dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-12 18:07:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
9977d7bbd8bfd13b7f3895fd002bc660c93bf6a1
fetch-metadata/action.yml
Michael Waddell 32fd3a60da Added flag if "Maintainer changes" appears in the PR body (#174) 
Ideally this would get passed over in the commit message instead of being part of the (editable) PR body. For now though we can just use the PR body.
2023-04-24 13:14:30 -07:00

56 lines
2.8 KiB
YAML
Raw Blame History

name: 'Fetch Metadata from Dependabot PRs'
description: 'Extract information from about the dependency being updated by a Dependabot-generated PR'
branding:
icon: 'search'
color: 'blue'
inputs:
alert-lookup:
type: boolean
description: 'If true, then populate the `alert-state`, `ghsa-id` and `cvss` outputs'
compat-lookup:
type: boolean
description: 'If true, then populate the `compatibility-score` output'
github-token:
description: 'The GITHUB_TOKEN secret'
default: ${{ github.token }}
skip-commit-verification:
type: boolean
description: 'If true, the action will not expect Dependabot commits to be verified. This should be set as `true` in GHES environments'
default: false
skip-verification:
type: boolean
description: 'If true, the action will not validate the user or the commit verification status'
default: false
outputs:
dependency-names:
description: 'A comma-separated list of all package names updated.'
dependency-type:
description: 'The type of dependency has determined this PR to be, e.g. "direct:production".'
update-type:
description: 'The highest semver change being made by this PR, e.g. "version-update:semver-major"'
updated-dependencies-json:
description: 'A JSON string containing the full information about each updated Dependency.'
directory:
description: 'The `directory` configuration that was used by dependabot for this updated Dependency.'
package-ecosystem:
description: 'The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.'
target-branch:
description: 'The `target-branch` configuration that was used by dependabot for this updated Dependency.'
previous-version:
description: 'The version that this PR updates the dependency from.'
new-version:
description: 'The version that this PR updates the dependency to.'
alert-state:
description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the current state of that alert (OPEN, FIXED or DISMISSED).'
ghsa-id:
description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the GHSA-ID of that alert.'
cvss:
description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the CVSS value of that alert (otherwise it contains 0).'
compatibility-score:
description: 'If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0).'
maintainer-changes:
description: 'Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed.'
runs:
using: 'node16'
main: 'dist/index.js'
Reference in New Issue View Git Blame Copy Permalink