dependency-change-report 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +40 -0
  2. package/cli.mjs +20 -6
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -139,9 +139,13 @@ on:
139
139
  jobs:
140
140
  dependency-report:
141
141
  runs-on: ubuntu-latest
142
+ permissions:
143
+ contents: read
144
+ actions: read
142
145
  steps:
143
146
  - uses: actions/checkout@v4
144
147
  with:
148
+ token: ${{ secrets.GITHUB_TOKEN }}
145
149
  fetch-depth: 0 # Need full history for version detection
146
150
 
147
151
  - uses: actions/setup-node@v4
@@ -150,6 +154,8 @@ jobs:
150
154
 
151
155
  - name: Generate dependency report
152
156
  run: npx dependency-change-report auto --output-dir ./reports
157
+ env:
158
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
153
159
 
154
160
  - name: Upload reports as artifacts
155
161
  uses: actions/upload-artifact@v4
@@ -175,9 +181,11 @@ jobs:
175
181
  permissions:
176
182
  contents: read
177
183
  pull-requests: write
184
+ actions: read
178
185
  steps:
179
186
  - uses: actions/checkout@v4
180
187
  with:
188
+ token: ${{ secrets.GITHUB_TOKEN }}
181
189
  fetch-depth: 0
182
190
 
183
191
  - uses: actions/setup-node@v4
@@ -187,6 +195,8 @@ jobs:
187
195
  - name: Generate dependency report
188
196
  id: dep-report
189
197
  run: npx dependency-change-report auto --output-dir ./reports
198
+ env:
199
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
190
200
 
191
201
  - name: Upload reports as artifacts
192
202
  uses: actions/upload-artifact@v4
@@ -219,8 +229,38 @@ To compare specific commits or tags instead of auto-detection:
219
229
  ```yaml
220
230
  - name: Generate dependency report
221
231
  run: npx dependency-change-report compare https://github.com/${{ github.repository }} ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} --output-dir ./reports
232
+ env:
233
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
222
234
  ```
223
235
 
236
+ ### Private Repository Support
237
+
238
+ For private repositories, the tool automatically detects GitHub Actions environment and configures Git authentication using the provided `GITHUB_TOKEN`. Make sure to:
239
+
240
+ 1. **Include the token in your workflow step**:
241
+ ```yaml
242
+ env:
243
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
244
+ ```
245
+
246
+ 2. **Set appropriate permissions** in your workflow:
247
+ ```yaml
248
+ permissions:
249
+ contents: read
250
+ actions: read
251
+ pull-requests: write # Only needed for PR comments
252
+ ```
253
+
254
+ 3. **Use the token in checkout** for private repositories:
255
+ ```yaml
256
+ - uses: actions/checkout@v4
257
+ with:
258
+ token: ${{ secrets.GITHUB_TOKEN }}
259
+ fetch-depth: 0
260
+ ```
261
+
262
+ The tool will automatically configure Git to use the token for authentication when accessing private repositories.
263
+
224
264
  ### Available Outputs
225
265
 
226
266
  When running in GitHub Actions, the tool provides these outputs that can be used in subsequent steps:
package/cli.mjs CHANGED
@@ -42,9 +42,16 @@ const compare = command(
42
42
  const token = process.env.GITHUB_TOKEN;
43
43
  if (token) {
44
44
  console.log(`Original repo URL: ${repoUrl}`);
45
- // Convert https://github.com/owner/repo to https://token@github.com/owner/repo
46
- repoUrl = repoUrl.replace('https://github.com/', `https://${token}@github.com/`);
47
- console.log('Modified repo URL to use GitHub token authentication');
45
+ try {
46
+ // Configure git to use the token for GitHub authentication
47
+ await executeCommand('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:'], process.cwd(), 10000);
48
+ await executeCommand('git', ['config', '--global', `url.https://${token}:x-oauth-basic@github.com/.insteadOf`, 'https://github.com/'], process.cwd(), 10000);
49
+ console.log('Configured Git to use GitHub token authentication');
50
+ } catch (error) {
51
+ console.log('Failed to configure Git authentication, falling back to URL modification');
52
+ // Fallback to URL modification
53
+ repoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
54
+ }
48
55
  console.log('Using GitHub token for private repository access');
49
56
  } else {
50
57
  console.log('GitHub Actions detected but no GITHUB_TOKEN found');
@@ -207,9 +214,16 @@ const auto = command(
207
214
  const token = process.env.GITHUB_TOKEN;
208
215
  if (token) {
209
216
  console.log(`Original repo URL: ${repoUrl}`);
210
- // Convert https://github.com/owner/repo to https://token@github.com/owner/repo
211
- repoUrl = repoUrl.replace('https://github.com/', `https://${token}@github.com/`);
212
- console.log('Modified repo URL to use GitHub token authentication');
217
+ try {
218
+ // Configure git to use the token for GitHub authentication
219
+ await executeCommand('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:'], process.cwd(), 10000);
220
+ await executeCommand('git', ['config', '--global', `url.https://${token}:x-oauth-basic@github.com/.insteadOf`, 'https://github.com/'], process.cwd(), 10000);
221
+ console.log('Configured Git to use GitHub token authentication');
222
+ } catch (error) {
223
+ console.log('Failed to configure Git authentication, falling back to URL modification');
224
+ // Fallback to URL modification
225
+ repoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
226
+ }
213
227
  console.log('Using GitHub token for private repository access');
214
228
  } else {
215
229
  console.log('GitHub Actions detected but no GITHUB_TOKEN found');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "dependency-change-report",
3
- "version": "1.3.2",
3
+ "version": "1.3.4",
4
4
  "type": "module",
5
5
  "description": "Generate dependency change reports between git references",
6
6
  "main": "lib/index.mjs",