This action aims to bring support for the changesets release management software to Mend Renovate and other dependency updating services.
This action will watch for pull requests from these services and add a changeset if appropriate for that update.
- uses: mscharley/dependency-changesets-action@v1.0.5
with:
# Personal access token (PAT) used to update the pull request. Using a PAT is highly recommended as it will allow
# Github Actions to run any actions you have configured to run.
#
# If using a PAT, the only required permission is "Contents" to read the contents of the PR and potentially push a
# commit back to the branch.
#
# [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)
#
# Default: ${{ github.token }}
token: ''
# The folder to look for changesets in and to write update changesets into.
changeset-folder: '.changeset'
# Whether to use conventional commit messages by the dependency service to determine the type of changeset to
# create.
use-conventional-commits: true
# The commit message to use when committing a changeset.
commit-message: 'chore(deps): changeset for dependency update'
# Provide a custom author for the commit.
#
# This can be useful for some services, for example Renovate has a configuration to ignore certain authors so that
# the pushes made by this action don't invalidate the check it does that no extra commits have been added to the PR.
#
# This conflicts with signed commits.
#
# Default: no custom author
author-name: ''
author-email: ''
# Generate signed commits.
#
# This conflicts with custom author information. The API that allows Github to sign commits automatically doesn't
# allow for custom author information and will use your default email address.
#
# Default: false
sign-commits: false
name: Add changeset to Renovate updates
on:
pull_request_target:
types: [opened, synchronize, labeled]
jobs:
renovate:
name: Update Renovate PR
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'dependencies')
steps:
- name: Update PR
uses: mscharley/dependency-changesets-action@v1.0.5
with:
token: ${{ secrets.DEPENDENCY_UPDATE_GITHUB_TOKEN }}
use-conventional-commits: true
author-name: Renovate Changesets
author-email: github+renovate@scharley.me
Some important notes:
- This example uses
pull_request_target
which is necessary to get access to secrets. This type of workflow comes with some security concerns. This workflow is safe as presented, but be aware of the gotchas if you want to add other actions into the same workflow. - This workflow will only run on pull requests with the
dependencies
label. The examples below includes configuration to get this working. You can use any filter you like, but it is important that you have some semi-reliable filter on this workflow so that it only runs for dependency updates.
// renovate.json
{
"extends": [":label(dependencies)"],
"automergeType": "pr",
"gitIgnoredAuthors": ["github+renovate@scharley.me"],
}
Others are likely able to be used with this Action as well, it doesn't rely on any particular feature of the updater service - these are the services we've tested and know work. If you've got an example for another service then please reach out so we can add it to the list!
The scripts and documentation in this project are released under the MIT License