Add support for dependabot-script/custom commit users
yeikel opened this issue · comments
I am currently running dependabot-script in a private GHE instance to generate pull requests for my projects
I would like to leverage this project but this check :
fetch-metadata/src/dependabot/verified_commits.ts
Lines 22 to 44 in 29dc6db
Expects the sender of the PR to be 'dependabot[bot]' when that's not possible within my context
Would you be open to adding an optional configuration parameter to the action to allow customizing this value?
As a side note, most Action examples suggest this as an optimization :
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
I am willing to send a PR with the same
Yes, that makes sense to make it configurable. Happy to accept a PR.
I don't understand the "optimization" suggestion, but a quick PR might make that easier to understand too? Feel free to send two PR's if they're not tied together...
Yes, that makes sense to make it configurable. Happy to accept a PR.
I don't understand the "optimization" suggestion, but a quick PR might make that easier to understand too? Feel free to send two PR's if they're not tied together...
What I meant with the "optimization" is that workflow execution can be stopped before it even starts using the filter above. Example :
- name: Greet dependabot
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} // This step will only run if the user matches. The "echo" command won't run at all
shell: echo "Hello dependabot!"
Given that, there is no need to have additional checks within the action code
It won't hurt, but it is not needed
Ah makes sense, sounds good to me!
Based on the discussion in #332 , what do you think about the idea of instead creating an option that simply enables/disables the internal code check?
That way advanced users can effectively say "I know what I'm doing, turn this off" and then control everything via their GitHub workflow conditions?
I just think that might be less constrictive to advanced users like yourself.
If you agree, rather than amending #331, why don't you create an alternative PR, that way if someone points out something I'm overlooking that means we still need to specify a custom user, we haven't lost that code...
Based on the discussion in #332 , what do you think about the idea of instead creating an option that simply enables/disables the internal code check?
That way advanced users can effectively say "I know what I'm doing, turn this off" and then control everything via their GitHub workflow conditions?
I just think that might be less constrictive to advanced users like yourself.
If you agree, rather than amending #331, why don't you create an alternative PR, that way if someone points out something I'm overlooking that means we still need to specify a custom user, we haven't lost that code...
That's fair. I'll work on that next
Fixed by #336