You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11-8Lines changed: 11 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,8 @@ All feedback regarding our GitHub Actions, as a whole, should be communicated th
28
28
1. Create a repository to host this GitHub Action or select an existing repository.
29
29
1. Select a best fit workflow file from the [examples below](#example-workflows).
30
30
1. Copy that example into your repository (from step 1) and into the proper directory for GitHub Actions: `.github/workflows/` directory with the file extension `.yml` (ie. `.github/workflows/evergreen.yml`)
31
-
1. Edit the values below from the sample workflow with your information:
31
+
1. Edit the values below from the sample workflow with your information:
32
+
32
33
-`ORGANIZATION`
33
34
-`TEAM_NAME`
34
35
-`REPOSITORY`
@@ -41,6 +42,7 @@ All feedback regarding our GitHub Actions, as a whole, should be communicated th
41
42
If running the action on just **one repository** or a **list of repositories**, then no organization is needed.
42
43
If running the action on a **team**, then an organization is required and no repository is needed.
43
44
The type should be either `issue` or `pull` representing the action that you want taken after discovering a repository that should enable dependabot.
45
+
44
46
1. Optionally, edit the value `CREATED_AFTER_DATE` if you are setting up this action to run regularly and only want newly created repositories to be considered.
45
47
Otherwise, if you want all specified repositories regardless of when they were created to be considered, then leave it blank.
46
48
1. Optionally edit the value `UPDATE_EXISTING` (default value `false`) if you want to update existing dependabot configuration files.
@@ -49,18 +51,20 @@ All feedback regarding our GitHub Actions, as a whole, should be communicated th
49
51
1. Also edit the value for `GH_ENTERPRISE_URL` if you are using a GitHub Server and not using github.com.
50
52
For github.com users, leave it empty.
51
53
1. Update the value of `GH_TOKEN`. Do this by creating a [GitHub API token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) with the following permissions:
54
+
52
55
- If using **classic tokens**:
53
-
-`workflow`, this will set also all permissions for `repo`
54
-
- under `admin`, `read:org` and `write:org`
56
+
-`workflow`, this will set also all permissions for `repo`
57
+
- under `admin`, `read:org` and `write:org`
55
58
- If using **fine grain tokens**:
56
-
-`Administration` - Read and Write (Needed to activate the [automated security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories) )
57
-
-`Pull Requests` - Read and Write (If `TYPE` input is set to `pull`)
58
-
-`Issues` - Read and Write (If `TYPE` input is set to `issue`)
59
-
-`Workflows` - Read and Write (Needed to create the `dependabot.yml` file)
59
+
-`Administration` - Read and Write (Needed to activate the [automated security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories) )
60
+
-`Pull Requests` - Read and Write (If `TYPE` input is set to `pull`)
61
+
-`Issues` - Read and Write (If `TYPE` input is set to `issue`)
62
+
-`Workflows` - Read and Write (Needed to create the `dependabot.yml` file)
60
63
61
64
Then take the value of the API token you just created, and [create a repository secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets) where the name of the secret is `GH_TOKEN` and the value of the secret the API token.
62
65
Then finally update the workflow file to use that repository secret by changing `GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}` to `GH_TOKEN: ${{ secrets.GH_TOKEN }}`.
63
66
The name of the secret can really be anything, it just needs to match between when you create the secret name and when you refer to it in the workflow file.
67
+
64
68
1. If you want the resulting issue with the output to appear in a different repository other than the one the workflow file runs in, update the line `token: ${{ secrets.GITHUB_TOKEN }}` with your own GitHub API token stored as a repository secret. This process is the same as described in the step above. More info on creating secrets can be found [here](https://docs.github.com/en/actions/security-guides/encrypted-secrets).
65
69
1. Commit the workflow file to the default branch (often `master` or `main`)
66
70
1. Wait for the action to trigger based on the `schedule` entry or manually trigger the workflow as shown in the [documentation](https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow).
0 commit comments