Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default github-token #83

Merged
merged 2 commits into from Feb 28, 2022
Merged

Default github-token #83

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0caf82f
Default github-token
jablko Aug 23, 2021
26e18ca
Merge branch 'main' into patch-1
brrygrdn Feb 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/dependabot-auto-merge.yml
View file
Open in desktop
Expand Up @@ -14,8 +14,6 @@ jobs:
- name: Fetch metadata
id: metadata
uses: ./
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"

- name: Auto-merge
run: gh pr merge --auto --merge "$PR_URL"
Expand Down
10 changes: 2 additions & 8 deletions README.md
View file
Open in desktop
Expand Up @@ -24,14 +24,14 @@ jobs:
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
alert-lookup: true
```

Supported inputs are:

- `github-token` (REQUIRED string)
- `github-token` (string)
- The `GITHUB_TOKEN` secret
- Defaults to `${{ github.token }}`
- `alert-lookup` (boolean)
- If `true`, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs.
- Defaults to `false`
Expand Down Expand Up @@ -88,8 +88,6 @@ jobs:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
Expand Down Expand Up @@ -118,8 +116,6 @@ jobs:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
run: gh pr merge --auto --merge "$PR_URL"
Expand Down Expand Up @@ -149,8 +145,6 @@ jobs:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Add a label for all production dependencies
if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
run: gh pr edit "$PR_URL" --add-label "production"
Expand Down
2 changes: 1 addition & 1 deletion action.yml
View file
Open in desktop
Expand Up @@ -9,7 +9,7 @@ inputs:
description: 'If true, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs'
github-token:
description: 'The GITHUB_TOKEN secret'
required: true
default: ${{ github.token }}
outputs:
dependency-names:
description: 'A comma-separated list of all package names updated.'
Expand Down