From 01693a8a63f0d8eab560eb5953e2de7b6ee24326 Mon Sep 17 00:00:00 2001 From: Kirill Bobykin Date: Sun, 30 May 2021 14:22:31 +0300 Subject: [PATCH] add install github app warning (#40) * add install github app warning * update README.md --- README.md | 2 +- dist/index.js | 6 ++++++ src/index.js | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a8807440..a89f5136 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This action automatically approves and merges dependabot PRs. ## Usage -- install the [GitHub App](https://github.com/apps/dependabot-merge-action) on the repositories or organization where you want to use this action. Using a GitHub App is necessary since [this change](https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/) GitHub introduced which limits the permissions of the provided GITHUB_TOKEN and the availability of secrets in Dependabot pull requests. The source [code of the GitHub App](https://github.com/fastify/dependabot-merge-action-app/) is open source and hosted on Google Cloud Platform. You can also host your own version of the app and customize the `api-url` input to point to your hosted instance. +- **install the [GitHub App](https://github.com/apps/dependabot-merge-action) on the repositories or organization where you want to use this action.** Using a GitHub App is necessary since [this change](https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/) GitHub introduced which limits the permissions of the provided GITHUB_TOKEN and the availability of secrets in Dependabot pull requests. The source [code of the GitHub App](https://github.com/fastify/dependabot-merge-action-app/) is open source and hosted on Google Cloud Platform. You can also host your own version of the app and customize the `api-url` input to point to your hosted instance. - configure this action in your workflows providing the inputs described below ## Inputs diff --git a/dist/index.js b/dist/index.js index 06cb68b5..18bae5b8 100644 --- a/dist/index.js +++ b/dist/index.js @@ -6203,6 +6203,8 @@ const { API_URL, } = getInputs() +const GITHUB_APP_URL = 'https://github.com/apps/dependabot-merge-action' + async function run() { try { const { pull_request: pr } = github.context.payload @@ -6245,6 +6247,10 @@ async function run() { const responseText = await response.text() + if (response.status === 400) { + logWarning(`Please ensure that Github App is installed ${GITHUB_APP_URL}`) + } + if (!response.ok) { throw new Error( `Request failed with status code ${response.status}: ${responseText}` diff --git a/src/index.js b/src/index.js index 8a18a742..cad793af 100644 --- a/src/index.js +++ b/src/index.js @@ -16,6 +16,8 @@ const { API_URL, } = getInputs() +const GITHUB_APP_URL = 'https://github.com/apps/dependabot-merge-action' + async function run() { try { const { pull_request: pr } = github.context.payload @@ -58,6 +60,10 @@ async function run() { const responseText = await response.text() + if (response.status === 400) { + logWarning(`Please ensure that Github App is installed ${GITHUB_APP_URL}`) + } + if (!response.ok) { throw new Error( `Request failed with status code ${response.status}: ${responseText}`