An Action to dismiss dependabot alerts.
Create a workflow (eg: .github/workflows/seat-count.yml
). See Creating a Workflow file.
You will need to create a PAT(Personal Access Token) that has admin:org
access.
Add this PAT as a secret so we can use it as input github-token
, see Creating encrypted secrets for a repository.
If your organization has SAML enabled you must authorize the PAT, see Authorizing a personal access token for use with SAML single sign-on.
Default usage will dismiss all dependabot alerts that are scope DEVELOPMENT
.
name: TypeScript Action Workflow
on:
workflow_dispatch:
jobs:
run:
name: Run Action
runs-on: ubuntu-latest
steps:
- uses: austenstone/dismissrepositoryvulnerabilityalert@main
with:
github-token: ${{ secrets.TOKEN }}
Various inputs are defined in action.yml
:
Name | Description | Default |
---|---|---|
github‑token | Token to use to authorize. | ${{ github.token }} |
owner | The owner of the repository | ${{ github.repository_owner }} |
repo | The name of the repository | ${{ github.event.repository.name }} |
dismiss‑reason | The reason for dismissing the review. 'FIX_STARTED' | 'INACCURATE' | 'NO_BANDWIDTH' | 'NOT_USED' | 'TOLERABLE_RISK' | NOT_USED |
scope | The scope. "DEVELOPMENT" | "RUNTIME" |
To get more help on the Actions see documentation.