GitHub Actions: Update typisttech/.github to v3

.github/release-drafter.yml

@@ -0,0 +1 @@
+_extends: .github

.github/workflows/audit.yml

@@ -0,0 +1,23 @@
+name: Audit
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '7 3 * * 1' # Weekly on Monday
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  go:
+    uses: typisttech/.github/.github/workflows/audit-go.yml@v3

.github/workflows/dependabot-auto-merge.yml

@@ -1,21 +1,21 @@
-# Taken from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
-# and https://github.com/dependabot/fetch-metadata/blob/06ea45a2e4582d87b11f03c7ce596ae3261f39f6/README.md?plain=1#L133-L160
 name: Dependabot Auto-merge
 
-on: pull_request
+on:
+  pull_request:
+    branches:
+      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  contents: write
+  pull-requests: write
 
 jobs:
   dependabot:
-    permissions:
-      contents: write
-      pull-requests: write
-    uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v2
+    uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v3
     with:
       minor: true
       patch: true

.github/workflows/go-generate.yml

@@ -12,16 +12,24 @@
   group: ${{ github.workflow }}-${{ github.ref_name }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
-  go-generate:
-    uses: typisttech/.github/.github/workflows/create-auto-merged-pull-request-go.yml@v2
-    permissions:
-      contents: write
-      pull-requests: write
-    with:
-      command: go generate ./...
-      branch: tastendruck/go-generate/${{ github.ref_name }}
-      labels: go-generate
-    secrets: inherit
+  update-data:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-go@v6
+        with:
+          go-version-file: 'go.mod'
+
+      - run: go generate ./...
+
+      - uses: typisttech/.github/.github/actions/create-auto-merged-pull-request@v3
+        with:
+          app-id: ${{ vars.TASTENDRUCK_APP_ID }}
+          private-key: ${{ secrets.TASTENDRUCK_PRIVATE_KEY }}
+          branch: "tastendruck/github_actions/go-generate/${{ github.ref_name }}"
+          title: ":robot: `go generate ./...`"
+          labels: go-generate

.github/workflows/go-proxy.yml

@@ -1,23 +1,9 @@
-name: Go proxy
+name: Go Proxy
 
 on: push
 
 permissions: {}
 
 jobs:
-  go-proxy:
-    if: github.repository == 'typisttech/comver'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/setup-go@v6
-        with:
-          cache: false
-      - run: go list -m -u -json -x github.com/${{ github.repository }}@${{ github.sha }}
-        env:
-          GOPROXY: https://proxy.golang.org
-          GOSUMDB: sum.golang.org
-      - run: go list -m -u -json -x github.com/${{ github.repository }}@${{ github.ref_name }}
-        continue-on-error: true
-        env:
-          GOPROXY: https://proxy.golang.org
-          GOSUMDB: sum.golang.org
+  go:
+    uses: typisttech/.github/.github/workflows/go-proxy.yml@go3

.github/workflows/govulncheck.yml → .github/workflows/lint.yml

@@ -1,8 +1,6 @@
-name: govulncheck
+name: Lint
 
 on:
-  schedule:
-    - cron: '1 1 * * 1'
   workflow_dispatch:
   pull_request:
     branches:
@@ -15,13 +13,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref_name }}-${{ github.event.pull_request.number || github.sha }}
   cancel-in-progress: true
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
-  govulncheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: golang/govulncheck-action@v1
-        with:
-          go-version-file: 'go.mod'
-          go-package: ./...
+  go:
+    uses: typisttech/.github/.github/workflows/lint-go.yml@go3

.github/workflows/release-drafter.yml

@@ -0,0 +1,22 @@
+name: Release Drafter
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  release-drafter:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: read
+    steps:
+      - uses: release-drafter/release-drafter@v6
+        env:
+          GITHUB_TOKEN: ${{ github.token }} # Not a typo.

.github/workflows/go.yml → .github/workflows/test.yml

@@ -1,4 +1,4 @@
-name: Go
+name: Test
 
 on:
   workflow_dispatch:
@@ -16,30 +16,16 @@ concurrency:
 permissions: {}
 
 jobs:
-  golangci-lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v5
-      - uses: actions/setup-go@v6
-        with:
-          go-version-file: 'go.mod'
-      - uses: golangci/golangci-lint-action@v8
-        with:
-          version: latest
-          only-new-issues: true
-          args: --verbose
-
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
       - uses: actions/setup-go@v6
         with:
           go-version-file: 'go.mod'
-      - run: go mod tidy -diff
-      - run: go mod download
-      - run: go mod verify
-      - run: go test -v -count=1 -race -shuffle=on -coverprofile=coverage.out -covermode=atomic ./...
+
+      - run: go test -count=1 -race -shuffle=on -coverprofile=coverage.out -covermode=atomic ./...
+
       - uses: actions/upload-artifact@v4
         with:
           name: coverage
@@ -52,12 +38,13 @@ jobs:
       id-token: write
     steps:
       - uses: actions/checkout@v5
-
       - uses: actions/download-artifact@v5
         with:
           name: coverage
+
       - uses: codecov/codecov-action@v5
         with:
-          use_oidc: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) }}
-          token: ${{ secrets.CODECOV_TOKEN }}
+          use_oidc: true
           fail_ci_if_error: true
+          disable_search: true
+          files: coverage.out

README.md

@@ -4,10 +4,10 @@
 
 [![Go Reference](https://pkg.go.dev/badge/github.com/typisttech/comver.svg)](https://pkg.go.dev/github.com/typisttech/comver)
 [![GitHub Release](https://img.shields.io/github/v/release/typisttech/comver?style=flat-square&)](https://github.com/typisttech/comver/releases/latest)
-[![Go](https://github.com/typisttech/comver/actions/workflows/go.yml/badge.svg)](https://github.com/typisttech/comver/actions/workflows/go.yml)
+[![Test](https://github.com/typisttech/comver/actions/workflows/test.yml/badge.svg)](https://github.com/typisttech/comver/actions/workflows/test.yml)
 [![codecov](https://codecov.io/gh/typisttech/comver/graph/badge.svg?token=GVO7RV80TJ)](https://codecov.io/gh/typisttech/comver)
 [![Go Report Card](https://goreportcard.com/badge/github.com/typisttech/comver)](https://goreportcard.com/report/github.com/typisttech/comver)
-[![license](https://img.shields.io/github/license/typisttech/comver.svg)](https://github.com/typisttech/comver/blob/master/LICENSE)
+[![License](https://img.shields.io/github/license/typisttech/comver.svg)](https://github.com/typisttech/comver/blob/master/LICENSE)
 [![Follow @TangRufus on X](https://img.shields.io/badge/Follow-TangRufus-15202B?logo=x&logoColor=white)](https://x.com/tangrufus)
 [![Follow @TangRufus.com on Bluesky](https://img.shields.io/badge/Bluesky-TangRufus.com-blue?logo=bluesky)](https://bsky.app/profile/tangrufus.com)
 [![Sponsor @TangRufus via GitHub](https://img.shields.io/badge/Sponsor-TangRufus-EA4AAA?logo=githubsponsors)](https://github.com/sponsors/tangrufus)