Update dependency danger to v3.7.0 #130
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Coverage in All Files
Generated by 🚫 dangerJS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This Pull Request updates dependency danger from
v3.6.6tov3.7.0Note: This PR was created on a configured schedule ("on the first day of the month") and will not receive updates outside those times.
Release Notes
v3.7.0Compare Source
Adds support for the GH Checks API.
This brings some interesting architectural changes inside Danger, but more important to you dear reader, is that using
the Checks API has some API restrictions. This makes in infeasible to re-use the user access token which we've
previously been recommending for setup.
Instead there are two options:
The security model of the GitHub app means it's totally safe to use our GitHub app, it can only read/write to checks
and has no access to code or organizational data. It's arguably safer than the previous issue-based comment.
To use it, you need to hit the above link, install the app on the org of your choice and then get the install ID from
the URL you're redirected to. Set that in your CI's ENV to be
DANGER_JS_APP_INSTALL_IDand you're good to go.If you want to run your own GitHub App, you'll need to set up a few ENV vars instead:
DANGER_GITHUB_APP_ID- The app id, you can get this from your app's overview page at the bottomDANGER_GITHUB_APP_PRIVATE_SIGNING_KEY- The whole of the private key as a string with\ninstead of newlinesDANGER_GITHUB_APP_INSTALL_ID- The installation id after you've installed your app on an orgChecks support is still a bit of a WIP, because it's a whole new type of thing. I don't forsee a need for Danger to be
deprecating the issue based commenting (we use that same infra with bitbucket).
So now there are three ways to set up communications with GitHub, I'm not looking forwards to documenting that.
[@orta][]
JSON diffs use the JSON5 parser, so can now ignore comments in JSON etc [@orta][]
Allows the synchronous execution of multiple dangerfiles in one single "danger run".
Not a particularly useful feature for Danger-JS, but it means Peril can combine many runs into a single execution
unit. This means people only get 1 message. [@orta][]
This PR has been generated by Renovate Bot.