Skip to content

Commit e10dfc6

Browse files
NishnhaNishnha
authored
Specify if conditional
Also update all fetch-metadata@v1 references to v2
1 parent ffa2dc8 commit e10dfc6

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

README.md

+9-8
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,13 @@ Extract information about the dependencies being updated by a Dependabot-generat
1414

1515
## Usage instructions
1616

17-
Create a workflow file that contains a step that uses: `dependabot/fetch-metadata@v1`, e.g.
17+
Create a workflow file that contains a step that uses: `dependabot/fetch-metadata@v2`, e.g.
1818

1919
```yaml
2020
-- .github/workflows/dependabot-prs.yml
2121
name: Dependabot Pull Request
2222
on: pull_request_target
23+
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo' }}
2324
jobs:
2425
build:
2526
permissions:
@@ -28,7 +29,7 @@ jobs:
2829
steps:
2930
- name: Fetch Dependabot metadata
3031
id: dependabot-metadata
31-
uses: dependabot/fetch-metadata@v1
32+
uses: dependabot/fetch-metadata@v2
3233
with:
3334
alert-lookup: true
3435
compat-lookup: true
@@ -109,11 +110,11 @@ jobs:
109110
dependabot:
110111
runs-on: ubuntu-latest
111112
# Checking the author will prevent your Action run failing on non-Dependabot PRs
112-
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
113+
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo' }}
113114
steps:
114115
- name: Dependabot metadata
115116
id: dependabot-metadata
116-
uses: dependabot/fetch-metadata@v1
117+
uses: dependabot/fetch-metadata@v2
117118
- uses: actions/checkout@v4
118119
- name: Approve a PR if not already approved
119120
run: |
@@ -143,11 +144,11 @@ permissions:
143144
jobs:
144145
dependabot:
145146
runs-on: ubuntu-latest
146-
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
147+
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo' }}
147148
steps:
148149
- name: Dependabot metadata
149150
id: dependabot-metadata
150-
uses: dependabot/fetch-metadata@v1
151+
uses: dependabot/fetch-metadata@v2
151152
- name: Enable auto-merge for Dependabot PRs
152153
if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
153154
run: gh pr merge --auto --merge "$PR_URL"
@@ -172,11 +173,11 @@ permissions:
172173
jobs:
173174
dependabot:
174175
runs-on: ubuntu-latest
175-
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
176+
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo' }}
176177
steps:
177178
- name: Dependabot metadata
178179
id: dependabot-metadata
179-
uses: dependabot/fetch-metadata@v1
180+
uses: dependabot/fetch-metadata@v2
180181
- name: Add a label for all production dependencies
181182
if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
182183
run: gh pr edit "$PR_URL" --add-label "production"

0 commit comments

Comments
 (0)