{"id":16123595,"url":"https://github.com/austenstone/dependabot-secrets-sync","last_synced_at":"2025-03-18T12:31:25.299Z","repository":{"id":254315948,"uuid":"846171937","full_name":"austenstone/dependabot-secrets-sync","owner":"austenstone","description":"Sync GitHub Actions secrets to Dependabot secrets","archived":false,"fork":false,"pushed_at":"2024-08-26T17:50:44.000Z","size":21471,"stargazers_count":4,"open_issues_count":5,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-16T20:01:43.898Z","etag":null,"topics":["actions","dependabot","github","secrets"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/austenstone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["austenstone"]}},"created_at":"2024-08-22T17:06:19.000Z","updated_at":"2025-03-12T16:04:46.000Z","dependencies_parsed_at":"2024-08-26T20:46:23.945Z","dependency_job_id":null,"html_url":"https://github.com/austenstone/dependabot-secrets-sync","commit_stats":null,"previous_names":["austenstone/dependabot-secrets-sync"],"tags_count":3,"template":false,"template_full_name":"austenstone/action-typescript","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austenstone%2Fdependabot-secrets-sync","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austenstone%2Fdependabot-secrets-sync/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austenstone%2Fdependabot-secrets-sync/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austenstone%2Fdependabot-secrets-sync/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/austenstone","download_url":"https://codeload.github.com/austenstone/dependabot-secrets-sync/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244222392,"owners_count":20418505,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","dependabot","github","secrets"],"created_at":"2024-10-09T21:17:35.592Z","updated_at":"2025-03-18T12:31:24.780Z","avatar_url":"https://github.com/austenstone.png","language":"TypeScript","funding_links":["https://github.com/sponsors/austenstone"],"categories":[],"sub_categories":[],"readme":"# Dependabot Secrets Sync\n\nSync secrets from GitHub Actions to Dependabot.\n\n## Usage\nCreate a workflow (eg: `.github/workflows/dependabot-secrets-sync`). See [Creating a Workflow file](https://help.github.com/en/articles/configuring-a-workflow#creating-a-workflow-file).\n\n\n### PAT(Personal Access Token)\n\nYou will need to create a PAT(Personal Access Token) that has `repo` access.\n\n[click here to create PAT](https://github.com/settings/tokens/new?description=dependabot-secrets-sync\u0026scopes=repo%2Cadmin%3Aorg)\n\nAdd this PAT as a secret so we can use it as input `github-token`, see [Creating encrypted secrets for a repository](https://docs.github.com/en/enterprise-cloud@latest/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository).\n\n### Organizations\n\nIf your organization has SAML enabled you must authorize the PAT, see [Authorizing a personal access token for use with SAML single sign-on](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).\n\n\u003e [!IMPORTANT]  \n\u003e You must pass all secrets to the action via the `SECRETS` environment variable!\n\n```yml\n        env:\n          SECRETS: ${{ toJson(secrets) }} # IMPORTANT: pass all secrets to the action\n```\n\n#### Example\n\n```yml\nname: Usage\non:\n  schedule:\n    - cron: \"0 0 * * *\" # every day at midnight\n\njobs:\n  run:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: austenstone/dependabot-secrets-sync@main\n        with:\n          github-token: ${{ secrets.TOKEN }}\n        env:\n          SECRETS: ${{ toJson(secrets) }} # IMPORTANT: pass all secrets to the action\n```\n\n#### Example Include List\n```yml\n        with:\n          secrets-include: |\n            MY_SECRET\n            MY_OTHER_SECRET\n```\n\n#### Example Exclude List\n```yml\n        with:\n          secrets-exclude: |\n            SUPER_SECRET\n            SUPER_OTHER_SECRET\n```\n\n#### Example Organization\n```yml\n        with:\n          github-token: ${{ secrets.TOKEN }}\n          organization: my-org\n          secrets-exclude: |\n            SUPER_SECRET\n```\n\n#### Example Organization select repos\n```yml\n        with:\n          organization: my-org\n          visibility: selected\n          visibility-repos: |\n            my-repo\n            my-other-repo\n```\n\n## ➡️ Inputs\nVarious inputs are defined in [`action.yml`](action.yml):\n\n| Name | Description | Default |\n| --- | --- | --- |\n| github-token | The GitHub token used to create an authenticated client | ${{ github.token }} |\n| organization | Optional organization to run the workflow on. |  |\n| owner | Optional repository owner to run the workflow on. | ${{ github.repository_owner }} |\n| repo | Optional repository name to run the workflow on. | ${{ github.repository }} |\n| secrets-include | Optional list of secrets to include in the action payload. |  |\n| secrets-exclude | Optional list of secrets to exclude from the action payload. |  |\n| visibility | When using organization secrets. all, private, or selected | private |\n| visibility-repos | When using organization secrets. List of repositories to share the secret with. |  |\n\n\u003c!-- \n## ⬅️ Outputs\n| Name | Description |\n| --- | - |\n| output | The output. |\n--\u003e\n\n## Further help\nTo get more help on the Actions see [documentation](https://docs.github.com/en/actions).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faustenstone%2Fdependabot-secrets-sync","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faustenstone%2Fdependabot-secrets-sync","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faustenstone%2Fdependabot-secrets-sync/lists"}