Update workflow

Update readme
2026-06-12 11:51:25 +00:00 · 2022-12-08 12:15:34 +09:00 · 2022-12-08 12:05:57 +09:00 · 2022-12-08 11:46:02 +09:00 · 2022-12-08 02:04:42 +00:00 · 2022-12-08 02:02:51 +00:00
11 changed files with 5079 additions and 1680 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: peter-evans
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,6 +3,13 @@ updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "weekly"
+      interval: "monthly"
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "monthly"
    labels:
      - "dependencies"
--- a/.github/workflows/automerge-dependabot.yml
+++ b/.github/workflows/automerge-dependabot.yml
@@ -0,0 +1,13 @@
+name: Auto-merge Dependabot
+on: pull_request
+
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: peter-evans/enable-pull-request-automerge@v2
+        with:
+          token: ${{ secrets.DEPENDABOT_AUTOMERGE }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,12 +10,17 @@ on:
    paths-ignore:
      - 'README.md'
      - 'docs/**'
+
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
        with:
          node-version: 16.x
      - run: npm ci
@@ -55,14 +60,12 @@ jobs:
      - name: Test repository dispatch
        uses: ./
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
          event-type: tests
          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'

      - name: Test repository dispatch (default payload)
        uses: ./
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
          event-type: tests

  package:
@@ -76,7 +79,7 @@ jobs:
          name: dist
          path: dist
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@v4
        with:
          commit-message: Update distribution
          title: Update distribution
--- a/.github/workflows/slash-command-dispatch.yml
+++ b/.github/workflows/slash-command-dispatch.yml
@@ -7,7 +7,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Slash Command Dispatch
-        uses: peter-evans/slash-command-dispatch@v2
+        uses: peter-evans/slash-command-dispatch@v3
        with:
          token: ${{ secrets.ACTIONS_BOT_TOKEN }}
          config: >
--- a/README.md
+++ b/README.md
@@ -6,11 +6,20 @@ A GitHub action to create a repository dispatch event.

 ## Usage

+Dispatch an event to the current repository.
 ```yml
      - name: Repository Dispatch
        uses: peter-evans/repository-dispatch@v2
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          event-type: my-event
+```
+
+Dispatch an event to a remote repository using a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
+```yml
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.PAT }}
          event-type: my-event
 ```

@@ -18,15 +27,17 @@ A GitHub action to create a repository dispatch event.

 | Name | Description | Default |
 | --- | --- | --- |
-| `token` | (**required**) A `repo` scoped GitHub [Personal Access Token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). See [token](#token) for further details. | |
+| `token` | `GITHUB_TOKEN` (permissions `contents: write`) or a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). See [token](#token) for further details. | `GITHUB_TOKEN` |
 | `repository` | The full name of the repository to send the dispatch. | `github.repository` (current repository) |
 | `event-type` | (**required**) A custom webhook event name. | |
 | `client-payload` | JSON payload with extra information about the webhook event that your action or workflow may use. | `{}` |

-#### `token`
+#### Token

-This action creates [`repository_dispatch`](https://developer.github.com/v3/repos/#create-a-repository-dispatch-event) events.
-The default `GITHUB_TOKEN` does not have scopes to do this so a `repo` scoped [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) created on a user with `write` access to the target repository is required.
+This action creates [`repository_dispatch`](https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event) events.
+The default `GITHUB_TOKEN` token can only be used if you are dispatching the same repository that the workflow is executing in.
+
+To dispatch to a remote repository you must create a [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `repo` scope and store it as a secret.
 If you will be dispatching to a public repository then you can use the more limited `public_repo` scope.

 ## Example
@@ -35,9 +46,9 @@ Here is an example setting all of the input parameters.

 ```yml
      - name: Repository Dispatch
-        uses: peter-evans/repository-dispatch@v1
+        uses: peter-evans/repository-dispatch@v2
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          token: ${{ secrets.PAT }}
          repository: username/my-repo
          event-type: my-event
          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'
@@ -80,7 +91,7 @@ jobs:
      - name: Repository Dispatch
        uses: peter-evans/repository-dispatch@v2
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          token: ${{ secrets.PAT }}
          repository: ${{ matrix.repo }}
          event-type: my-event
 ```
--- a/action.yml
+++ b/action.yml
@@ -2,8 +2,8 @@ name: 'Repository Dispatch'
 description: 'Create a repository dispatch event'
 inputs:
  token:
-    description: 'A repo scoped GitHub Personal Access Token'
-    required: true
+    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
+    default: ${{ github.token }}
  repository:
    description: 'The full name of the repository to send the dispatch.'
    default: ${{ github.repository }}
--- a/dist/index.js
+++ b/dist/index.js
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -27,21 +27,21 @@
  },
  "homepage": "https://github.com/peter-evans/repository-dispatch#readme",
  "dependencies": {
-    "@actions/core": "^1.6.0",
-    "@actions/github": "^5.0.0"
+    "@actions/core": "^1.10.0",
+    "@actions/github": "^5.1.1"
  },
  "devDependencies": {
    "@types/jest": "^27.0.3",
-    "@types/node": "^16.11.11",
+    "@types/node": "^18.11.11",
    "@typescript-eslint/parser": "^5.5.0",
-    "@vercel/ncc": "^0.32.0",
+    "@vercel/ncc": "^0.36.0",
    "eslint": "^8.3.0",
-    "eslint-plugin-github": "^4.3.5",
+    "eslint-plugin-github": "^4.6.0",
    "eslint-plugin-jest": "^25.3.0",
    "jest": "^27.4.3",
-    "jest-circus": "^27.4.2",
+    "jest-circus": "^29.3.1",
    "js-yaml": "^4.1.0",
-    "prettier": "^2.5.0",
+    "prettier": "^2.8.1",
    "ts-jest": "^27.0.7",
    "typescript": "^4.5.2"
  }
--- a/src/main.ts
+++ b/src/main.ts
@@ -2,6 +2,16 @@ import * as core from '@actions/core'
 import * as github from '@actions/github'
 import {inspect} from 'util'

+/* eslint-disable  @typescript-eslint/no-explicit-any */
+function hasErrorStatus(error: any): error is {status: number} {
+  return typeof error.code === 'number'
+}
+
+function getErrorMessage(error: unknown) {
+  if (error instanceof Error) return error.message
+  return String(error)
+}
+
 async function run(): Promise<void> {
  try {
    const inputs = {
@@ -22,14 +32,14 @@ async function run(): Promise<void> {
      event_type: inputs.eventType,
      client_payload: JSON.parse(inputs.clientPayload)
    })
-  } catch (error: any) {
+  } catch (error) {
    core.debug(inspect(error))
-    if (error.status == 404) {
+    if (hasErrorStatus(error) && error.status == 404) {
      core.setFailed(
        'Repository not found, OR token has insufficient permissions.'
      )
    } else {
-      core.setFailed(error.message)
+      core.setFailed(getErrorMessage(error))
    }
  }
 }
Author	SHA1	Message	Date
Peter Evans	26b39ed245	Update workflow	2022-12-08 12:15:34 +09:00
Peter Evans	b155cf1427	Update readme	2022-12-08 12:05:57 +09:00
Peter Evans	faa2bf022d	Update readme	2022-12-08 11:46:02 +09:00
dependabot[bot]	0bc97bd4b8	Bump @types/node from 16.11.11 to 18.11.11 (#134 ) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.11 to 18.11.11. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 02:04:42 +00:00
dependabot[bot]	8ab3ab850d	Bump @vercel/ncc from 0.32.0 to 0.36.0 (#133 ) Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.32.0 to 0.36.0. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](https://github.com/vercel/ncc/compare/0.32.0...0.36.0) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 02:02:51 +00:00
dependabot[bot]	defb7de2f3	Bump eslint-plugin-github from 4.3.5 to 4.6.0 (#130 ) Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.3.5 to 4.6.0. - [Release notes](https://github.com/github/eslint-plugin-github/releases) - [Commits](https://github.com/github/eslint-plugin-github/compare/v4.3.5...v4.6.0) --- updated-dependencies: - dependency-name: eslint-plugin-github dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 02:00:49 +00:00
dependabot[bot]	fb1da2a91f	Bump jest-circus from 27.4.2 to 29.3.1 (#132 ) Bumps [jest-circus](https://github.com/facebook/jest/tree/HEAD/packages/jest-circus) from 27.4.2 to 29.3.1. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/commits/v29.3.1/packages/jest-circus) --- updated-dependencies: - dependency-name: jest-circus dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 01:59:06 +00:00
dependabot[bot]	ec896de369	Bump prettier from 2.5.0 to 2.8.1 (#131 ) Bumps [prettier](https://github.com/prettier/prettier) from 2.5.0 to 2.8.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/2.5.0...2.8.1) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 01:57:25 +00:00
Peter Evans	9255d358ad	Update workflow	2022-12-08 10:55:25 +09:00
Peter Evans	f8e700e208	Add automerge workflow	2022-12-08 10:45:08 +09:00
Peter Evans	3c7e484edb	Update dependabot.yml	2022-12-08 10:19:55 +09:00
Peter Evans	cb18cc8cd6	Update readme	2022-10-21 17:51:56 +09:00
Peter Evans	1f873ff42d	Remove token elevation	2022-10-21 15:56:27 +09:00
Peter Evans	73f2fe9d70	Merge pull request #125 from peter-evans/fix-any Replace use of any type	2022-10-21 15:33:38 +09:00
Peter Evans	9b60aa8a4d	Replace use of any type	2022-10-21 15:31:45 +09:00
Peter Evans	f2696244ec	Merge pull request #124 from peter-evans/token-update Token update	2022-10-19 16:35:51 +09:00
Peter Evans	2f6d32ce83	Update docs	2022-10-19 16:34:26 +09:00
Peter Evans	66463e47e7	Update docs	2022-10-19 16:28:06 +09:00
Peter Evans	aebc169929	Update action config to set a default token	2022-10-19 16:27:58 +09:00
Peter Evans	b700ade2f3	Update ci to use default token	2022-10-19 16:27:30 +09:00
Peter Evans	8e295bb3b1	Merge pull request #118 from santunioni/patch-1 Fix: Information related to tokens in README	2022-10-19 16:07:52 +09:00
Peter Evans	b8601598d8	Merge pull request #123 from peter-evans/update-distribution Update distribution	2022-10-18 15:49:27 +09:00
peter-evans	18c0a0eef4	Update distribution	2022-10-18 06:48:44 +00:00
Peter Evans	870eb7a531	Merge pull request #120 from peter-evans/dependabot/npm_and_yarn/actions/github-5.1.1 Bump @actions/github from 5.0.0 to 5.1.1	2022-10-18 15:47:43 +09:00
Peter Evans	d591bcc413	Merge pull request #122 from peter-evans/update-distribution Update distribution	2022-10-18 15:46:16 +09:00
peter-evans	42eb81b6bc	Update distribution	2022-10-18 06:45:48 +00:00
dependabot[bot]	26cb96aa5e	Bump @actions/github from 5.0.0 to 5.1.1 Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 5.0.0 to 5.1.1. - [Release notes](https://github.com/actions/toolkit/releases) - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@actions/github" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-10-18 06:45:31 +00:00
Peter Evans	6045f64a24	Merge pull request #121 from peter-evans/dependabot/npm_and_yarn/actions/core-1.10.0 Bump @actions/core from 1.9.1 to 1.10.0	2022-10-18 15:44:42 +09:00
dependabot[bot]	f8bc8c5c02	Bump @actions/core from 1.9.1 to 1.10.0 Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.9.1 to 1.10.0. - [Release notes](https://github.com/actions/toolkit/releases) - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) --- updated-dependencies: - dependency-name: "@actions/core" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-10-18 06:43:27 +00:00
Peter Evans	5e038d8e52	Update dependabot	2022-10-18 15:42:37 +09:00
Vinícius Vargas	3c4e552d10	Update README.md	2022-10-10 05:38:56 -03:00
Vinícius Vargas	77fb463884	Fix: Information related to tokens in README Fix documentation related to tokens. The secrets.GITHUB_TOKEN provided by the GitHub Actions App can do everything related to the repo if we elevate its permissions, including calling workflow_dispatch and repository_dispatch. Some people in my organization are using PAT's instead of the secrets.GITHUB_TOKEN when using this action because of this README suggestion, even when they are calling the same repository. Using PATs in that contexts provides unnecessary security risks.	2022-10-10 05:37:25 -03:00
Peter Evans	c8e633a77e	Add funding	2022-08-26 10:44:06 +09:00
Peter Evans	e2dfd3c880	Merge pull request #116 from peter-evans/update-distribution Update distribution	2022-08-19 13:28:42 +09:00
peter-evans	cac67678cf	Update distribution	2022-08-19 04:25:01 +00:00
Peter Evans	fe4ce16ccb	Merge pull request #114 from peter-evans/dependabot/npm_and_yarn/actions/core-1.9.1 Bump @actions/core from 1.6.0 to 1.9.1	2022-08-19 13:23:50 +09:00
dependabot[bot]	6676414e8f	Bump @actions/core from 1.6.0 to 1.9.1 Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.6.0 to 1.9.1. - [Release notes](https://github.com/actions/toolkit/releases) - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) --- updated-dependencies: - dependency-name: "@actions/core" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2022-08-19 04:22:31 +00:00
Peter Evans	eaded0e2ee	Merge pull request #115 from peter-evans/workflow-perm Add workflow permissions	2022-08-19 13:18:23 +09:00
Peter Evans	23f37653ea	Add workflow permissions	2022-08-19 13:16:48 +09:00
Peter Evans	c73dcc4242	Merge pull request #110 from peter-evans/dependabot/npm_and_yarn/minimist-1.2.6 Bump minimist from 1.2.5 to 1.2.6	2022-03-29 09:38:23 +09:00
dependabot[bot]	3de81530cc	Bump minimist from 1.2.5 to 1.2.6 Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-28 10:30:19 +00:00
Peter Evans	d85250f54b	Merge pull request #109 from peter-evans/dependabot/github_actions/peter-evans/create-pull-request-4	2022-03-28 19:30:00 +09:00
Peter Evans	4b2881efb9	Merge pull request #108 from peter-evans/dependabot/github_actions/peter-evans/slash-command-dispatch-3	2022-03-28 19:28:55 +09:00
dependabot[bot]	c078548696	Bump peter-evans/create-pull-request from 3 to 4 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-28 09:18:17 +00:00
dependabot[bot]	0459c47edf	Bump peter-evans/slash-command-dispatch from 2 to 3 Bumps [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) from 2 to 3. - [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases) - [Commits](https://github.com/peter-evans/slash-command-dispatch/compare/v2...v3) --- updated-dependencies: - dependency-name: peter-evans/slash-command-dispatch dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-28 09:18:12 +00:00
Peter Evans	a275156cbd	Merge pull request #107 from peter-evans/dependabot/github_actions/actions/setup-node-3 Bump actions/setup-node from 2 to 3	2022-03-22 14:01:42 +09:00
Peter Evans	64c665535e	Update readme	2022-03-22 13:10:44 +09:00
dependabot[bot]	077903f4f4	Bump actions/setup-node from 2 to 3 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-22 04:05:08 +00:00