Merge branch 'main' into use_author

2026-03-12 18:07:12 -04:00 · 2022-02-11 20:46:55 -06:00
parent 960d125896 37d2f784cd
commit 17e334fb15
11 changed files with 193 additions and 28 deletions
--- a/README.md
+++ b/README.md
@@ -37,6 +37,12 @@ Subsequent actions will have access to the following outputs:
  - The highest semver change being made by this PR, e.g. `version-update:semver-major`. For all possible values, see [the `ignore` documentation](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#ignore).
 - `steps.dependabot-metadata.outputs.updated-dependencies-json`
  - A JSON string containing the full information about each updated Dependency.
+- `steps.dependabot-metadata.outputs.directory`
+  - The `directory` configuration that was used by dependabot for this updated Dependency.
+- `steps.dependabot-metadata.outputs.package-ecosystem`
+  - The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.
+- `steps.dependabot-metadata.outputs.target-branch`
+  - The `target-branch` configuration that was used by dependabot for this updated Dependency.

 **Note:** These outputs will only be populated if the target Pull Request was opened by Dependabot and contains
 **only** Dependabot-created commits.
--- a/action.yml
+++ b/action.yml
@@ -16,6 +16,12 @@ outputs:
    description: 'The highest semver change being made by this PR, e.g. "version-update:semver-major"'
  updated-dependencies-json:
    description: 'A JSON string containing the full information about each updated Dependency.'
+  directory:
+    description: 'The `directory` configuration that was used by dependabot for this updated Dependency.'
+  package-ecosystem:
+    description: 'The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.'
+  target-branch:
+    description: 'The `target-branch` configuration that was used by dependabot for this updated Dependency.'
 runs:
  using: 'node12'
  main: 'dist/index.js'
--- a/dist/index.js
+++ b/dist/index.js
@@ -13406,16 +13406,23 @@ function warnOtherCommits() {
 var yaml = __nccwpck_require__(3552);
 ;// CONCATENATED MODULE: ./src/dependabot/update_metadata.ts

-function parse(commitMessage) {
+function parse(commitMessage, branchName, mainBranch) {
    const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m);
-    if (yamlFragment === null || yamlFragment === void 0 ? void 0 : yamlFragment.groups) {
+    if ((yamlFragment === null || yamlFragment === void 0 ? void 0 : yamlFragment.groups) && branchName.startsWith('dependabot')) {
        const data = yaml.parse(yamlFragment.groups.dependencies);
+        // Since we are on the `dependabot` branch (9 letters), the 10th letter in the branch name is the delimiter
+        const delim = branchName[10];
+        const chunks = branchName.split(delim);
+        const dirname = chunks.slice(2, -1).join(delim) || '/';
        if (data['updated-dependencies']) {
            return data['updated-dependencies'].map(dependency => {
                return {
                    dependencyName: dependency['dependency-name'],
                    dependencyType: dependency['dependency-type'],
-                    updateType: dependency['update-type']
+                    updateType: dependency['update-type'],
+                    directory: dirname,
+                    packageEcosystem: chunks[1],
+                    targetBranch: mainBranch
                };
            });
        }
@@ -13445,15 +13452,25 @@ function set(updatedDependencies) {
    }).join(', ');
    const dependencyType = maxDependencyTypes(updatedDependencies);
    const updateType = maxSemver(updatedDependencies);
+    const firstDependency = updatedDependencies[0];
+    const directory = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.directory;
+    const ecosystem = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.packageEcosystem;
+    const target = firstDependency === null || firstDependency === void 0 ? void 0 : firstDependency.targetBranch;
    core.startGroup(`Outputting metadata for ${pluralize_default()('updated dependency', updatedDependencies.length, true)}`);
    core.info(`outputs.dependency-names: ${dependencyNames}`);
    core.info(`outputs.dependency-type: ${dependencyType}`);
    core.info(`outputs.update-type: ${updateType}`);
+    core.info(`outputs.directory: ${directory}`);
+    core.info(`outputs.package-ecosystem: ${ecosystem}`);
+    core.info(`outputs.target-branch: ${target}`);
    core.endGroup();
    core.setOutput('updated-dependencies-json', updatedDependencies);
    core.setOutput('dependency-names', dependencyNames);
    core.setOutput('dependency-type', dependencyType);
    core.setOutput('update-type', updateType);
+    core.setOutput('directory', directory);
+    core.setOutput('package-ecosystem', ecosystem);
+    core.setOutput('target-branch', target);
 }
 function maxDependencyTypes(updatedDependencies) {
    const dependencyTypes = updatedDependencies.reduce(function (dependencyTypes, dependency) {
@@ -13470,6 +13487,19 @@ function maxSemver(updatedDependencies) {
    return UPDATE_TYPES_PRIORITY.find(semverLevel => semverLevels.has(semverLevel)) || null;
 }

+;// CONCATENATED MODULE: ./src/dependabot/util.ts
+function parseNwo(nwo) {
+    const [owner, name] = nwo.split('/');
+    if (!owner || !name) {
+        throw new Error(`'${nwo}' does not appear to be a valid repository NWO`);
+    }
+    return { owner: owner, repo: name };
+}
+function getBranchNames(context) {
+    const { pull_request: pr } = context.payload;
+    return { headName: (pr === null || pr === void 0 ? void 0 : pr.head.ref) || '', baseName: pr === null || pr === void 0 ? void 0 : pr.base.ref };
+}
+
 ;// CONCATENATED MODULE: ./src/main.ts
 var main_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -13486,6 +13516,7 @@ var main_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arg



+
 function run() {
    return main_awaiter(this, void 0, void 0, function* () {
        const token = core.getInput('github-token');
@@ -13499,10 +13530,11 @@ function run() {
            const githubClient = github.getOctokit(token);
            // Validate the job
            const commitMessage = yield getMessage(githubClient, github.context);
+            const branchNames = getBranchNames(github.context);
            if (commitMessage) {
                // Parse metadata
                core.info('Parsing Dependabot metadata');
-                const updatedDependencies = parse(commitMessage);
+                const updatedDependencies = parse(commitMessage, branchNames.headName, branchNames.baseName);
                if (updatedDependencies.length > 0) {
                    set(updatedDependencies);
                }
--- a/src/dependabot/output.test.ts
+++ b/src/dependabot/output.test.ts
@@ -14,7 +14,10 @@ test('when given a single dependency it sets its values', async () => {
    {
      dependencyName: 'coffee-rails',
      dependencyType: 'direct:production',
-      updateType: 'version-update:semver-minor'
+      updateType: 'version-update:semver-minor',
+      directory: 'wwwroot',
+      packageEcosystem: 'nuget',
+      targetBranch: 'main'
    }
  ]

@@ -29,6 +32,9 @@ test('when given a single dependency it sets its values', async () => {
  expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails')
  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production')
  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor')
+  expect(core.setOutput).toBeCalledWith('directory', 'wwwroot')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget')
+  expect(core.setOutput).toBeCalledWith('target-branch', 'main')
 })

 test('when given a multiple dependencies, it uses the highest values for types', async () => {
@@ -36,22 +42,34 @@ test('when given a multiple dependencies, it uses the highest values for types',
    {
      dependencyName: 'rspec',
      dependencyType: 'direct:development',
-      updateType: 'version-update:semver-minor'
+      updateType: 'version-update:semver-minor',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    },
    {
      dependencyName: 'coffee-rails',
      dependencyType: 'indirect',
-      updateType: 'version-update:semver-minor'
+      updateType: 'version-update:semver-minor',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    },
    {
      dependencyName: 'coffeescript',
      dependencyType: 'indirect',
-      updateType: 'version-update:semver-major'
+      updateType: 'version-update:semver-major',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    },
    {
      dependencyName: 'rspec-coffeescript',
      dependencyType: 'indirect',
-      updateType: 'version-update:semver-patch'
+      updateType: 'version-update:semver-patch',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    }
  ]

@@ -62,6 +80,9 @@ test('when given a multiple dependencies, it uses the highest values for types',
  expect(core.setOutput).toBeCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript')
  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development')
  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major')
+  expect(core.setOutput).toBeCalledWith('directory', '')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', '')
+  expect(core.setOutput).toBeCalledWith('target-branch', '')
 })

 test('when the dependency has no update type', async () => {
@@ -69,7 +90,10 @@ test('when the dependency has no update type', async () => {
    {
      dependencyName: 'coffee-rails',
      dependencyType: 'direct:production',
-      updateType: ''
+      updateType: '',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    }
  ]

@@ -84,6 +108,9 @@ test('when the dependency has no update type', async () => {
  expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails')
  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production')
  expect(core.setOutput).toBeCalledWith('update-type', null)
+  expect(core.setOutput).toBeCalledWith('directory', '')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', '')
+  expect(core.setOutput).toBeCalledWith('target-branch', '')
 })

 test('when given a multiple dependencies, and some do not have update types', async () => {
@@ -91,22 +118,34 @@ test('when given a multiple dependencies, and some do not have update types', as
    {
      dependencyName: 'rspec',
      dependencyType: 'direct:development',
-      updateType: ''
+      updateType: '',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    },
    {
      dependencyName: 'coffee-rails',
      dependencyType: 'indirect',
-      updateType: 'version-update:semver-minor'
+      updateType: 'version-update:semver-minor',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    },
    {
      dependencyName: 'coffeescript',
      dependencyType: 'indirect',
-      updateType: ''
+      updateType: '',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    },
    {
      dependencyName: 'rspec-coffeescript',
      dependencyType: 'indirect',
-      updateType: 'version-update:semver-patch'
+      updateType: 'version-update:semver-patch',
+      directory: '',
+      packageEcosystem: '',
+      targetBranch: ''
    }
  ]

@@ -117,4 +156,7 @@ test('when given a multiple dependencies, and some do not have update types', as
  expect(core.setOutput).toBeCalledWith('dependency-names', 'rspec, coffee-rails, coffeescript, rspec-coffeescript')
  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development')
  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor')
+  expect(core.setOutput).toBeCalledWith('directory', '')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', '')
+  expect(core.setOutput).toBeCalledWith('target-branch', '')
 })
--- a/src/dependabot/output.ts
+++ b/src/dependabot/output.ts
@@ -20,16 +20,27 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
  const dependencyType = maxDependencyTypes(updatedDependencies)
  const updateType = maxSemver(updatedDependencies)

+  const firstDependency = updatedDependencies[0]
+  const directory = firstDependency?.directory
+  const ecosystem = firstDependency?.packageEcosystem
+  const target = firstDependency?.targetBranch
+
  core.startGroup(`Outputting metadata for ${Pluralize('updated dependency', updatedDependencies.length, true)}`)
  core.info(`outputs.dependency-names: ${dependencyNames}`)
  core.info(`outputs.dependency-type: ${dependencyType}`)
  core.info(`outputs.update-type: ${updateType}`)
+  core.info(`outputs.directory: ${directory}`)
+  core.info(`outputs.package-ecosystem: ${ecosystem}`)
+  core.info(`outputs.target-branch: ${target}`)
  core.endGroup()

  core.setOutput('updated-dependencies-json', updatedDependencies)
  core.setOutput('dependency-names', dependencyNames)
  core.setOutput('dependency-type', dependencyType)
  core.setOutput('update-type', updateType)
+  core.setOutput('directory', directory)
+  core.setOutput('package-ecosystem', ecosystem)
+  core.setOutput('target-branch', target)
 }

 function maxDependencyTypes (updatedDependencies: Array<updatedDependency>): string {
--- a/src/dependabot/update_metadata.test.ts
+++ b/src/dependabot/update_metadata.test.ts
@@ -1,7 +1,7 @@
 import * as updateMetadata from './update_metadata'

 test('it returns an empty array for a blank string', async () => {
-  expect(updateMetadata.parse('')).toEqual([])
+  expect(updateMetadata.parse('', 'dependabot/nuget/feature1', 'main')).toEqual([])
 })

 test('it returns an empty array for commit message with no dependabot yaml fragment', async () => {
@@ -12,7 +12,7 @@ test('it returns an empty array for commit message with no dependabot yaml fragm

  Signed-off-by: dependabot[bot] <support@github.com>`

-  expect(updateMetadata.parse(commitMessage)).toEqual([])
+  expect(updateMetadata.parse(commitMessage, 'dependabot/nuget/feature1', 'main')).toEqual([])
 })

 test('it returns the updated dependency information when there is a yaml fragment', async () => {
@@ -31,13 +31,16 @@ test('it returns the updated dependency information when there is a yaml fragmen
    '\n' +
    'Signed-off-by: dependabot[bot] <support@github.com>'

-  const updatedDependencies = updateMetadata.parse(commitMessage)
+  const updatedDependencies = updateMetadata.parse(commitMessage, 'dependabot/nuget/feature1', 'main')

  expect(updatedDependencies).toHaveLength(1)

  expect(updatedDependencies[0].dependencyName).toEqual('coffee-rails')
  expect(updatedDependencies[0].dependencyType).toEqual('direct:production')
  expect(updatedDependencies[0].updateType).toEqual('version-update:semver-minor')
+  expect(updatedDependencies[0].directory).toEqual('/')
+  expect(updatedDependencies[0].packageEcosystem).toEqual('nuget')
+  expect(updatedDependencies[0].targetBranch).toEqual('main')
 })

 test('it supports multiple dependencies within a single fragment', async () => {
@@ -59,17 +62,23 @@ test('it supports multiple dependencies within a single fragment', async () => {
    '\n' +
    'Signed-off-by: dependabot[bot] <support@github.com>'

-  const updatedDependencies = updateMetadata.parse(commitMessage)
+  const updatedDependencies = updateMetadata.parse(commitMessage, 'dependabot/nuget/api/main/feature1', 'main')

  expect(updatedDependencies).toHaveLength(2)

  expect(updatedDependencies[0].dependencyName).toEqual('coffee-rails')
  expect(updatedDependencies[0].dependencyType).toEqual('direct:production')
  expect(updatedDependencies[0].updateType).toEqual('version-update:semver-minor')
+  expect(updatedDependencies[0].directory).toEqual('api/main')
+  expect(updatedDependencies[0].packageEcosystem).toEqual('nuget')
+  expect(updatedDependencies[0].targetBranch).toEqual('main')

  expect(updatedDependencies[1].dependencyName).toEqual('coffeescript')
  expect(updatedDependencies[1].dependencyType).toEqual('indirect')
  expect(updatedDependencies[1].updateType).toEqual('version-update:semver-patch')
+  expect(updatedDependencies[1].directory).toEqual('api/main')
+  expect(updatedDependencies[1].packageEcosystem).toEqual('nuget')
+  expect(updatedDependencies[1].targetBranch).toEqual('main')
 })

 test('it only returns information within the first fragment if there are multiple yaml documents', async () => {
@@ -95,11 +104,14 @@ test('it only returns information within the first fragment if there are multipl
    '\n' +
    'Signed-off-by: dependabot[bot] <support@github.com>'

-  const updatedDependencies = updateMetadata.parse(commitMessage)
+  const updatedDependencies = updateMetadata.parse(commitMessage, 'dependabot|nuget|api|feature1', 'main')

  expect(updatedDependencies).toHaveLength(1)

  expect(updatedDependencies[0].dependencyName).toEqual('coffee-rails')
  expect(updatedDependencies[0].dependencyType).toEqual('direct:production')
  expect(updatedDependencies[0].updateType).toEqual('version-update:semver-minor')
+  expect(updatedDependencies[0].directory).toEqual('api')
+  expect(updatedDependencies[0].packageEcosystem).toEqual('nuget')
+  expect(updatedDependencies[0].targetBranch).toEqual('main')
 })
--- a/src/dependabot/update_metadata.ts
+++ b/src/dependabot/update_metadata.ts
@@ -4,20 +4,31 @@ export interface updatedDependency {
  dependencyName: string,
  dependencyType: string,
  updateType: string,
+  directory: string,
+  packageEcosystem: string,
+  targetBranch: string
 }

-export function parse (commitMessage: string): Array<updatedDependency> {
+export function parse (commitMessage: string, branchName: string, mainBranch: string): Array<updatedDependency> {
  const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m)

-  if (yamlFragment?.groups) {
+  if (yamlFragment?.groups && branchName.startsWith('dependabot')) {
    const data = YAML.parse(yamlFragment.groups.dependencies)

+    // Since we are on the `dependabot` branch (9 letters), the 10th letter in the branch name is the delimiter
+    const delim = branchName[10]
+    const chunks = branchName.split(delim)
+    const dirname = chunks.slice(2, -1).join(delim) || '/'
+
    if (data['updated-dependencies']) {
      return data['updated-dependencies'].map(dependency => {
        return {
          dependencyName: dependency['dependency-name'],
          dependencyType: dependency['dependency-type'],
-          updateType: dependency['update-type']
+          updateType: dependency['update-type'],
+          directory: dirname,
+          packageEcosystem: chunks[1],
+          targetBranch: mainBranch
        }
      })
    }
--- a/src/dependabot/util.ts
+++ b/src/dependabot/util.ts
@@ -1,3 +1,5 @@
+import { Context } from '@actions/github/lib/context'
+
 export function parseNwo (nwo: string): {owner: string; repo: string} {
  const [owner, name] = nwo.split('/')

@@ -7,3 +9,13 @@ export function parseNwo (nwo: string): {owner: string; repo: string} {

  return { owner: owner, repo: name }
 }
+
+export interface branchNames {
+  headName: string,
+  baseName: string
+}
+
+export function getBranchNames (context: Context): branchNames {
+  const { pull_request: pr } = context.payload
+  return { headName: pr?.head.ref || '', baseName: pr?.base.ref }
+}
--- a/src/dry-run.ts
+++ b/src/dry-run.ts
@@ -7,7 +7,7 @@ import { hideBin } from 'yargs/helpers'

 import { getMessage } from './dependabot/verified_commits'
 import { parse } from './dependabot/update_metadata'
-import { parseNwo } from './dependabot/util'
+import { getBranchNames, parseNwo } from './dependabot/util'

 async function check (args: any): Promise<void> {
  try {
@@ -40,11 +40,19 @@ async function check (args: any): Promise<void> {

    // Retries the commit message if the PR is from Dependabot
    const commitMessage = await getMessage(githubClient, actionContext)
+    const pullRequest: any = await (await githubClient.rest.pulls.get({ owner: repoDetails.owner, repo: repoDetails.repo, pull_number: args.prNumber })).data
+
+    const newContext = new Context()
+    newContext.payload = {
+      pull_request: pullRequest,
+      repository: actionContext.payload.repository
+    }

    if (commitMessage) {
      console.log('This appears to be a valid Dependabot Pull Request.')
+      const branchNames = getBranchNames(newContext)

-      const updatedDependencies = parse(commitMessage)
+      const updatedDependencies = parse(commitMessage, branchNames.headName, branchNames.baseName)

      if (updatedDependencies.length > 0) {
        console.log('Updated dependencies:')
--- a/src/main.test.ts
+++ b/src/main.test.ts
@@ -2,6 +2,7 @@ import * as core from '@actions/core'
 import { run } from './main'
 import { RequestError } from '@octokit/request-error'
 import * as dependabotCommits from './dependabot/verified_commits'
+import * as util from './dependabot/util'

 beforeEach(() => {
  jest.restoreAllMocks()
@@ -13,6 +14,7 @@ beforeEach(() => {

 test('it early exits with an error if github-token is not set', async () => {
  jest.spyOn(core, 'getInput').mockReturnValue('')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })

  await run()

@@ -26,6 +28,7 @@ test('it early exits with an error if github-token is not set', async () => {

 test('it does nothing if the PR is not verified as from Dependabot', async () => {
  jest.spyOn(core, 'getInput').mockReturnValue('mock-token')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })
  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
    () => Promise.resolve(false)
  ))
@@ -39,6 +42,7 @@ test('it does nothing if the PR is not verified as from Dependabot', async () =>

 test('it does nothing if there is no metadata in the commit', async () => {
  jest.spyOn(core, 'getInput').mockReturnValue('mock-token')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })
  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
    () => Promise.resolve('Just a commit message, nothing to see here.')
  ))
@@ -67,6 +71,7 @@ test('it sets the updated dependency as an output for subsequent actions', async
    'Signed-off-by: dependabot[bot] <support@github.com>'

  jest.spyOn(core, 'getInput').mockReturnValue('mock-token')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })
  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
    () => Promise.resolve(mockCommitMessage)
  ))
@@ -84,7 +89,10 @@ test('it sets the updated dependency as an output for subsequent actions', async
      {
        dependencyName: 'coffee-rails',
        dependencyType: 'direct:production',
-        updateType: 'version-update:semver-minor'
+        updateType: 'version-update:semver-minor',
+        directory: '/',
+        packageEcosystem: 'nuget',
+        targetBranch: 'main'
      }
    ]
  )
@@ -92,6 +100,9 @@ test('it sets the updated dependency as an output for subsequent actions', async
  expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails')
  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production')
  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor')
+  expect(core.setOutput).toBeCalledWith('directory', '/')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', 'nuget')
+  expect(core.setOutput).toBeCalledWith('target-branch', 'main')
 })

 test('if there are multiple dependencies, it summarizes them', async () => {
@@ -114,6 +125,7 @@ test('if there are multiple dependencies, it summarizes them', async () => {
    'Signed-off-by: dependabot[bot] <support@github.com>'

  jest.spyOn(core, 'getInput').mockReturnValue('mock-token')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot/npm_and_yarn/api/main/feature1', baseName: 'trunk' })
  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
    () => Promise.resolve(mockCommitMessage)
  ))
@@ -131,12 +143,18 @@ test('if there are multiple dependencies, it summarizes them', async () => {
      {
        dependencyName: 'coffee-rails',
        dependencyType: 'direct:production',
-        updateType: 'version-update:semver-minor'
+        updateType: 'version-update:semver-minor',
+        directory: 'api/main',
+        packageEcosystem: 'npm_and_yarn',
+        targetBranch: 'trunk'
      },
      {
        dependencyName: 'coffeescript',
        dependencyType: 'indirect',
-        updateType: 'version-update:semver-major'
+        updateType: 'version-update:semver-major',
+        directory: 'api/main',
+        packageEcosystem: 'npm_and_yarn',
+        targetBranch: 'trunk'
      }
    ]
  )
@@ -144,10 +162,14 @@ test('if there are multiple dependencies, it summarizes them', async () => {
  expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails, coffeescript')
  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production')
  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major')
+  expect(core.setOutput).toBeCalledWith('directory', 'api/main')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', 'npm_and_yarn')
+  expect(core.setOutput).toBeCalledWith('target-branch', 'trunk')
 })

 test('it sets the action to failed if there is an unexpected exception', async () => {
  jest.spyOn(core, 'getInput').mockReturnValue('mock-token')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })
  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
    () => Promise.reject(new Error('Something bad happened!'))
  ))
@@ -161,6 +183,7 @@ test('it sets the action to failed if there is an unexpected exception', async (

 test('it sets the action to failed if there is a request error', async () => {
  jest.spyOn(core, 'getInput').mockReturnValue('mock-token')
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|nuget|feature1', baseName: 'main' })
  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
    () => Promise.reject(new RequestError('Something bad happened!', 500, {
      headers: {},
--- a/src/main.ts
+++ b/src/main.ts
@@ -4,6 +4,7 @@ import { RequestError } from '@octokit/request-error'
 import * as verifiedCommits from './dependabot/verified_commits'
 import * as updateMetadata from './dependabot/update_metadata'
 import * as output from './dependabot/output'
+import * as util from './dependabot/util'

 export async function run (): Promise<void> {
  const token = core.getInput('github-token')
@@ -22,12 +23,13 @@ export async function run (): Promise<void> {

    // Validate the job
    const commitMessage = await verifiedCommits.getMessage(githubClient, github.context)
+    const branchNames = util.getBranchNames(github.context)

    if (commitMessage) {
      // Parse metadata
      core.info('Parsing Dependabot metadata')

-      const updatedDependencies = updateMetadata.parse(commitMessage)
+      const updatedDependencies = updateMetadata.parse(commitMessage, branchNames.headName, branchNames.baseName)

      if (updatedDependencies.length > 0) {
        output.set(updatedDependencies)