Auto-update Go dependencies
The update script hardcodes gitlab.com as the GitLab server, and documents required CI variables.
Designed to be run in a CI-scheduled job.
A variant of this was tested on a fork. See:
This script requires a GitLab API token with api and write_repository scopes. I think it makes much more sense to run this on .com, rather than the ops mirror. Historically we've shied away from putting .com API tokens in .com's own pipelines, even as masked vars.
If we want to reduce the blast radius of this token, we could create a new user?
Edited by Craig Furman