dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-12 18:07:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
5dd06f4151127c136d8e14604ff2534f71a77323
fetch-metadata/README.md

1.2 KiB
Raw Blame History

Dependabot

Dependabot Pull Request Action

Name: dependabot/pull-request-action

Usage instructions

Create a workflow file that contains a step that uses: dependabot/pull-request-action@v1`, e.g.

-- .github/workflows/dependabot-prs.yml
name: Dependabot Pull Request
on: pull_request_target

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Fetch Dependabot metadata
      id: metadata
      uses: dependabot/pull-request-action
      with:
        github-token: "${{ secrets.GITHUB_TOKEN }}"

Subsequent actions will have access to steps.metadata.outputs.dependabot-updated-dependencies which will contain a JSON object with information about the changes, e.g.

[
  {
    "name": "dependabot-core",
    "type": "direct:production",
    "updateType": "version-update:semver-major"
  }
]

Note: This output will only be populated if the target Pull Request was opened by Dependabot and contains only Dependabot-created commits.

Auto-approving

NYI

Enabling GitHub automerge

NYI

Why?

NYI

Development and release process

NYI

Reference in New Issue View Git Blame Copy Permalink