus what is build in the Kubernetes engine), but you also need to update the version number in the file `.go-version`.
-2. You will also have to update the Go version in `go.mod`. This will necessitate having Go installed on your local machine, changing the version number and running in terminal `go mod tidy` and `go mod vendor` in sequence to update correctly. This may have no changes at all, but see [example pr](https://github.com/alphagov/router/pull/307/commits/c0e4d753a48c71e84a3e4734389191e36bae9611) for a larger update. Also see [Upgrading Go Modules](#upgrading-go-modules).
-3. Finally you need to update the go version in `ci.yml`.
-4. Before you merge this PR, put the branch onto staging and leave it there for a couple of weekdays. Check for anything unexpected in icinga and sentry.
-5. If you are confident that the version bump is safe for production, you can merge your PR and deploy it to production. It is best to do this at a quiet time of the day (such as 7am) to minimise any potential disruption.
-6. Make sure govuk-docker is updated to match the new version. See [here](https://github.com/alphagov/govuk-docker/pull/643/files).
-
-#### Upgrading Go Modules
-
-Sometimes modules will need to be manually upgraded after the above steps. This will satisfy dependencies that are old and do not use the `go.mod` file management system. Most likely you will see errors that require this when there is a failure to properly vendor `go.mod` due to an unsupported feature call in a dependency.
-
-To do this, you'll require GoLang installed on your machine.
-
-1. First, follow point 3 of the above [guide for upgrating](#updating-the-version-of-go) the version of Go.
-2. If you determine through test failures that a module will need to be upgraded, in terminal at the root of `router` type in the following: `go get -u [repo-of-module]` - For example: `go get -u github.com/streadway/quantile`
-3. Run `go mod tidy` and `go mod vendor`. Check for any errors and commit.
 
 ### Further documentation
 
 - [Data structure](docs/data-structure.md)
 - [Original thinking behind the router](https://gdstechnology.blog.gov.uk/2013/12/05/building-a-new-router-for-gov-uk)
-- [Example of adding a metric](https://github.com/alphagov/router/commit/b443d3dd9cf776143eed270d01bd98d2233caea6) using the [Go prometheus client library](https://godoc.org/github.com/dnesting/client_golang/prometheus)
-
+- [Example of adding a metric](https://github.com/alphagov/router/commit/b443d3d) using the [Go prometheus client library](https://godoc.org/github.com/dnesting/client_golang/prometheus)
 
 ## Licence