@dependabit/action 0.1.1

package/dist/utils/reporter.js

@@ -0,0 +1,122 @@
+/**
+ * Summary Reporter
+ * Generates human-readable summaries for dependency change reports
+ */
+export class SummaryReporter {
+    /**
+     * Generates a summary report for all dependency changes
+     */
+    generateSummary(changes) {
+        if (changes.length === 0) {
+            return '✅ All dependencies are up to date. No changes detected.';
+        }
+        const breaking = changes.filter((c) => c.severity === 'breaking');
+        const major = changes.filter((c) => c.severity === 'major');
+        const minor = changes.filter((c) => c.severity === 'minor');
+        let summary = '# Dependency Changes Detected\n\n';
+        summary += `**Total Changes**: ${changes.length}\n`;
+        summary += `- 🔴 Breaking: ${breaking.length}\n`;
+        summary += `- 🟡 Major: ${major.length}\n`;
+        summary += `- 🟢 Minor: ${minor.length}\n\n`;
+        if (breaking.length > 0) {
+            summary += '## ⚠️ Breaking Changes\n\n';
+            breaking.forEach((change) => {
+                summary += this.formatChangeItem(change);
+            });
+        }
+        if (major.length > 0) {
+            summary += '## 🔔 Major Updates\n\n';
+            major.forEach((change) => {
+                summary += this.formatChangeItem(change);
+            });
+        }
+        if (minor.length > 0) {
+            summary += '## 📝 Minor Updates\n\n';
+            minor.forEach((change) => {
+                summary += this.formatChangeItem(change);
+            });
+        }
+        return summary;
+    }
+    /**
+     * Generates detailed issue body for a single dependency change
+     */
+    generateIssueBody(change) {
+        const { dependency, severity, changes, oldVersion, newVersion, releaseNotes } = change;
+        let body = '';
+        // Header with severity indicator
+        const severityEmoji = {
+            breaking: '⚠️',
+            major: '🔔',
+            minor: '📝'
+        }[severity];
+        body += `${severityEmoji} **${severity.toUpperCase()}** dependency update detected\n\n`;
+        // Dependency information
+        body += `## Dependency: ${dependency.name || dependency.id}\n\n`;
+        body += `- **URL**: ${dependency.url}\n`;
+        if (dependency.type) {
+            body += `- **Type**: ${dependency.type}\n`;
+        }
+        // Version change
+        if (oldVersion && newVersion) {
+            body += `\n## Version Change\n\n`;
+            body += `\`${oldVersion}\` → \`${newVersion}\`\n`;
+        }
+        // Changes detected
+        body += `\n## Changes Detected\n\n`;
+        changes.forEach((change) => {
+            body += `- ${change}\n`;
+        });
+        // Release notes if available
+        if (releaseNotes) {
+            body += `\n## Release Notes\n\n`;
+            body += releaseNotes;
+        }
+        // Action required for breaking changes
+        if (severity === 'breaking') {
+            body += `\n## ⚠️ Action Required\n\n`;
+            body += `This is a **breaking change** that may require updates to your code.\n`;
+            body += `Please review the changes and update your implementation accordingly.\n`;
+        }
+        return body;
+    }
+    /**
+     * Formats change summary for display
+     */
+    formatChangeSummary(change) {
+        let summary = '';
+        if (change.oldVersion && change.newVersion) {
+            summary += `Version: ${change.oldVersion} → ${change.newVersion}\n`;
+        }
+        if (change.changes.includes('content')) {
+            summary += 'content updated\n';
+            if (change.contentDiff) {
+                summary += `Changes: ${change.contentDiff}\n`;
+            }
+        }
+        if (change.changes.includes('metadata')) {
+            summary += 'metadata updated\n';
+        }
+        if (change.changes.includes('version')) {
+            summary += 'version updated\n';
+        }
+        return summary.trim();
+    }
+    /**
+     * Formats a single change item for the summary
+     */
+    formatChangeItem(change) {
+        const name = change.dependency.name || change.dependency.id;
+        let item = `### ${name}\n\n`;
+        item += `- **URL**: ${change.dependency.url}\n`;
+        if (change.oldVersion && change.newVersion) {
+            item += `- **Version**: \`${change.oldVersion}\` → \`${change.newVersion}\`\n`;
+        }
+        if (change.changes.length > 0) {
+            item += `- **Changes**: ${change.changes.join(', ')}\n`;
+        }
+        item += '\n';
+        return item;
+    }
+}
+//# sourceMappingURL=reporter.js.map

package/dist/utils/reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reporter.js","sourceRoot":"","sources":["../../src/utils/reporter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAkBH,MAAM,OAAO,eAAe;IAC1B;;OAEG;IACH,eAAe,CAAC,OAA2B,EAAU;QACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,2DAAyD,CAAC;QACnE,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;QAE5D,IAAI,OAAO,GAAG,mCAAmC,CAAC;QAClD,OAAO,IAAI,sBAAsB,OAAO,CAAC,MAAM,IAAI,CAAC;QACpD,OAAO,IAAI,oBAAiB,QAAQ,CAAC,MAAM,IAAI,CAAC;QAChD,OAAO,IAAI,iBAAc,KAAK,CAAC,MAAM,IAAI,CAAC;QAC1C,OAAO,IAAI,iBAAc,KAAK,CAAC,MAAM,MAAM,CAAC;QAE5C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,gCAA4B,CAAC;YACxC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC3B,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAAA,CAC1C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,2BAAwB,CAAC;YACpC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;gBACxB,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAAA,CAC1C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,2BAAwB,CAAC;YACpC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;gBACxB,OAAO,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAAA,CAC1C,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IAAA,CAChB;IAED;;OAEG;IACH,iBAAiB,CAAC,MAAwB,EAAU;QAClD,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;QAEvF,IAAI,IAAI,GAAG,EAAE,CAAC;QAEd,iCAAiC;QACjC,MAAM,aAAa,GAAG;YACpB,QAAQ,EAAE,QAAI;YACd,KAAK,EAAE,MAAG;YACV,KAAK,EAAE,MAAG;SACX,CAAC,QAAQ,CAAC,CAAC;QAEZ,IAAI,IAAI,GAAG,aAAa,MAAM,QAAQ,CAAC,WAAW,EAAE,mCAAmC,CAAC;QAExF,yBAAyB;QACzB,IAAI,IAAI,kBAAkB,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,EAAE,MAAM,CAAC;QACjE,IAAI,IAAI,cAAc,UAAU,CAAC,GAAG,IAAI,CAAC;QACzC,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,IAAI,eAAe,UAAU,CAAC,IAAI,IAAI,CAAC;QAC7C,CAAC;QAED,iBAAiB;QACjB,IAAI,UAAU,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,IAAI,yBAAyB,CAAC;YAClC,IAAI,IAAI,KAAK,UAAU,YAAU,UAAU,MAAM,CAAC;QACpD,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,2BAA2B,CAAC;QACpC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,IAAI,IAAI,KAAK,MAAM,IAAI,CAAC;QAAA,CACzB,CAAC,CAAC;QAEH,6BAA6B;QAC7B,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,IAAI,wBAAwB,CAAC;YACjC,IAAI,IAAI,YAAY,CAAC;QACvB,CAAC;QAED,uCAAuC;QACvC,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YAC5B,IAAI,IAAI,iCAA6B,CAAC;YACtC,IAAI,IAAI,wEAAwE,CAAC;YACjF,IAAI,IAAI,yEAAyE,CAAC;QACpF,CAAC;QAED,OAAO,IAAI,CAAC;IAAA,CACb;IAED;;OAEG;IACH,mBAAmB,CAAC,MAKnB,EAAU;QACT,IAAI,OAAO,GAAG,EAAE,CAAC;QAEjB,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC3C,OAAO,IAAI,YAAY,MAAM,CAAC,UAAU,QAAM,MAAM,CAAC,UAAU,IAAI,CAAC;QACtE,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,mBAAmB,CAAC;YAC/B,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,OAAO,IAAI,YAAY,MAAM,CAAC,WAAW,IAAI,CAAC;YAChD,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI,oBAAoB,CAAC;QAClC,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,mBAAmB,CAAC;QACjC,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;IAAA,CACvB;IAED;;OAEG;IACK,gBAAgB,CAAC,MAAwB,EAAU;QACzD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5D,IAAI,IAAI,GAAG,OAAO,IAAI,MAAM,CAAC;QAC7B,IAAI,IAAI,cAAc,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC;QAEhD,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC3C,IAAI,IAAI,oBAAoB,MAAM,CAAC,UAAU,YAAU,MAAM,CAAC,UAAU,MAAM,CAAC;QACjF,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,IAAI,IAAI,kBAAkB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC1D,CAAC;QAED,IAAI,IAAI,IAAI,CAAC;QACb,OAAO,IAAI,CAAC;IAAA,CACb;CACF"}

package/dist/utils/secrets.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Secret resolution utility for GitHub Actions and environment variables
+ * Safely resolves secrets from GitHub Secrets and environment variables
+ */
+export interface SecretResolverConfig {
+    prefix?: string;
+    enableCache?: boolean;
+}
+export interface DependencyAuthConfig {
+    [domain: string]: {
+        secretName: string;
+    };
+}
+/**
+ * Resolves secrets from environment variables and GitHub Secrets
+ */
+export declare class SecretResolver {
+    private prefix;
+    private enableCache;
+    private cache;
+    constructor(config?: SecretResolverConfig);
+    /**
+     * Resolve a single secret by name
+     */
+    resolve(secretName: string): Promise<string>;
+    /**
+     * Resolve multiple secrets at once
+     */
+    resolveMultiple(secretNames: string[], options?: {
+        allowPartial?: boolean;
+    }): Promise<Record<string, string>>;
+    /**
+     * Resolve per-dependency authentication configuration
+     */
+    resolveDependencyAuth(config: DependencyAuthConfig): Promise<Record<string, string>>;
+    /**
+     * Validate secret name format
+     */
+    validate(secretName: string): boolean;
+    /**
+     * Clear the secret cache
+     */
+    clearCache(): void;
+}
+//# sourceMappingURL=secrets.d.ts.map

package/dist/utils/secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,CAAC,MAAM,EAAE,MAAM,GAAG;QAChB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,WAAW,CAAU;IAC7B,OAAO,CAAC,KAAK,CAAsB;IAEnC,YAAY,MAAM,GAAE,oBAAyB,EAI5C;IAED;;OAEG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAwBjD;IAED;;OAEG;IACG,eAAe,CACnB,WAAW,EAAE,MAAM,EAAE,EACrB,OAAO,CAAC,EAAE;QAAE,YAAY,CAAC,EAAE,OAAO,CAAA;KAAE,GACnC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAqBjC;IAED;;OAEG;IACG,qBAAqB,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CASzF;IAED;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAUpC;IAED;;OAEG;IACH,UAAU,IAAI,IAAI,CAEjB;CACF"}

package/dist/utils/secrets.js

@@ -0,0 +1,94 @@
+/**
+ * Secret resolution utility for GitHub Actions and environment variables
+ * Safely resolves secrets from GitHub Secrets and environment variables
+ */
+/**
+ * Resolves secrets from environment variables and GitHub Secrets
+ */
+export class SecretResolver {
+    prefix;
+    enableCache;
+    cache;
+    constructor(config = {}) {
+        this.prefix = config.prefix || '';
+        this.enableCache = config.enableCache ?? false;
+        this.cache = new Map();
+    }
+    /**
+     * Resolve a single secret by name
+     */
+    async resolve(secretName) {
+        // Parse GitHub Actions secret reference format: ${{ secrets.NAME }}
+        const match = secretName.match(/\$\{\{\s*secrets\.([A-Z_]+)\s*\}\}/);
+        const actualName = match ? match[1] : secretName;
+        const envKey = this.prefix + actualName;
+        // Check cache first
+        if (this.enableCache && this.cache.has(envKey)) {
+            return this.cache.get(envKey);
+        }
+        // Resolve from environment
+        const value = process.env[envKey];
+        if (value === undefined) {
+            throw new Error(`Secret ${actualName} not found`);
+        }
+        // Cache if enabled
+        if (this.enableCache) {
+            this.cache.set(envKey, value);
+        }
+        return value;
+    }
+    /**
+     * Resolve multiple secrets at once
+     */
+    async resolveMultiple(secretNames, options) {
+        const result = {};
+        const errors = [];
+        for (const name of secretNames) {
+            try {
+                result[name] = await this.resolve(name);
+            }
+            catch (error) {
+                if (options?.allowPartial) {
+                    // Skip missing secrets when allowPartial is true
+                    continue;
+                }
+                errors.push(error.message);
+            }
+        }
+        if (errors.length > 0 && !options?.allowPartial) {
+            throw new Error(errors[0]); // Throw first error
+        }
+        return result;
+    }
+    /**
+     * Resolve per-dependency authentication configuration
+     */
+    async resolveDependencyAuth(config) {
+        const result = {};
+        for (const [domain, authConfig] of Object.entries(config)) {
+            const secretValue = await this.resolve(authConfig.secretName);
+            result[domain] = secretValue;
+        }
+        return result;
+    }
+    /**
+     * Validate secret name format
+     */
+    validate(secretName) {
+        // Handle GitHub Actions secret reference
+        if (secretName.startsWith('${{')) {
+            const match = secretName.match(/\$\{\{\s*secrets\.([A-Z_][A-Z0-9_]*)\s*\}\}/);
+            return match !== null;
+        }
+        // Standard environment variable naming convention
+        // Must start with letter or underscore, contain only alphanumeric and underscores
+        return /^[A-Z_][A-Z0-9_]*$/.test(secretName);
+    }
+    /**
+     * Clear the secret cache
+     */
+    clearCache() {
+        this.cache.clear();
+    }
+}
+//# sourceMappingURL=secrets.js.map

package/dist/utils/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,CAAS;IACf,WAAW,CAAU;IACrB,KAAK,CAAsB;IAEnC,YAAY,MAAM,GAAyB,EAAE,EAAE;QAC7C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,KAAK,CAAC;QAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,GAAG,EAAE,CAAC;IAAA,CACxB;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAmB;QACjD,oEAAoE;QACpE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QACjD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC;QAExC,oBAAoB;QACpB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;QACjC,CAAC;QAED,2BAA2B;QAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAElC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,UAAU,UAAU,YAAY,CAAC,CAAC;QACpD,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,KAAK,CAAC;IAAA,CACd;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,WAAqB,EACrB,OAAoC,EACH;QACjC,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;oBAC1B,iDAAiD;oBACjD,SAAS;gBACX,CAAC;gBACD,MAAM,CAAC,IAAI,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,oBAAoB;QAClD,CAAC;QAED,OAAO,MAAM,CAAC;IAAA,CACf;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,MAA4B,EAAmC;QACzF,MAAM,MAAM,GAA2B,EAAE,CAAC;QAE1C,KAAK,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC9D,MAAM,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC;QAC/B,CAAC;QAED,OAAO,MAAM,CAAC;IAAA,CACf;IAED;;OAEG;IACH,QAAQ,CAAC,UAAkB,EAAW;QACpC,yCAAyC;QACzC,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAC9E,OAAO,KAAK,KAAK,IAAI,CAAC;QACxB,CAAC;QAED,kDAAkD;QAClD,kFAAkF;QAClF,OAAO,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAAA,CAC9C;IAED;;OAEG;IACH,UAAU,GAAS;QACjB,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IAAA,CACpB;CACF"}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@dependabit/action",
+  "version": "0.1.1",
+  "description": "GitHub Action entry points for dependency tracking",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "dependencies": {
+    "@actions/core": "^3.0.0",
+    "@actions/github": "^9.0.0",
+    "zod": "^4.3.6",
+    "@dependabit/detector": "0.1.1",
+    "@dependabit/github-client": "0.1.1",
+    "@dependabit/manifest": "0.1.1",
+    "@dependabit/monitor": "0.1.1"
+  },
+  "devDependencies": {
+    "@types/node": "^25.2.2",
+    "@vercel/ncc": "^0.38.4",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "keywords": [
+    "github-action",
+    "dependency",
+    "tracking"
+  ],
+  "license": "MIT",
+  "scripts": {
+    "build": "tsgo -p tsconfig.json",
+    "build:action": "tsgo -p tsconfig.json && ncc build dist/index.js -o action-dist --source-map --license licenses.txt",
+    "clean": "rm -rf dist action-dist",
+    "dev": "tsx watch src/index.ts",
+    "type-check": "tsgo --noEmit -p tsconfig.json",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  }
+}

package/src/actions/check.ts

@@ -0,0 +1,223 @@
+/**
+ * Check Action
+ * Monitors dependencies for changes and creates issues when updates are detected
+ */
+
+import { Monitor } from '@dependabit/monitor';
+import type { DependencyConfig } from '@dependabit/monitor';
+import { IssueManager, RateLimitHandler } from '@dependabit/github-client';
+import { SummaryReporter } from '../utils/reporter.js';
+import type { DependencyChange } from '../utils/reporter.js';
+
+export interface Manifest {
+  version: string;
+  dependencies: Array<
+    DependencyConfig & {
+      name?: string;
+      type?: string;
+      lastChanged?: string;
+    }
+  >;
+}
+
+export interface CheckActionResult {
+  checked: number;
+  skipped: number;
+  changes: DependencyChange[];
+  issuesCreated: number;
+  errors: number;
+  rateLimitWarnings?: string[];
+  updatedManifest: Manifest;
+}
+
+/**
+ * Main check action - monitors dependencies and creates issues
+ */
+export async function checkAction(
+  manifest: Manifest,
+  options?: {
+    owner?: string;
+    repo?: string;
+    createIssues?: boolean;
+    dryRun?: boolean;
+  }
+): Promise<CheckActionResult> {
+  const {
+    owner = process.env['GITHUB_REPOSITORY_OWNER'] || '',
+    repo = process.env['GITHUB_REPOSITORY']?.split('/')[1] || '',
+    createIssues = true,
+    dryRun = false
+  } = options || {};
+
+  const monitor = new Monitor();
+  const issueManager = new IssueManager();
+  const rateLimitHandler = new RateLimitHandler();
+  const reporter = new SummaryReporter();
+
+  const result: CheckActionResult = {
+    checked: 0,
+    skipped: 0,
+    changes: [],
+    issuesCreated: 0,
+    errors: 0,
+    rateLimitWarnings: [],
+    updatedManifest: {
+      ...manifest,
+      dependencies: manifest.dependencies.map((dep) => ({ ...dep }))
+    }
+  };
+
+  // Check rate limit before starting
+  const rateLimit = await rateLimitHandler.checkRateLimit();
+  if (rateLimit.warning) {
+    result.rateLimitWarnings?.push(rateLimit.warning);
+  }
+
+  // Filter enabled dependencies
+  const enabledDeps = manifest.dependencies.filter((dep) => {
+    if (dep.monitoring?.enabled === false) {
+      result.skipped++;
+      return false;
+    }
+    if (dep.monitoring?.ignoreChanges === true) {
+      result.skipped++;
+      return false;
+    }
+    return true;
+  });
+
+  console.log(`Checking ${enabledDeps.length} dependencies (${result.skipped} skipped)...`);
+
+  // Reserve budget for all checks upfront
+  const budgetNeeded = enabledDeps.length + 10; // Extra buffer for issue operations
+  const budgetReservation = await rateLimitHandler.reserveBudget(budgetNeeded);
+
+  if (!budgetReservation.reserved) {
+    console.warn(`Insufficient API quota: ${budgetReservation.reason}`);
+    if (budgetReservation.waitTime) {
+      console.log(
+        `Waiting ${Math.ceil(budgetReservation.waitTime / 1000)} seconds for rate limit reset...`
+      );
+      await rateLimitHandler.waitIfNeeded();
+    }
+  }
+
+  // Check all dependencies
+  const checkResults = await monitor.checkAll(enabledDeps);
+
+  // Process results
+  for (const checkResult of checkResults) {
+    if (!checkResult) continue;
+
+    const depIndex = manifest.dependencies.findIndex((d) => d.id === checkResult.dependency.id);
+
+    if (checkResult.error) {
+      console.error(`Error checking ${checkResult.dependency.id}: ${checkResult.error}`);
+      result.errors++;
+      continue;
+    }
+
+    result.checked++;
+
+    // Update manifest with new state
+    if (checkResult.newSnapshot && depIndex >= 0) {
+      const dep = result.updatedManifest.dependencies[depIndex];
+      if (dep) {
+        dep.currentStateHash = checkResult.newSnapshot.stateHash;
+        dep.lastChecked = checkResult.newSnapshot.fetchedAt.toISOString();
+
+        if (checkResult.newSnapshot.version) {
+          dep.currentVersion = checkResult.newSnapshot.version;
+        }
+      }
+    }
+
+    // Handle detected changes
+    if (checkResult.hasChanged && checkResult.changes && checkResult.severity) {
+      const change: DependencyChange = {
+        dependency: {
+          id: checkResult.dependency.id,
+          ...(checkResult.dependency.name && { name: checkResult.dependency.name }),
+          url: checkResult.dependency.url,
+          ...(checkResult.dependency.type && { type: checkResult.dependency.type })
+        },
+        severity: checkResult.severity,
+        changes: checkResult.changes.changes,
+        oldVersion: checkResult.changes.oldVersion,
+        newVersion: checkResult.changes.newVersion
+      };
+
+      result.changes.push(change);
+
+      // Update lastChanged timestamp
+      if (depIndex >= 0) {
+        const dep = result.updatedManifest.dependencies[depIndex];
+        if (dep) {
+          dep.lastChanged = new Date().toISOString();
+        }
+      }
+
+      // Create issue if enabled
+      if (createIssues && !dryRun && owner && repo) {
+        try {
+          // Check rate limit before creating issue
+          await rateLimitHandler.waitIfNeeded();
+
+          // Check if issue already exists
+          const existing = await issueManager.findExistingIssue({
+            owner,
+            repo,
+            dependencyId: checkResult.dependency.id
+          });
+
+          if (existing) {
+            // Update existing issue
+            const updateBody = reporter.generateIssueBody(change);
+            await issueManager.updateIssue({
+              owner,
+              repo,
+              issueNumber: existing.number,
+              body: updateBody,
+              severity: checkResult.severity,
+              append: true
+            });
+            console.log(
+              `Updated existing issue #${existing.number} for ${checkResult.dependency.id}`
+            );
+          } else {
+            // Create new issue
+            const issueBody = reporter.generateIssueBody(change);
+            const issue = await issueManager.createIssue({
+              owner,
+              repo,
+              title: `Dependency Update: ${change.dependency.name || change.dependency.id}`,
+              body: issueBody,
+              severity: checkResult.severity,
+              dependency: {
+                id: checkResult.dependency.id,
+                url: checkResult.dependency.url
+              }
+            });
+            result.issuesCreated++;
+            console.log(`Created issue #${issue.number} for ${checkResult.dependency.id}`);
+          }
+        } catch (error) {
+          console.error(`Failed to create/update issue for ${checkResult.dependency.id}:`, error);
+          result.errors++;
+        }
+      }
+    }
+  }
+
+  // Generate and log summary
+  const summary = reporter.generateSummary(result.changes);
+  console.log('\n' + summary);
+
+  // Check rate limit after processing
+  const finalRateLimit = await rateLimitHandler.checkRateLimit();
+  if (finalRateLimit.warning && !result.rateLimitWarnings?.includes(finalRateLimit.warning)) {
+    result.rateLimitWarnings?.push(finalRateLimit.warning);
+  }
+
+  return result;
+}