dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-12 18:07:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
efb8718212b9b67ae628ffc209cccb93af694cd7
fetch-metadata/action.yml
Nish Sinha f2f0ad1522 Upgrade from node16 to node20 (#443) 
* Upgrade from node16 to node20

node16 is now EOL

* Ugrade node and npm versions

* Use the GitHub Actions reporter to stop failing on core.setFailure tests

* `npm >= 10` requires `node >= 20.5.0`

Co-authored-by: Paul <schuette.paul@gmail.com>

---------

Co-authored-by: Jeff Widman <jeff@jeffwidman.com>
Co-authored-by: Paul <schuette.paul@gmail.com>
2024-03-21 10:58:45 -07:00

56 lines
2.8 KiB
YAML
Raw Blame History

name: 'Fetch Metadata from Dependabot PRs'
description: 'Extract information from about the dependency being updated by a Dependabot-generated PR'
branding:
icon: 'search'
color: 'blue'
inputs:
alert-lookup:
type: boolean
description: 'If true, then populate the `alert-state`, `ghsa-id` and `cvss` outputs'
compat-lookup:
type: boolean
description: 'If true, then populate the `compatibility-score` output'
github-token:
description: 'The GITHUB_TOKEN secret'
default: ${{ github.token }}
skip-commit-verification:
type: boolean
description: 'If true, the action will not expect Dependabot commits to be verified. This should be set as `true` in GHES environments'
default: false
skip-verification:
type: boolean
description: 'If true, the action will not validate the user or the commit verification status'
default: false
outputs:
dependency-names:
description: 'A comma-separated list of all package names updated.'
dependency-type:
description: 'The type of dependency has determined this PR to be, e.g. "direct:production".'
update-type:
description: 'The highest semver change being made by this PR, e.g. "version-update:semver-major"'
updated-dependencies-json:
description: 'A JSON string containing the full information about each updated Dependency.'
directory:
description: 'The `directory` configuration that was used by dependabot for this updated Dependency.'
package-ecosystem:
description: 'The `package-ecosystem` configuration that was used by dependabot for this updated Dependency.'
target-branch:
description: 'The `target-branch` configuration that was used by dependabot for this updated Dependency.'
previous-version:
description: 'The version that this PR updates the dependency from.'
new-version:
description: 'The version that this PR updates the dependency to.'
alert-state:
description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the current state of that alert (OPEN, FIXED or DISMISSED).'
ghsa-id:
description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the GHSA-ID of that alert.'
cvss:
description: 'If this PR is associated with a security alert and `alert-lookup` is `true`, this contains the CVSS value of that alert (otherwise it contains 0).'
compatibility-score:
description: 'If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0).'
maintainer-changes:
description: 'Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed.'
runs:
using: 'node20'
main: 'dist/index.js'
Reference in New Issue View Git Blame Copy Permalink