Publish event when Dependabot jobs finish so users can trigger a GitHub Actions workflow #4680
Labels
E: api-support
APIs for consuming and managing Dependabot features and data
service 💁
Relates to Dependabot features GitHub provides
T: feature-request
Requests for new features
There are currently many open issues that could be solved more generally by allowing chaining between dependabot and other workflows. You can currently trigger dependabot from a custom workflow by its reopening a closed PR, adding new
@dependabot
comments to a PR, or issuing POST requests to/{owner}/{repo}/network/updates?update_config_id={update_config_id}
.However, triggering a custom workflow from dependabot is significantly more limited. You can currently only trigger a custom workflow from dependabot if it creates a new PR during that run (e.g. enable-auto-merge). There is no way to trigger a custom workflow if the run fails or if it completes successfully but without creating at least one PR.
At the end of each run, the final entry in the log file is in the form:
or
I propose that whenever this line is written it also triggers a dispatch event for an optional custom workflow. This would be supported using a new option be added to the dependabot configuration called
trigger-workflow-id
defined as follows:This very basic implementation would provide the ability to trigger custom actions (push notifications, etc) if an error occurred. It would also allow for workflows to use github-script in the triggered workflow to identify all of the pull requests that were created, updated or closed by that most recent run in order to perform custom actions on them. A more sophisticated custom action could pull the full log (using the update-config-id) and parse it to enumerate ignored dependencies, etc.
I looked through the source code for this repo and I don't see where that final line in the log file is generated, so I'm not sure how someone from the community could provide a PR to resolve this issue. However, if there is some other repo that contains that code, please point me in that direction. Since it doesn't seem to be part of dependabot_core, the new
trigger-workflow-id
might have to be at the top-level instead of allowing one for eachupdate
entry, but that would be fine for the purpose of this task.The text was updated successfully, but these errors were encountered: