Update workflow

Update readme
2026-06-14 04:41:26 +00:00 · 2022-12-08 12:15:34 +09:00 · 2022-12-08 12:05:57 +09:00 · 2022-12-08 11:46:02 +09:00 · 2022-12-08 02:04:42 +00:00 · 2022-12-08 02:02:51 +00:00
9 changed files with 2982 additions and 723 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,13 +3,13 @@ updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "weekly"
+      interval: "monthly"
    labels:
      - "dependencies"

  - package-ecosystem: "npm"
    directory: "/"
    schedule:
-      interval: "weekly"
-    allow:
-      - dependency-name: "@actions/*"
+      interval: "monthly"
+    labels:
+      - "dependencies"
--- a/.github/workflows/automerge-dependabot.yml
+++ b/.github/workflows/automerge-dependabot.yml
@@ -0,0 +1,13 @@
+name: Auto-merge Dependabot
+on: pull_request
+
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: peter-evans/enable-pull-request-automerge@v2
+        with:
+          token: ${{ secrets.DEPENDABOT_AUTOMERGE }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,14 +60,12 @@ jobs:
      - name: Test repository dispatch
        uses: ./
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
          event-type: tests
          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'

      - name: Test repository dispatch (default payload)
        uses: ./
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
          event-type: tests

  package:
--- a/README.md
+++ b/README.md
@@ -6,11 +6,20 @@ A GitHub action to create a repository dispatch event.

 ## Usage

+Dispatch an event to the current repository.
 ```yml
      - name: Repository Dispatch
        uses: peter-evans/repository-dispatch@v2
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          event-type: my-event
+```
+
+Dispatch an event to a remote repository using a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
+```yml
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.PAT }}
          event-type: my-event
 ```

@@ -18,15 +27,17 @@ A GitHub action to create a repository dispatch event.

 | Name | Description | Default |
 | --- | --- | --- |
-| `token` | (**required**) A `repo` scoped GitHub [Personal Access Token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). See [token](#token) for further details. | |
+| `token` | `GITHUB_TOKEN` (permissions `contents: write`) or a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). See [token](#token) for further details. | `GITHUB_TOKEN` |
 | `repository` | The full name of the repository to send the dispatch. | `github.repository` (current repository) |
 | `event-type` | (**required**) A custom webhook event name. | |
 | `client-payload` | JSON payload with extra information about the webhook event that your action or workflow may use. | `{}` |

-#### `token`
+#### Token

-This action creates [`repository_dispatch`](https://developer.github.com/v3/repos/#create-a-repository-dispatch-event) events.
-The default `GITHUB_TOKEN` does not have scopes to do this so a `repo` scoped [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) created on a user with `write` access to the target repository is required.
+This action creates [`repository_dispatch`](https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event) events.
+The default `GITHUB_TOKEN` token can only be used if you are dispatching the same repository that the workflow is executing in.
+
+To dispatch to a remote repository you must create a [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `repo` scope and store it as a secret.
 If you will be dispatching to a public repository then you can use the more limited `public_repo` scope.

 ## Example
@@ -37,7 +48,7 @@ Here is an example setting all of the input parameters.
      - name: Repository Dispatch
        uses: peter-evans/repository-dispatch@v2
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          token: ${{ secrets.PAT }}
          repository: username/my-repo
          event-type: my-event
          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}'
@@ -80,7 +91,7 @@ jobs:
      - name: Repository Dispatch
        uses: peter-evans/repository-dispatch@v2
        with:
-          token: ${{ secrets.REPO_ACCESS_TOKEN }}
+          token: ${{ secrets.PAT }}
          repository: ${{ matrix.repo }}
          event-type: my-event
 ```
--- a/action.yml
+++ b/action.yml
@@ -2,8 +2,8 @@ name: 'Repository Dispatch'
 description: 'Create a repository dispatch event'
 inputs:
  token:
-    description: 'A repo scoped GitHub Personal Access Token'
-    required: true
+    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
+    default: ${{ github.token }}
  repository:
    description: 'The full name of the repository to send the dispatch.'
    default: ${{ github.repository }}
--- a/dist/index.js
+++ b/dist/index.js
@@ -38,6 +38,15 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
 const core = __importStar(__nccwpck_require__(2186));
 const github = __importStar(__nccwpck_require__(5438));
 const util_1 = __nccwpck_require__(3837);
+/* eslint-disable  @typescript-eslint/no-explicit-any */
+function hasErrorStatus(error) {
+    return typeof error.code === 'number';
+}
+function getErrorMessage(error) {
+    if (error instanceof Error)
+        return error.message;
+    return String(error);
+}
 function run() {
    return __awaiter(this, void 0, void 0, function* () {
        try {
@@ -59,11 +68,11 @@ function run() {
        }
        catch (error) {
            core.debug((0, util_1.inspect)(error));
-            if (error.status == 404) {
+            if (hasErrorStatus(error) && error.status == 404) {
                core.setFailed('Repository not found, OR token has insufficient permissions.');
            }
            else {
-                core.setFailed(error.message);
+                core.setFailed(getErrorMessage(error));
            }
        }
    });
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -32,16 +32,16 @@
  },
  "devDependencies": {
    "@types/jest": "^27.0.3",
-    "@types/node": "^16.11.11",
+    "@types/node": "^18.11.11",
    "@typescript-eslint/parser": "^5.5.0",
-    "@vercel/ncc": "^0.32.0",
+    "@vercel/ncc": "^0.36.0",
    "eslint": "^8.3.0",
-    "eslint-plugin-github": "^4.3.5",
+    "eslint-plugin-github": "^4.6.0",
    "eslint-plugin-jest": "^25.3.0",
    "jest": "^27.4.3",
-    "jest-circus": "^27.4.2",
+    "jest-circus": "^29.3.1",
    "js-yaml": "^4.1.0",
-    "prettier": "^2.5.0",
+    "prettier": "^2.8.1",
    "ts-jest": "^27.0.7",
    "typescript": "^4.5.2"
  }
--- a/src/main.ts
+++ b/src/main.ts
@@ -2,6 +2,16 @@ import * as core from '@actions/core'
 import * as github from '@actions/github'
 import {inspect} from 'util'

+/* eslint-disable  @typescript-eslint/no-explicit-any */
+function hasErrorStatus(error: any): error is {status: number} {
+  return typeof error.code === 'number'
+}
+
+function getErrorMessage(error: unknown) {
+  if (error instanceof Error) return error.message
+  return String(error)
+}
+
 async function run(): Promise<void> {
  try {
    const inputs = {
@@ -22,14 +32,14 @@ async function run(): Promise<void> {
      event_type: inputs.eventType,
      client_payload: JSON.parse(inputs.clientPayload)
    })
-  } catch (error: any) {
+  } catch (error) {
    core.debug(inspect(error))
-    if (error.status == 404) {
+    if (hasErrorStatus(error) && error.status == 404) {
      core.setFailed(
        'Repository not found, OR token has insufficient permissions.'
      )
    } else {
-      core.setFailed(error.message)
+      core.setFailed(getErrorMessage(error))
    }
  }
 }
Author	SHA1	Message	Date
Peter Evans	26b39ed245	Update workflow	2022-12-08 12:15:34 +09:00
Peter Evans	b155cf1427	Update readme	2022-12-08 12:05:57 +09:00
Peter Evans	faa2bf022d	Update readme	2022-12-08 11:46:02 +09:00
dependabot[bot]	0bc97bd4b8	Bump @types/node from 16.11.11 to 18.11.11 (#134 ) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 16.11.11 to 18.11.11. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 02:04:42 +00:00
dependabot[bot]	8ab3ab850d	Bump @vercel/ncc from 0.32.0 to 0.36.0 (#133 ) Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.32.0 to 0.36.0. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](https://github.com/vercel/ncc/compare/0.32.0...0.36.0) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 02:02:51 +00:00
dependabot[bot]	defb7de2f3	Bump eslint-plugin-github from 4.3.5 to 4.6.0 (#130 ) Bumps [eslint-plugin-github](https://github.com/github/eslint-plugin-github) from 4.3.5 to 4.6.0. - [Release notes](https://github.com/github/eslint-plugin-github/releases) - [Commits](https://github.com/github/eslint-plugin-github/compare/v4.3.5...v4.6.0) --- updated-dependencies: - dependency-name: eslint-plugin-github dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 02:00:49 +00:00
dependabot[bot]	fb1da2a91f	Bump jest-circus from 27.4.2 to 29.3.1 (#132 ) Bumps [jest-circus](https://github.com/facebook/jest/tree/HEAD/packages/jest-circus) from 27.4.2 to 29.3.1. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/commits/v29.3.1/packages/jest-circus) --- updated-dependencies: - dependency-name: jest-circus dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 01:59:06 +00:00
dependabot[bot]	ec896de369	Bump prettier from 2.5.0 to 2.8.1 (#131 ) Bumps [prettier](https://github.com/prettier/prettier) from 2.5.0 to 2.8.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/2.5.0...2.8.1) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-08 01:57:25 +00:00
Peter Evans	9255d358ad	Update workflow	2022-12-08 10:55:25 +09:00
Peter Evans	f8e700e208	Add automerge workflow	2022-12-08 10:45:08 +09:00
Peter Evans	3c7e484edb	Update dependabot.yml	2022-12-08 10:19:55 +09:00
Peter Evans	cb18cc8cd6	Update readme	2022-10-21 17:51:56 +09:00
Peter Evans	1f873ff42d	Remove token elevation	2022-10-21 15:56:27 +09:00
Peter Evans	73f2fe9d70	Merge pull request #125 from peter-evans/fix-any Replace use of any type	2022-10-21 15:33:38 +09:00
Peter Evans	9b60aa8a4d	Replace use of any type	2022-10-21 15:31:45 +09:00
Peter Evans	f2696244ec	Merge pull request #124 from peter-evans/token-update Token update	2022-10-19 16:35:51 +09:00
Peter Evans	2f6d32ce83	Update docs	2022-10-19 16:34:26 +09:00
Peter Evans	66463e47e7	Update docs	2022-10-19 16:28:06 +09:00
Peter Evans	aebc169929	Update action config to set a default token	2022-10-19 16:27:58 +09:00
Peter Evans	b700ade2f3	Update ci to use default token	2022-10-19 16:27:30 +09:00
Peter Evans	8e295bb3b1	Merge pull request #118 from santunioni/patch-1 Fix: Information related to tokens in README	2022-10-19 16:07:52 +09:00
Vinícius Vargas	3c4e552d10	Update README.md	2022-10-10 05:38:56 -03:00
Vinícius Vargas	77fb463884	Fix: Information related to tokens in README Fix documentation related to tokens. The secrets.GITHUB_TOKEN provided by the GitHub Actions App can do everything related to the repo if we elevate its permissions, including calling workflow_dispatch and repository_dispatch. Some people in my organization are using PAT's instead of the secrets.GITHUB_TOKEN when using this action because of this README suggestion, even when they are calling the same repository. Using PATs in that contexts provides unnecessary security risks.	2022-10-10 05:37:25 -03:00