diff --git a/.github/workflows/check-linked-issues.yml b/.github/workflows/check-linked-issues.yml index 05d96f7b..b15121ad 100644 --- a/.github/workflows/check-linked-issues.yml +++ b/.github/workflows/check-linked-issues.yml @@ -12,5 +12,5 @@ jobs: - uses: nearform/github-action-check-linked-issues@v1 id: check-linked-issues with: - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ github.token }} exclude-branches: "release/**, dependabot/**" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba01a027..b6277d5c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ name: CI -on: +on: push: branches: main pull_request: @@ -25,5 +25,5 @@ jobs: steps: - uses: fastify/github-action-merge-dependabot@main with: - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ github.token }} target: minor diff --git a/.github/workflows/notify-release.yml b/.github/workflows/notify-release.yml index 86c51dd4..a1bd5b79 100644 --- a/.github/workflows/notify-release.yml +++ b/.github/workflows/notify-release.yml @@ -10,4 +10,4 @@ jobs: - name: Notify release uses: nearform/github-action-notify-release@v1 with: - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ github.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 42630d91..27deda5d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: node-version: 16 - uses: nearform/optic-release-automation-action@v3 with: - github-token: ${{ secrets.github_token }} + github-token: ${{ github.token }} semver: ${{ github.event.inputs.semver }} sync-semver-tags: true build-command: | diff --git a/README.md b/README.md index ab0bad16..32c516f5 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ This action automatically approves and merges dependabot PRs. ### `github-token` -**Required** A GitHub token. See below for additional information. +_Optional_ A GitHub token. See below for additional information. ### `exclude` @@ -80,8 +80,6 @@ jobs: steps: - uses: fastify/github-action-merge-dependabot@v3.0.0 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} ``` ### Excluding packages @@ -94,7 +92,6 @@ permissions: steps: - uses: fastify/github-action-merge-dependabot@v3.0.0 with: - github-token: ${{ secrets.GITHUB_TOKEN }} exclude: 'react,fastify' ``` @@ -106,7 +103,6 @@ permissions: steps: - uses: fastify/github-action-merge-dependabot@v3.0.0 with: - github-token: ${{ secrets.GITHUB_TOKEN }} approve-only: true ``` @@ -134,7 +130,6 @@ jobs: steps: - uses: fastify/github-action-merge-dependabot@v3.0.0 with: - github-token: ${{ secrets.GITHUB_TOKEN }} pr-number: ${{ github.event.inputs.pr-number }} ``` @@ -178,13 +173,11 @@ jobs: steps: - - uses: fastify/github-action-merge-dependabot@v2.1.1 + - uses: fastify/github-action-merge-dependabot@v3 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} ``` ## Notes -- A GitHub token is automatically provided by Github Actions, which can be accessed using `secrets.GITHUB_TOKEN` and supplied to the action as an input `github-token`. +- A GitHub token is automatically provided by Github Actions, which can be accessed using `github.token` and supplied to the action as an input `github-token`. - Only the [GitHub native Dependabot integration](https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically) is supported, the old [Dependabot Preview app](https://github.com/marketplace/dependabot-preview) isn't. - Make sure to use `needs: ` to delay the auto-merging until CI checks (test/build) are passed. - If you want to use GitHub's [auto-merge](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request) feature but still use this action to approve Pull Requests without merging, use `approve-only: true`. diff --git a/action.yml b/action.yml index e5c60536..7257dfe1 100644 --- a/action.yml +++ b/action.yml @@ -3,7 +3,8 @@ description: 'Automatically approve and merge dependabot PRs' inputs: github-token: description: 'A GitHub token' - required: true + required: false + default: ${{ github.token }} exclude: description: 'Packages that you want to manually review before upgrading' required: false