dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-12 18:07:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #83 from jablko/patch-1

Browse Source 
Default github-token
This commit is contained in:
Barry Gordon
2022-02-28 17:12:17 +00:00
committed by GitHub
parent a30bbbb91c 26e18ca119
commit f4b2d0d26d
3 changed files with 3 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/dependabot-auto-merge.yml vendored
View File

@@ -14,8 +14,6 @@ jobs:
- name: Fetch metadata
id: metadata
uses: ./
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Auto-merge
run: gh pr merge --auto --merge "$PR_URL"

10
README.md
View File

@@ -24,14 +24,14 @@ jobs:
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.2.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
alert-lookup: true
```
Supported inputs are:
- `github-token` (REQUIRED string)
- `github-token` (string)
- The `GITHUB_TOKEN` secret
- Defaults to `${{ github.token }}`
- `alert-lookup` (boolean)
- If `true`, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs.
- Defaults to `false`
@@ -88,8 +88,6 @@ jobs:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.2.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
@@ -118,8 +116,6 @@ jobs:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.2.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
run: gh pr merge --auto --merge "$PR_URL"
@@ -149,8 +145,6 @@ jobs:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.2.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Add a label for all production dependencies
if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
run: gh pr edit "$PR_URL" --add-label "production"

2
action.yml
View File

@@ -9,7 +9,7 @@ inputs:
description: 'If true, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs'
github-token:
description: 'The GITHUB_TOKEN secret'
required: true
default: ${{ github.token }}
outputs:
dependency-names:
description: 'A comma-separated list of all package names updated.'