From dcab28393749bd1af089b94fb4dc066ffd3b1e92 Mon Sep 17 00:00:00 2001
From: Dmitry Verkhoturov <paskal.07@gmail.com>
Date: Thu, 9 May 2024 02:00:32 +0200
Subject: [PATCH] add dependabot updates for GitHub Actions and Go modules

---
 .github/dependabot.yml   | 22 ++++++++++++++++++++++
 .github/workflows/ci.yml |  4 ++--
 Dockerfile               |  5 +++--
 3 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..33bc481
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,22 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      "GitHub Actions updates":
+        patterns:
+          - "*"
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    groups:
+      "Go modules updates":
+        dependency-type: "production"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 44affaa..76770fb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,7 +18,7 @@ jobs:
 
     - name: test
       run: |
-        go test -v -mod=vendor -timeout=60s -covermode=count -coverprofile=$GITHUB_WORKSPACE/profile.cov_tmp ./...
+        go test -v -timeout=60s -covermode=count -coverprofile=$GITHUB_WORKSPACE/profile.cov_tmp ./...
         cat $GITHUB_WORKSPACE/profile.cov_tmp | grep -v "mock_" > $GITHUB_WORKSPACE/profile.cov
       working-directory: app
       env:
@@ -33,7 +33,7 @@ jobs:
       run: go install github.com/mattn/goveralls@latest
 
     - name: build
-      run: go build -v -mod=vendor
+      run: go build -v
       working-directory: app
 
     - name: submit coverage
diff --git a/Dockerfile b/Dockerfile
index d183274..8a90096 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,8 +7,6 @@ ARG GIT_BRANCH
 ARG SKIP_TEST
 ARG GITHUB_SHA
 
-ENV GOFLAGS="-mod=vendor"
-
 ADD . /build/secrets
 WORKDIR /build/secrets
 
@@ -29,6 +27,9 @@ RUN \
 
 FROM umputun/baseimage:app-latest
 
+# enables automatic changelog generation by tools like Dependabot
+LABEL org.opencontainers.image.source="https://github.com/umputun/secrets"
+
 COPY --from=build-backend /build/secrets.bin /srv/secrets
 COPY --from=build-backend /build/secrets/ui/static /srv/ui/static/