dependency-change-report 1.3.3 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -0
- package/cli.mjs +20 -6
- package/lib/git/repository.mjs +23 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -139,9 +139,13 @@ on:
|
|
|
139
139
|
jobs:
|
|
140
140
|
dependency-report:
|
|
141
141
|
runs-on: ubuntu-latest
|
|
142
|
+
permissions:
|
|
143
|
+
contents: read
|
|
144
|
+
actions: read
|
|
142
145
|
steps:
|
|
143
146
|
- uses: actions/checkout@v4
|
|
144
147
|
with:
|
|
148
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
145
149
|
fetch-depth: 0 # Need full history for version detection
|
|
146
150
|
|
|
147
151
|
- uses: actions/setup-node@v4
|
|
@@ -150,6 +154,8 @@ jobs:
|
|
|
150
154
|
|
|
151
155
|
- name: Generate dependency report
|
|
152
156
|
run: npx dependency-change-report auto --output-dir ./reports
|
|
157
|
+
env:
|
|
158
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
153
159
|
|
|
154
160
|
- name: Upload reports as artifacts
|
|
155
161
|
uses: actions/upload-artifact@v4
|
|
@@ -175,9 +181,11 @@ jobs:
|
|
|
175
181
|
permissions:
|
|
176
182
|
contents: read
|
|
177
183
|
pull-requests: write
|
|
184
|
+
actions: read
|
|
178
185
|
steps:
|
|
179
186
|
- uses: actions/checkout@v4
|
|
180
187
|
with:
|
|
188
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
181
189
|
fetch-depth: 0
|
|
182
190
|
|
|
183
191
|
- uses: actions/setup-node@v4
|
|
@@ -187,6 +195,8 @@ jobs:
|
|
|
187
195
|
- name: Generate dependency report
|
|
188
196
|
id: dep-report
|
|
189
197
|
run: npx dependency-change-report auto --output-dir ./reports
|
|
198
|
+
env:
|
|
199
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
190
200
|
|
|
191
201
|
- name: Upload reports as artifacts
|
|
192
202
|
uses: actions/upload-artifact@v4
|
|
@@ -219,8 +229,38 @@ To compare specific commits or tags instead of auto-detection:
|
|
|
219
229
|
```yaml
|
|
220
230
|
- name: Generate dependency report
|
|
221
231
|
run: npx dependency-change-report compare https://github.com/${{ github.repository }} ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} --output-dir ./reports
|
|
232
|
+
env:
|
|
233
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
222
234
|
```
|
|
223
235
|
|
|
236
|
+
### Private Repository Support
|
|
237
|
+
|
|
238
|
+
For private repositories, the tool automatically detects GitHub Actions environment and configures Git authentication using the provided `GITHUB_TOKEN`. Make sure to:
|
|
239
|
+
|
|
240
|
+
1. **Include the token in your workflow step**:
|
|
241
|
+
```yaml
|
|
242
|
+
env:
|
|
243
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
244
|
+
```
|
|
245
|
+
|
|
246
|
+
2. **Set appropriate permissions** in your workflow:
|
|
247
|
+
```yaml
|
|
248
|
+
permissions:
|
|
249
|
+
contents: read
|
|
250
|
+
actions: read
|
|
251
|
+
pull-requests: write # Only needed for PR comments
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
3. **Use the token in checkout** for private repositories:
|
|
255
|
+
```yaml
|
|
256
|
+
- uses: actions/checkout@v4
|
|
257
|
+
with:
|
|
258
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
|
259
|
+
fetch-depth: 0
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
The tool will automatically configure Git to use the token for authentication when accessing private repositories.
|
|
263
|
+
|
|
224
264
|
### Available Outputs
|
|
225
265
|
|
|
226
266
|
When running in GitHub Actions, the tool provides these outputs that can be used in subsequent steps:
|
package/cli.mjs
CHANGED
|
@@ -42,9 +42,16 @@ const compare = command(
|
|
|
42
42
|
const token = process.env.GITHUB_TOKEN;
|
|
43
43
|
if (token) {
|
|
44
44
|
console.log(`Original repo URL: ${repoUrl}`);
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
45
|
+
try {
|
|
46
|
+
// Configure git to use the token for GitHub authentication
|
|
47
|
+
await executeCommand('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:'], process.cwd(), 10000);
|
|
48
|
+
await executeCommand('git', ['config', '--global', `url.https://${token}:x-oauth-basic@github.com/.insteadOf`, 'https://github.com/'], process.cwd(), 10000);
|
|
49
|
+
console.log('Configured Git to use GitHub token authentication');
|
|
50
|
+
} catch (error) {
|
|
51
|
+
console.log('Failed to configure Git authentication, falling back to URL modification');
|
|
52
|
+
// Fallback to URL modification
|
|
53
|
+
repoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
54
|
+
}
|
|
48
55
|
console.log('Using GitHub token for private repository access');
|
|
49
56
|
} else {
|
|
50
57
|
console.log('GitHub Actions detected but no GITHUB_TOKEN found');
|
|
@@ -207,9 +214,16 @@ const auto = command(
|
|
|
207
214
|
const token = process.env.GITHUB_TOKEN;
|
|
208
215
|
if (token) {
|
|
209
216
|
console.log(`Original repo URL: ${repoUrl}`);
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
217
|
+
try {
|
|
218
|
+
// Configure git to use the token for GitHub authentication
|
|
219
|
+
await executeCommand('git', ['config', '--global', 'url.https://github.com/.insteadOf', 'git@github.com:'], process.cwd(), 10000);
|
|
220
|
+
await executeCommand('git', ['config', '--global', `url.https://${token}:x-oauth-basic@github.com/.insteadOf`, 'https://github.com/'], process.cwd(), 10000);
|
|
221
|
+
console.log('Configured Git to use GitHub token authentication');
|
|
222
|
+
} catch (error) {
|
|
223
|
+
console.log('Failed to configure Git authentication, falling back to URL modification');
|
|
224
|
+
// Fallback to URL modification
|
|
225
|
+
repoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
226
|
+
}
|
|
213
227
|
console.log('Using GitHub token for private repository access');
|
|
214
228
|
} else {
|
|
215
229
|
console.log('GitHub Actions detected but no GITHUB_TOKEN found');
|
package/lib/git/repository.mjs
CHANGED
|
@@ -14,16 +14,26 @@ import { registerTempDir, unregisterTempDir } from '../utils/cleanup-manager.mjs
|
|
|
14
14
|
export const cloneRepo = async (repoUrl, ref, targetDir, enablePeriodicLogging = false) => {
|
|
15
15
|
const repoName = basename(repoUrl, '.git');
|
|
16
16
|
|
|
17
|
+
// Apply GitHub token authentication if in GitHub Actions
|
|
18
|
+
let authenticatedRepoUrl = repoUrl;
|
|
19
|
+
const isGitHubActions = process.env.GITHUB_ACTIONS === 'true';
|
|
20
|
+
if (isGitHubActions && repoUrl.includes('github.com')) {
|
|
21
|
+
const token = process.env.GITHUB_TOKEN;
|
|
22
|
+
if (token) {
|
|
23
|
+
authenticatedRepoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
|
|
17
27
|
try {
|
|
18
28
|
// Use shallow clone with depth=1 and single-branch for faster cloning
|
|
19
29
|
// Use --quiet to avoid printing credentials in logs
|
|
20
30
|
// 2 minute timeout for very large repositories
|
|
21
|
-
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch', '--branch', ref,
|
|
31
|
+
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch', '--branch', ref, authenticatedRepoUrl, targetDir], undefined, time_2min, `git clone of ${repoName} (${ref})`, enablePeriodicLogging);
|
|
22
32
|
} catch (error) {
|
|
23
33
|
// If shallow clone with specific branch fails, try traditional approach
|
|
24
34
|
try {
|
|
25
35
|
// Full clone with 5 minute timeout for very large repos
|
|
26
|
-
await executeCommand('git', ['clone', '--quiet',
|
|
36
|
+
await executeCommand('git', ['clone', '--quiet', authenticatedRepoUrl, targetDir], undefined, time_5min, `git clone of ${repoName} (full)`, enablePeriodicLogging);
|
|
27
37
|
await executeCommand('git', ['checkout', ref], targetDir, time_1min, `git checkout ${ref}`, enablePeriodicLogging);
|
|
28
38
|
} catch (fallbackError) {
|
|
29
39
|
throw fallbackError;
|
|
@@ -51,12 +61,22 @@ export const getCommitHistory = async (repoUrl, oldVersion, newVersion, reposDir
|
|
|
51
61
|
// Register this temp directory for cleanup
|
|
52
62
|
registerTempDir(tempDir);
|
|
53
63
|
|
|
64
|
+
// Apply GitHub token authentication if in GitHub Actions
|
|
65
|
+
let authenticatedRepoUrl = repoUrl;
|
|
66
|
+
const isGitHubActions = process.env.GITHUB_ACTIONS === 'true';
|
|
67
|
+
if (isGitHubActions && repoUrl.includes('github.com')) {
|
|
68
|
+
const token = process.env.GITHUB_TOKEN;
|
|
69
|
+
if (token) {
|
|
70
|
+
authenticatedRepoUrl = repoUrl.replace('https://github.com/', `https://${token}:x-oauth-basic@github.com/`);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
54
74
|
// Clone the repository with optimizations for faster cloning
|
|
55
75
|
// Use --quiet to avoid printing credentials in logs
|
|
56
76
|
// Use --depth=1 and --single-branch for faster cloning, then fetch what we need
|
|
57
77
|
try {
|
|
58
78
|
// 2 minute timeout for very large repositories
|
|
59
|
-
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch',
|
|
79
|
+
await executeCommand('git', ['clone', '--quiet', '--depth=1', '--single-branch', authenticatedRepoUrl, tempDir], undefined, time_2min, `git clone of ${packageName} for history`, false);
|
|
60
80
|
} catch (error) {
|
|
61
81
|
// If the repository doesn't exist or can't be accessed, throw a more specific error
|
|
62
82
|
if (error.message.includes("Repository not found") ||
|