go-openapi · fredbi · Dec 6, 2025 · Dec 6, 2025
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -4,7 +4,7 @@ You'll find below general guidelines, which mostly correspond to standard practi
 
 >**TL;DR**
 >
-> If you're already an experience go developer on github, then you should just feel at home with us
+> If you're already an experienced go developer on github, then you should just feel at home with us
 > and you may well skip the rest of this document.
 >
 > You'll essentially find the usual guideline for a go library project on github.

diff --git a/.github/workflows/TODO.md b/.github/workflows/TODO.md
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -1,74 +1,15 @@
 name: Dependabot auto-merge
-on: pull_request
 
 permissions:
   contents: read
 
+on:
+  pull_request:
+
 jobs:
   dependabot:
     permissions:
       contents: write
       pull-requests: write
-    runs-on: ubuntu-latest
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
-    steps:
-      -
-        name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0
-      -
-        name: Auto-approve all dependabot PRs
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: gh pr review --approve "$PR_URL"
-      -
-        name: Auto-merge dependabot PRs for development dependencies
-        if: ${{ contains(steps.metadata.outputs.dependency-group, 'development-dependencies') }}
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: gh pr merge --auto --rebase "$PR_URL"
-      -
-        name: Auto-merge dependabot PRs for go-openapi patches
-        if: >-
-          ${{
-            contains(steps.metadata.outputs.dependency-group, 'go-openapi-dependencies') &&
-            (
-              steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
-              steps.metadata.outputs.update-type == 'version-update:semver-patch'
-            )
-          }}
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: gh pr merge --auto --rebase "$PR_URL"
-      -
-        name: Auto-merge dependabot PRs for golang.org updates
-        if: ${{ contains(steps.metadata.outputs.dependency-group, 'golang-org-dependencies') }}
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: gh pr merge --auto --rebase "$PR_URL"
-
-  # Auto merge is current disabled: we need automatic PRs to swap identity (e.g. using a Github App),
-  # so the pull_request event is properly captured and the PR can validate.
-  #actions-bot:
-  #  permissions:
-  #    contents: write
-  #    pull-requests: write
-  #  runs-on: ubuntu-latest
-  #  if: ${{ github.event.pull_request.user.login == 'github-actions[bot]' }}
-  #  steps:
-  #    -
-  #      name: Auto-approve all github-actions bot PRs
-  #      env:
-  #        PR_URL: ${{github.event.pull_request.html_url}}
-  #        GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-  #      run: gh pr review --approve "$PR_URL"
-  #    -
-  #      name: Auto-merge github-actions bot PRs
-  #      env:
-  #        PR_URL: ${{github.event.pull_request.html_url}}
-  #        GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-  #      run: gh pr merge --auto --rebase "$PR_URL"
+    uses: go-openapi/ci-workflows/.github/workflows/auto-merge.yml@d0b50195d14745b9a9a8a41cf3bb7ecd874af37a # v0.1.1
+    secrets: inherit
diff --git a/.github/workflows/bump-release.yml b/.github/workflows/bump-release.yml
@@ -0,0 +1,46 @@
+name: Bump Release
+
+permissions:
+  contents: read
+
+on:
+  workflow_dispatch:
+    inputs:
+      bump-patch:
+        description: Bump a patch version release
+        type: boolean
+        required: false
+        default: true
+      bump-minor:
+        description: Bump a minor version release
+        type: boolean
+        required: false
+        default: false
+      bump-major:
+        description: Bump a major version release
+        type: boolean
+        required: false
+        default: false
+      tag-message-title:
+        description: Tag message title to prepend to the release notes
+        required: false
+        type: string
+      tag-message-body:
+        description: |
+          Tag message body to prepend to the release notes.
+          (use "|" to replace end of line).
+        required: false
+        type: string
+
+jobs:
+  bump-release:
+    permissions:
+      contents: write
+    uses: go-openapi/ci-workflows/.github/workflows/bump-release.yml@d0b50195d14745b9a9a8a41cf3bb7ecd874af37a # v0.1.1
+    with:
+      bump-patch: ${{ inputs.bump-patch }}
+      bump-minor: ${{ inputs.bump-minor }}
+      bump-major: ${{ inputs.bump-major }}
+      tag-message-title: ${{ inputs.tag-message-title }}
+      tag-message-body: ${{ inputs.tag-message-body }}
+    secrets: inherit
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,41 +1,22 @@
 name: "CodeQL"
 
-permissions:
-  contents: read
-
 on:
   push:
     branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
-    paths-ignore:
+    paths-ignore: # remove this clause if CodeQL is a required check
       - '**/*.md'
   schedule:
     - cron: '39 19 * * 5'
 
+permissions:
+  contents: read
+
 jobs:
-  analyze:
-    name: Analyze.
-    runs-on: ubuntu-latest
-    timeout-minutes: 360
+  codeql:
     permissions:
       contents: read
       security-events: write
-      # actions: read # <- is needed only for private repositories
-    strategy:
-      fail-fast: false
-      matrix:
-        language: ['go','actions']
-    steps:
-    -
-      name: Checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-    -
-      # Initializes the CodeQL tools for scanning.
-      name: Initialize CodeQL
-      uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
-      with:
-        languages: ${{ matrix.language }}
-    -
-      name: Analyze ${{ matrix.language }}
-      uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
+    uses: go-openapi/ci-workflows/.github/workflows/codeql.yml@d0b50195d14745b9a9a8a41cf3bb7ecd874af37a # v0.1.1
+    secrets: inherit
diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml
@@ -1,49 +1,18 @@
 name: Contributors
 
-permissions:
-  contents: read
-
 on:
   schedule:
     - cron: '18 4 * * 6'
 
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
-  update-contributors:
-    name: all-time contributors
+  contributors:
     permissions:
       pull-requests: write
       contents: write
-    runs-on: ubuntu-latest
-    steps:
-    -
-      name: Checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-    -
-      name: Identify all-time contributors to this repository
-      uses: github/contributors@e345de71bbd056a34a70709afd4f4bf0a270cc1a # v1.7.7
-      env:
-        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        REPOSITORY:  ${{ github.repository }}
-        LINK_TO_PROFILE: 'True'
-    -
-      name: Rename contributor file
-      run: |
-        rm -rf contributors.json
-        mv contributors.md CONTRIBUTORS.md
-    -
-      name: Create a PR
-      id: create-pull-request
-      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
-      with:
-        commit-message: "doc: updated contributors file"
-        branch: doc/contributors-bot
-        delete-branch: true
-        title: "doc: updated contributors file"
-        token: ${{ secrets.GITHUB_TOKEN }}
-        labels: "bot"
-        draft: true
-        assignees: fredbi
-        reviewers: fredbi
-        sign-commits: true
+    uses: go-openapi/ci-workflows/.github/workflows/contributors.yml@d0b50195d14745b9a9a8a41cf3bb7ecd874af37a # v0.1.1
+    secrets: inherit