dependency-change-report 1.3.2 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -0
- package/cli.mjs +20 -6
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -139,9 +139,13 @@ on:
|
|
|
139
139
|
jobs:
|
|
140
140
|
dependency-report:
|
|
141
141
|
runs-on: ubuntu-latest
|
|
142
|
+
permissions:
|
|
143
|
+
contents: read
|
|
144
|
+
actions: read
|
|
142
145
|
steps:
|
|
143
146
|
- uses: actions/checkout@v4
|
|
144
147
|
with:
|
|
148
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
145
149
|
fetch-depth: 0 # Need full history for version detection
|
|
146
150
|
|
|
147
151
|
- uses: actions/setup-node@v4
|
|
@@ -150,6 +154,8 @@ jobs:
|
|
|
150
154
|
|
|
151
155
|
- name: Generate dependency report
|
|
152
156
|
run: npx dependency-change-report auto --output-dir ./reports
|
|
157
|
+
env:
|
|
158
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
153
159
|
|
|
154
160
|
- name: Upload reports as artifacts
|
|
155
161
|
uses: actions/upload-artifact@v4
|
|
@@ -175,9 +181,11 @@ jobs:
|
|
|
175
181
|
permissions:
|
|
176
182
|
contents: read
|
|
177
183
|
pull-requests: write
|
|
184
|
+
actions: read
|
|
178
185
|
steps:
|
|
179
186
|
- uses: actions/checkout@v4
|
|
180
187
|
with:
|
|
188
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
181
189
|
fetch-depth: 0
|
|
182
190
|
|
|
183
191
|
- uses: actions/setup-node@v4
|
|
@@ -187,6 +195,8 @@ jobs:
|
|
|
187
195
|
- name: Generate dependency report
|
|
188
196
|
id: dep-report
|
|
189
197
|
run: npx dependency-change-report auto --output-dir ./reports
|
|
198
|
+
env:
|
|
199
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
190
200
|
|
|
191
201
|
- name: Upload reports as artifacts
|
|
192
202
|
uses: actions/upload-artifact@v4
|
|
@@ -219,8 +229,38 @@ To compare specific commits or tags instead of auto-detection:
|
|
|
219
229
|
```yaml
|
|
220
230
|
- name: Generate dependency report
|
|
221
231
|
run: npx dependency-change-report compare https://github.com/${{ github.repository }} ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} --output-dir ./reports
|
|
232
|
+
env:
|
|
233
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
222
234
|
```
|
|
223
235
|
|
|
236
|
+
### Private Repository Support
|
|
237
|
+
|
|
238
|
+
For private repositories, the tool automatically detects GitHub Actions environment and configures Git authentication using the provided `GITHUB_TOKEN`. Make sure to:
|
|
239
|
+
|
|
240
|
+
1. **Include the token in your workflow step**:
|
|
241
|
+
```yaml
|
|
242
|
+
env:
|
|
243
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
244
|
+
```
|
|
245
|
+
|
|
246
|
+
2. **Set appropriate permissions** in your workflow:
|
|
247
|
+
```yaml
|
|
248
|
+
permissions:
|
|
249
|
+
contents: read
|
|
250
|
+
actions: read
|
|
251
|
+
pull-requests: write # Only needed for PR comments
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
3. **Use the token in checkout** for private repositories:
|
|
255
|
+
```yaml
|
|
256
|
+
- uses: actions/checkout@v4
|
|
257
|
+
with:
|
|
258
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
259
|
+
fetch-depth: 0
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
The tool will automatically configure Git to use the token for authentication when accessing private repositories.
|
|
263
|
+
|
|
224
264
|
### Available Outputs
|
|
225
265
|
|
|
226
266
|
When running in GitHub Actions, the tool provides these outputs that can be used in subsequent steps:
|
package/cli.mjs
CHANGED
|
@@ -42,9 +42,16 @@ const compare = command(
|
|
|
42
42
|
const token = process.env.GITHUB_TOKEN;
|
|
43
43
|
if (token) {
|
|
44
44
|
console.log(`Original repo URL: ${repoUrl}`);
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
45
|
+
try {
|
|
46
|
+
// Configure git to use the token for GitHub authentication
|
|
47
|
+
await executeCommand('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:'], process.cwd(), 10000);
|
|
48
|
+
await executeCommand('git', ['config', '--global', `url.https://${token}:x-oauth-basic@github.com/.insteadOf`, 'https://github.com/'], process.cwd(), 10000);
|
|
49
|
+
console.log('Configured Git to use GitHub token authentication');
|
|
50
|
+
} catch (error) {
|
|
51
|
+
console.log('Failed to configure Git authentication, falling back to URL modification');
|
|
52
|
+
// Fallback to URL modification
|
|
53
|
+
repoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
54
|
+
}
|
|
48
55
|
console.log('Using GitHub token for private repository access');
|
|
49
56
|
} else {
|
|
50
57
|
console.log('GitHub Actions detected but no GITHUB_TOKEN found');
|
|
@@ -207,9 +214,16 @@ const auto = command(
|
|
|
207
214
|
const token = process.env.GITHUB_TOKEN;
|
|
208
215
|
if (token) {
|
|
209
216
|
console.log(`Original repo URL: ${repoUrl}`);
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
217
|
+
try {
|
|
218
|
+
// Configure git to use the token for GitHub authentication
|
|
219
|
+
await executeCommand('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:'], process.cwd(), 10000);
|
|
220
|
+
await executeCommand('git', ['config', '--global', `url.https://${token}:x-oauth-basic@github.com/.insteadOf`, 'https://github.com/'], process.cwd(), 10000);
|
|
221
|
+
console.log('Configured Git to use GitHub token authentication');
|
|
222
|
+
} catch (error) {
|
|
223
|
+
console.log('Failed to configure Git authentication, falling back to URL modification');
|
|
224
|
+
// Fallback to URL modification
|
|
225
|
+
repoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
226
|
+
}
|
|
213
227
|
console.log('Using GitHub token for private repository access');
|
|
214
228
|
} else {
|
|
215
229
|
console.log('GitHub Actions detected but no GITHUB_TOKEN found');
|