Add private keys to go-build auto pin update workflow

.semaphore/update-go-build-pins.yml

@@ -9,8 +9,12 @@ execution_time_limit:
   minutes: 30
 
 global_job_config:
+  secrets:
+    - name: private-repo
   prologue:
     commands:
+      - chmod 0600 ~/.keys/*
+      - ssh-add ~/.keys/*
       - checkout
 
 blocks:
@@ -20,6 +24,13 @@ blocks:
         - name: marvin-github-token
       jobs:
         - name: Auto calico/go-build update
+          env_vars:
+            - name: GITHUB_TOKEN
+              value: ${MARVIN_GITHUB_TOKEN}
+            - name: GIT_COMMIT_EXTRA_FILES
+              value: metadata.mk
+            - name: GIT_COMMIT_TITLE
+              value: "Semaphore Auto go-build Update"
           commands:
             - CONFIRM=true make git-config
-            - CONFIRM=true GITHUB_TOKEN=${MARVIN_GITHUB_TOKEN} make trigger-auto-pin-update-process
+            - CONFIRM=true make trigger-auto-pin-update-process

lib.Makefile

@@ -487,6 +487,7 @@ commit-and-push-pr:
 #   Helper macros and targets to help with communicating with the github API
 ###############################################################################
 GIT_COMMIT_MESSAGE?="Automatic Pin Updates"
+GIT_COMMIT_TITLE?="Semaphore Auto Pin Update"
 GIT_PR_BRANCH_BASE?=$(SEMAPHORE_GIT_BRANCH)
 PIN_UPDATE_BRANCH?=semaphore-auto-pin-updates-$(GIT_PR_BRANCH_BASE)
 GIT_PR_BRANCH_HEAD?=$(PIN_UPDATE_BRANCH)
@@ -563,7 +564,7 @@ endif
 	git checkout -b $(GIT_PR_BRANCH_HEAD)
 
 create-pin-update-pr:
-	$(call github_pr_create,$(GIT_REPO_SLUG),[$(GIT_PR_BRANCH_BASE)] Semaphore Auto Pin Update,$(GIT_PR_BRANCH_HEAD),$(GIT_PR_BRANCH_BASE))
+	$(call github_pr_create,$(GIT_REPO_SLUG),[$(GIT_PR_BRANCH_BASE)] $(GIT_COMMIT_TITLE),$(GIT_PR_BRANCH_HEAD),$(GIT_PR_BRANCH_BASE))
 	echo 'Created pin update pull request $(PR_NUMBER)'
 
 # Add the "/merge-when-ready" comment to enable the "merge when ready" functionality, i.e. when the pull request is passing