In the current main branch, workflow update-tools includes the content
of the upstream release notes in the created GitHub Issue. This
triggers a notification to every upstream contributor mentioned in the
release note. This also creates a cross-reference link to our GitHub
Issue (reporting that our dependency is not up-to-date) in every
upstream issue and pull request. The information that we need to
update our dependency is not relavant to the upstream contributors,
issues, and pull requests at all. We should avoid this situation.
In the first place, we do not need to include a copy of the upstream
release note. We can just put a link to the upstream release note.
Currently, we anyway hide the content in the <details> tag and require
the reader to press the button. The user experience is not so
different from pressing a link and visiting the upstream release note.
Some of our scripts download tools from a repo. These can't be bumped by dependabot, so this workflow is a self-created dependabot to bump versions of those tools to stay up-to-date.
This workflow only creates a PR if the version was actually updated.
Tools currently supported:
- Shellcheck (in 2 different files)
- Shellfmt
- oci-oras
- Bat
