Skip to content
package

GitHub Action

Add a changeset for dependency updates

v1.0.9 Latest version

Add a changeset for dependency updates

package

Add a changeset for dependency updates

Github Action to publish changesets to dependency update PR's

Installation

Copy and paste the following snippet into your .yml file.

              
- name: Add a changeset for dependency updates

              
  uses: mscharley/[email protected]
Learn more about this action in mscharley/dependency-changesets-action

Choose a version

Changesets for dependency updaters

This action aims to bring support for the changesets release management software to Mend Renovate and other dependency updating services.

This action will watch for pull requests from these services and add a changeset if appropriate for that update.

Usage

- uses: mscharley/[email protected]
  with:
    # Personal access token (PAT) used to update the pull request. Using a PAT is highly recommended as it will allow
    # Github Actions to run any actions you have configured to run.
    #
    # If using a PAT, the only required permission is "Contents" to read the contents of the PR and potentially push a
    # commit back to the branch.
    #
    # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
    #
    # Default: ${{ github.token }}
    token: ''

    # The folder to look for changesets in and to write update changesets into.
    changeset-folder: '.changeset'

    # Whether to use conventional commit messages by the dependency service to determine the type of changeset to
    # create.
    use-conventional-commits: true

    # The commit message to use when committing a changeset.
    commit-message: 'chore(deps): changeset for dependency update'

    # Provide a custom author for the commit.
    #
    # This can be useful for some services, for example Renovate has a configuration to ignore certain authors so that
    # the pushes made by this action don't invalidate the check it does that no extra commits have been added to the PR.
    #
    # Default: no custom author
    author-name: ''
    author-email: ''

Full workflow example

name: Add changeset to Renovate updates

on:
  pull_request_target:
    types: [opened, synchronize, labeled]

jobs:
  renovate:
    name: Update Renovate PR
    runs-on: ubuntu-latest
    if: contains(github.event.pull_request.labels.*.name, 'dependencies')

    steps:
      - name: Update PR
        uses: mscharley/[email protected]
        with:
          token: ${{ secrets.DEPENDENCY_UPDATE_GITHUB_TOKEN }}
          use-conventional-commits: true
          author-name: Renovate Changesets
          author-email: [email protected]

Some important notes:

  1. This example uses pull_request_target which is necessary to get access to secrets. This type of workflow comes with some security concerns. This workflow is safe as presented, but be aware of the gotchas if you want to add other actions into the same workflow.
  2. This workflow will only run on pull requests with the dependencies label. The examples below includes configuration to get this working. You can use any filter you like, but it is important that you have some semi-reliable filter on this workflow so that it only runs for dependency updates.

Supported dependency updaters

Renovate

// renovate.json
{
	"extends": [":label(dependencies)"],
	"automergeType": "pr",
	"gitIgnoredAuthors": ["[email protected]"]
}

Others

Others are likely able to be used with this Action as well, it doesn't rely on any particular feature of the updater service - these are the services we've tested and know work. If you've got an example for another service then please reach out so we can add it to the list!

License

The scripts and documentation in this project are released under the MIT License