mirror of
https://github.com/dependabot/fetch-metadata.git
synced 2026-03-12 18:07:12 -04:00
38 lines
1.7 KiB
YAML
38 lines
1.7 KiB
YAML
name: 'Fetch Metadata from Dependabot PRs'
|
|
description: 'Extract information from about the dependency being updated by a Dependabot-generated PR'
|
|
branding:
|
|
icon: 'search'
|
|
color: 'blue'
|
|
inputs:
|
|
github-token:
|
|
description: 'The GITHUB_TOKEN secret'
|
|
required: true
|
|
outputs:
|
|
dependency-names:
|
|
description: 'A comma-separated list of all package names updated.'
|
|
dependency-type:
|
|
description: 'The type of dependency has determined this PR to be, e.g. "direct:production".'
|
|
update-type:
|
|
description: 'The highest semver change being made by this PR, e.g. "version-update:semver-major"'
|
|
updated-dependencies-json:
|
|
description: 'A JSON string containing the full information about each updated Dependency.'
|
|
directory:
|
|
description: 'The `directory` configuration that was used by dependabot for this updated Dependency.'
|
|
package-ecosystem:
|
|
description: 'The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.'
|
|
target-branch:
|
|
description: 'The `target-branch` configuration that was used by dependabot for this updated Dependency.'
|
|
previous-version:
|
|
description: 'The version that this PR updates the dependency from.'
|
|
new-version:
|
|
description: 'The version that this PR updates the dependency to.'
|
|
alert-state:
|
|
description: 'If this PR is associated with a security alert, this contains the current state of that alert (OPEN, FIXED or DISMISSED).'
|
|
ghsa-id:
|
|
description: 'If this PR is associated with a security alert, this contains the GHSA-ID of that alert.'
|
|
cvss:
|
|
description: 'If this PR is associated with a security alert, this contains the CVSS value of that alert (otherwise it contains 0).'
|
|
runs:
|
|
using: 'node12'
|
|
main: 'dist/index.js'
|