New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add directory and package-ecosystem as outputs #76
Comments
Tests don't work properly with github actions update and can't be detected by dependabot/fetch-metadata dependabot/fetch-metadata#76 This reverts commit 4f9051b.
I want to allow all actions and npm dev dependencies to auto-merge, and then manually merge npm production dependencies. This behavior doesn't seem possible right now without having access to the ecosystem of each update. A temporary workaround might be to check the dependency name for a |
@xt0rted I'm trying to solve a similar problem. While resolving this issue would obviously be a better solution, have you tried using the label as a proxy for the ecosystem? The docs say…
I guess it would be complicated by needing to trigger the action on the label update event, but I just wondered if anyone else had tried it already. |
this would be a great feature |
@kojiromike that's a great idea I overlooked. Here's something I put together real quick. The mapping is label name on the left, dependabot config name on the right. If you're using custom labels then you'll need to change the value on the left. I'm not sure if this mapping is 100% (used the values found here), and it looks like there might be an issue if you're using - uses: actions/github-script@v5.0.0
id: metadata
with:
script: |
// https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#package-ecosystem
const environments = {
ruby: "bundler",
rust: "cargo",
php: "composer",
docker: "docker",
elixir: "mix",
elm: "elm",
submodules: "gitsubmodule",
github_actions: "github-actions",
go: "gomod",
//java: "gradle",
//java: "maven",
javascript: "npm",
".NET": "nuget",
python: "pip",
terraform: "terraform",
};
const labels = context.payload.pull_request.labels.map(l => l.name);
if (!labels) {
core.setFailed("Pull request has no labels");
return;
}
const ecosystem = environments[labels.filter(l => environments.hasOwnProperty(l))[0]] || "unknown";
core.setOutput("dependency-ecosystem", ecosystem); Add that after your Another option is to change the second to last line to something like this if there's no match: const ecosystem = environments[labels.filter(l => environments.hasOwnProperty(l))[0]];
if (!ecosystem) {
core.setFailed("No ecosystem label found");
return
} I've only ran a few tests with this, but once I start adding it to my repos I'll make sure to update the code above if I need to make any changes to it. |
Note that you can parse both of these already from the PR's branch name since all of them will be in the format |
@mwaddell I can't believe I overlooked that. I've been having a lot of failed runs over the last few weeks due to labels not existing on the event snapshot, using the branch name should fix that. Here's a modified version of the above workflow. - uses: actions/github-script@v5.1.0
id: metadata
with:
script: |
// https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#package-ecosystem
const ecosystems = {
bundler: "bundler",
cargo: "cargo",
composer: "composer",
docker: "docker",
elm: "elm",
github_actions: "github-actions",
go_modules: "gomod",
gradle: "gradle",
hex: "mix",
maven: "maven",
npm_and_yarn: "npm",
nuget: "nuget",
pip: "pip",
submodules: "gitsubmodule",
terraform: "terraform",
};
const branchName = context.payload.pull_request.head.ref;
const [, branchEnvironment] = branchName.split("/");
const ecosystem = ecosystems[branchEnvironment];
if (!ecosystem) {
core.setFailed(`No ecosystem found in branch: ${branchName}`);
return;
}
core.info(`dependency-ecosystem detected: ${ecosystem}`);
core.setOutput("dependency-ecosystem", ecosystem); |
Glad I could help! The labels don't get added until slightly after the PR is created (as an update), so if you have an action that absolutely needs the labels, you need to have it monitor the |
If anyone wants to take a crack at making a PR to address this issue, it would be something like this: const { pull_request: pr } = context.payload
const branchName = pr.head.ref
// skip any non-dependabot branches
if (!branchName.startsWith("dependabot")) {
return false;
}
// split on "/" (or whatever the user has overridden it as)
const chunks = branchName.split(branchName[10])
// grab the 3rd chunk if there are 4, otherwise if there are only 3 then use "/"
const dirname = chunks[3] ? chunks[2] : "/"
return {
"directory": dirname,
"package-ecosystem": chunks[1],
"target_branch": pr.base.ref
}; |
With #139 merged you are now able to directly reference the |
This is working well for me, except that I have to pin the action to a commit instead of a released version of fetch-metadata. I understand this is open source, so no pressure, but I look forward to there being a released version :) |
@kojiromike I released a Closing this issue out. Thank you to everyone who contributed! |
Just noting that workflows need to test for |
To allow configuring the Github auto-merge for certain types of package-ecosystems and directory only I would like to get this included as well.
So e.g. the following could be added to the outputs:
The text was updated successfully, but these errors were encountered: