Table of Contents↗️
Generate a changelog entry from a dependabot PR, commit & push the changes.
If your project has a CHANGELOG.md at the project root that always contains an unreleased section where you want Dependabot updates to be written under ### Dependencies:
name: Dependabot Changelog Entry
on:
pull_request:
types: [opened, reopened]
branches: [main] # Your default branch
jobs:
update-changelog:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
permissions:
contents: write # needed for pushing changes
steps:
- uses: actions/checkout@v4
- uses: crambl/dependabot-changelog-writer@trunk # Always use the latest RELEASED version of this actionIf you have CI checks that are invalidated by in-workflow pushes you can add a PAT to make CI trigger on the push
- uses: crambl/dependabot-changelog-writer@trunk
with:
push-token: ${{ secrets.PAT_PUSH }} # Just needs 'public_repo' scope if your repo is public otherwise needs 'repo'jobs:
update-changelog:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
permissions:
contents: write # Needed for pushing commit
steps:
- uses: actions/checkout@v4
- uses: crambl/dependabot-changelog-writer@trunk # or specific tag
with:
# Path of the changelog relative to the project root
# default: './CHANGELOG.md'
changelog: ''
# Template string defining how dependency updates are formatted in changelog entries.
# Uses [dep], [old], [new], [pr-link] as placeholder tokens for dependency name, old version,
# new version, and pull request link respectively.
#
# Tokens must appear in order: [dep], [old], [new].
#
# The [pr-link] token is optional and may be specified at any position.
#
# Examples:
# - Pattern: '[dep]: [old] → [new]' produces 'npm: 1.0 → 1.2'
# - Pattern: 'Bump [dep] from [old] to [new]' produces 'Bump npm from 1.0 to 1.2'
# - Pattern: 'Bump [dep] from [old] to [new] ([pr-link])' produces 'Bump npm from 1.0 to 1.2 ([#1](https://github.com/user/repo/pull/1))'
# default: '[dep]: [old] → [new] ([pr-link])'
changelog-entry-pattern: ''
# The commit message for the changelog entry
# default: 'Updated changelog with updated dependencies'
commit-message: ''
# The name of the custom committer you want to use
# default: 'github-actions[bot]'
committer-name: ''
# The email of the custom committer you want to use
# default: 'github-actions[bot]@users.noreply.github.com'
committer-email: ''
# The version/H2 header to find in the CHANGELOG to add dependabot entries to
# matches whether or not the version is in brackets e.g. [0.1.0] and 0.1.0 are
# both valid. if set to 'unreleased' it will match 'unreleased' case-insensitive.
# default: 'unreleased'
version: ''
# The section/H3 header to add the changelog entry under
# default: 'Dependencies'
section-header: ''
# Whether or not to add, commit, & push the modified changelog
# Note: If no changes are made, no commit is made either
# default: 'true'
push-changes: ''
# The GitHub token to use for git push
# default: ${{ github.token }}
# Note: Default token won't re-trigger workflows. Use a PAT if workflows should be re-triggered
push-token: ''
# The GitHub token to use for downloading the action
# default: ${{ github.token }}
action-download-token: ''From a dependabot PR:
- Write a changelog entry that describes the update actions performed by dependabot on the given PR
- Commit & push the changes to the remote.
By default dependabot-changelog-writer generates entries under unreleased of the form:
### Dependencies
- `dep`: [semver|SHA] → [semver|SHA]
- `foo`: 0.1.0 → 0.1.1
- `bar`: a05e0b3f9c28fe07bcde3e39bbb5765700925e49 -> 0ec44a1a9af25375e675218f48f0aaa1026ffc6d
- `baz`: `9618fa7` -> `2ef0ff8`Then commits and pushes the changes to the current branch.
dependabot-changelog-writer runs are idempotent, if you rerun it there will be no new changes to the changelog and no commit is created.
- Dependabot bumped a dependency from one Git SHA to another
- A submodule was updated to another short SHA
- The
Dependenciessection already contains an entry likebump X from A to B- Handled by replacing that entry withbump X from A to C - Branch is checked out detached from HEAD (e.g. workflow triggered by opened pull request) - Locates HEAD from remote before committing
An alternative to this action is to combine a solution to generate changelog entries with a solution to add, commit, & push changes. If you have or know of a solution and it is not listed here, please make an issue so I can add it.