From 773c8c34ef540722e108b91eadaec1d0b6f00042 Mon Sep 17 00:00:00 2001
From: Salman <salmanmitha@gmail.com>
Date: Fri, 13 Nov 2020 13:51:29 +0530
Subject: [PATCH] feat: allow excluding packages

---
 README.md  | 22 +++++++++++++++++++++-
 action.yml |  4 ++++
 index.js   | 10 +++++++++-
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 580738de..e715d9a7 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,10 @@ This action automatically merges dependabot PRs.
 
 **Required** A github token.
 
+### `exclude`
+
+*Optional* An array of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not.
+
 ## Example usage
 
 ```yml
@@ -30,4 +34,20 @@ jobs:
           github-token: ${{secrets.github_token}}
 ```
 
-Note: The `github_token` is automatically provided by Github Actions, which we access using `secrets.github_token` and supply to the action as an input `github-token`
+**Note**
+
+- The `github_token` is automatically provided by Github Actions, which we access using `secrets.github_token` and supply to the action as an input `github-token`.
+- Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.
+
+## With `exclude`
+
+```yml
+...
+    steps:
+      - uses: fastify/github-action-merge-dependabot@v1
+        if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request' }}
+        with:
+          github-token: ${{secrets.github_token}}
+          exclude: ['material-ui']
+...
+```
diff --git a/action.yml b/action.yml
index dc527614..c8e1d2b4 100644
--- a/action.yml
+++ b/action.yml
@@ -4,6 +4,10 @@ inputs:
   github-token:
     description: "A GitHub token."
     required: true
+  exclude:
+    description: "Packages that you want to manually review before upgrading"
+    required: false
+    default: []
 runs:
   using: "node12"
   main: "index.js"
diff --git a/index.js b/index.js
index 7156ac5d..fd9deb05 100644
--- a/index.js
+++ b/index.js
@@ -2,6 +2,7 @@ const core = require('@actions/core')
 const github = require('@actions/github')
 
 const GITHUB_TOKEN = core.getInput('github-token', { required: true })
+const EXCLUDE_PKGS = core.getInput('exclude') || []
 
 const getMergeMethod = (repo) => {
   if (repo.allow_merge_commit) return 'merge'
@@ -21,7 +22,14 @@ async function run () {
     const isDependabotPR = pr.user.login === 'dependabot[bot]'
 
     if (!isDependabotPR) {
-      return console.log('Unable to merge')
+      return core.info('Not dependabot PR, skip merging.')
+    }
+
+    // dependabot branch names are in format "dependabot/npm_and_yarn/pkg-0.0.1"
+    const pkgName = pr.head.ref.split('/').pop().split('-').shift()
+
+    if (EXCLUDE_PKGS.includes(pkgName)) {
+      return core.info(`${pkgName} is excluded, skip merging.`)
     }
 
     await octokit.pulls.createReview({