This action aims to bring support for the changesets release management software to Mend Renovate and other dependency updating services.
This action will watch for pull requests from these services and add a changeset if appropriate for that update.
- uses: mscharley/dependency-changesets-action@v1.0.5
with:
# Personal access token (PAT) used to update the pull request. Using a PAT is highly recommended as it will allow
# Github Actions to run any actions you have configured to run.
#
# If using a PAT, the only required permission is "Contents" to read the contents of the PR and potentially push a
# commit back to the branch.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ''
# The folder to look for changesets in and to write update changesets into.
changeset-folder: '.changeset'
# Whether to use conventional commit messages by the dependency service to determine the type of changeset to
# create.
use-conventional-commits: true
# The commit message to use when committing a changeset.
commit-message: 'chore(deps): changeset for dependency update'
# Provide a custom author for the commit.
#
# This can be useful for some services, for example Renovate has a configuration to ignore certain authors so that
# the pushes made by this action don't invalidate the check it does that no extra commits have been added to the PR.
#
# Default: no custom author
author-name: ''
author-email: ''
name: Add changeset to Renovate updates
on:
pull_request_target:
types: [opened, synchronize, labeled]
jobs:
renovate:
name: Update Renovate PR
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'dependencies')
steps:
- name: Update PR
uses: mscharley/dependency-changesets-action@v1.0.5
with:
token: ${{ secrets.DEPENDENCY_UPDATE_GITHUB_TOKEN }}
use-conventional-commits: true
author-name: Renovate Changesets
author-email: github+renovate@scharley.me
Some important notes:
pull_request_target
which is necessary to get access to secrets. This type of workflow comes with
some security concerns. This workflow is safe as presented, but be aware of the gotchas if
you want to add other actions into the same workflow.dependencies
label. The examples below includes configuration
to get this working. You can use any filter you like, but it is important that you have some semi-reliable filter on
this workflow so that it only runs for dependency updates.// renovate.json
{
"extends": [":label(dependencies)"],
"automergeType": "pr",
"gitIgnoredAuthors": ["github+renovate@scharley.me"],
}
Others are likely able to be used with this Action as well, it doesn't rely on any particular feature of the updater service - these are the services we've tested and know work. If you've got an example for another service then please reach out so we can add it to the list!
The scripts and documentation in this project are released under the MIT License