{"id":29427496,"url":"https://github.com/phucbm/dependabot-release-action","last_synced_at":"2025-07-12T13:09:00.457Z","repository":{"id":302387493,"uuid":"1012278068","full_name":"phucbm/dependabot-release-action","owner":"phucbm","description":"A GitHub Action that automatically creates releases when Dependabot merges PRs to the main branch.","archived":false,"fork":false,"pushed_at":"2025-07-02T05:26:49.000Z","size":24,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-02T06:25:24.950Z","etag":null,"topics":["actions","dependabot","release-automation"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/dependabot-release-action","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phucbm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-02T05:13:07.000Z","updated_at":"2025-07-02T05:26:52.000Z","dependencies_parsed_at":"2025-07-02T06:25:30.289Z","dependency_job_id":"35e24fdb-00d2-4a24-8dfb-347bb2462c47","html_url":"https://github.com/phucbm/dependabot-release-action","commit_stats":null,"previous_names":["phucbm/auto-release-action"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/phucbm/dependabot-release-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phucbm%2Fdependabot-release-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phucbm%2Fdependabot-release-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phucbm%2Fdependabot-release-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phucbm%2Fdependabot-release-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phucbm","download_url":"https://codeload.github.com/phucbm/dependabot-release-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phucbm%2Fdependabot-release-action/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264995711,"owners_count":23695016,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","dependabot","release-automation"],"created_at":"2025-07-12T13:08:59.281Z","updated_at":"2025-07-12T13:09:00.441Z","avatar_url":"https://github.com/phucbm.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dependabot Release Action\n\n[![github stars](https://badgen.net/github/stars/phucbm/dependabot-release-action?icon=github)](https://github.com/phucbm/dependabot-release-action/)\n[![github license](https://badgen.net/github/license/phucbm/dependabot-release-action?icon=github)](https://github.com/phucbm/dependabot-release-action/blob/main/LICENSE)\n[![Made in Vietnam](https://raw.githubusercontent.com/webuild-community/badge/master/svg/made.svg)](https://webuild.community)\n\nA GitHub Action that automatically creates releases when Dependabot merges PRs to the main branch. Perfect for automating dependency update releases without manual intervention.\n\n## Features\n```\n┌─────────────┐    ┌─────────────┐    ┌─────────────┐    ┌─────────────┐\n│   DETECT    │───▶│   VERSION   │───▶│   RELEASE   │───▶│   NOTIFY    │\n└─────────────┘    └─────────────┘    └─────────────┘    └─────────────┘\n       │                   │                   │                   │\n       ▼                   ▼                   ▼                   ▼\n   Dependabot push     Calculate new       Create Git tag      Generate notes\n   Filter by actor     version from        Create GitHub       Professional\n   Exit if not bot     current + bump      release draft       release page\n```\n\n## Quick Start\n\n1. **Create Workflow File**\n   Create `.github/workflows/dependabot-release.yml`:\n\n```yaml\nname: Dependabot Release\n\non:\n  push:\n    branches: [main]\n\npermissions:\n  contents: write  # To create tags and releases\n\njobs:\n  release:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Dependabot Release\n        uses: phucbm/dependabot-release-action@v1\n        with:\n          version-bump: 'patch'  # Always patch for dependency updates\n```\n\n2. **That's it!** 🎉\n   - When Dependabot merges PRs, releases are automatically created\n   - Each release gets a patch version bump (1.0.0 → 1.0.1)\n   - Release notes are auto-generated from commit messages\n   - Perfect for triggering publish workflows\n\n## Inputs\n\n| Input | Description | Required | Default |\n|-------|-------------|----------|---------|\n| `version-bump` | Version bump type (patch, minor, major) | ❌ No | `patch` |\n| `github-token` | GitHub token for creating releases | ❌ No | `${{ github.token }}` |\n| `create-tag` | Create git tag for the release | ❌ No | `true` |\n| `release-notes` | Generate release notes from commits | ❌ No | `true` |\n\n## Outputs\n\n| Output | Description |\n|--------|-------------|\n| `version` | The new version that was released |\n| `tag` | The git tag created |\n| `release-url` | URL of the created release |\n\n## Usage Examples\n\n**Basic setup** (patch bumps only):\n```yaml\n- name: Dependabot Release\n  uses: phucbm/dependabot-release-action@v1\n```\n\n**Custom version bumping:**\n```yaml\n- name: Dependabot Release\n  uses: phucbm/dependabot-release-action@v1\n  with:\n    version-bump: 'minor'  # For minor dependency updates\n```\n\n**Minimal releases** (no auto-generated notes):\n```yaml\n- name: Dependabot Release\n  uses: phucbm/dependabot-release-action@v1\n  with:\n    release-notes: 'false'\n```\n\n## Advanced Usage\n\n**Using outputs for notifications:**\n```yaml\n- name: Dependabot Release\n  id: release\n  uses: phucbm/dependabot-release-action@v1\n\n- name: Notify Success\n  if: steps.release.outputs.version\n  run: |\n    echo \"Released version ${{ steps.release.outputs.version }}\"\n    echo \"Release URL: ${{ steps.release.outputs.release-url }}\"\n```\n\n**Custom GitHub token:**\n```yaml\n- name: Dependabot Release\n  uses: phucbm/dependabot-release-action@v1\n  with:\n    github-token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}\n```\n\n## How It Works\n\n```\n🎯 DETECTION PHASE\n   └── Check if push was made by dependabot[bot]\n   └── Exit early if not a Dependabot push\n   └── Ensure we only run for dependency updates\n\n📦 VERSION CALCULATION\n   └── Read current version from package.json\n   └── Calculate new version based on bump type\n   └── Support semantic versioning (major.minor.patch)\n   └── Handle edge cases and invalid versions\n\n🏷️ RELEASE CREATION\n   └── Create annotated Git tag with new version\n   └── Push tag to repository\n   └── Generate release notes from recent commits\n   └── Create GitHub release with professional formatting\n\n✨ NOTIFICATION\n   └── Provide outputs for downstream workflows\n   └── Log comprehensive summary\n   └── Ready to trigger publish workflows\n```\n\n## Integration with Publishing\n\nThis action is designed to work seamlessly with publishing workflows:\n\n**Complete automation pipeline:**\n```yaml\n# 1. Dependabot Release (this action)\nname: Dependabot Release\non:\n  push:\n    branches: [main]\njobs:\n  release:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: phucbm/dependabot-release-action@v1\n\n# 2. Auto Publish (separate workflow)\nname: Publish Package\non:\n  release:\n    types: [published]\njobs:\n  publish:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: phucbm/publish-npm-action@v1\n        with:\n          npm-token: ${{ secrets.NPM_TOKEN }}\n```\n\n## Example Release Output\n\n**Auto-generated release notes:**\n```\n🤖 Automated release triggered by Dependabot dependency updates.\n\n## What's Changed\n- chore(deps-dev): bump @types/node from 18.0.0 to 18.1.0\n- chore(deps): bump express from 4.18.0 to 4.18.1\n\n## Details\n- 📦 Version bump: patch\n- 🤖 Triggered by: dependabot[bot]\n- ℹ️ Note: Package.json will be updated by the publish workflow\n\n---\nAutomated by Dependabot Release Action by @phucbm\n```\n\n## Version Bump Types\n\n| Bump Type | Current | New | Use Case |\n|-----------|---------|-----|----------|\n| `patch` | 1.0.0 | 1.0.1 | Bug fixes, dependency updates |\n| `minor` | 1.0.0 | 1.1.0 | New features, minor updates |\n| `major` | 1.0.0 | 2.0.0 | Breaking changes |\n\n**Recommendation**: Use `patch` for Dependabot updates since they typically don't introduce breaking changes.\n\n## Workflow Integration\n\n**Perfect for Dependabot automation:**\n```yaml\n# .github/workflows/dependabot-automation.yml\nname: Dependabot Automation\n\non:\n  pull_request:\n    types: [opened, synchronize]\n  issue_comment:\n    types: [created]\n  push:\n    branches: [main]\n\npermissions:\n  contents: write\n  pull-requests: write\n  issues: write\n\njobs:\n  # Step 1: Test PRs\n  test:\n    if: github.event_name == 'pull_request' || contains(github.event.comment.body, '/test')\n    runs-on: ubuntu-latest\n    steps:\n      - uses: phucbm/test-pr-action@v1\n        with:\n          dependabot-auto-merge: 'true'\n\n  # Step 2: Dependabot Release after merge\n  release:\n    if: github.event_name == 'push'\n    runs-on: ubuntu-latest\n    steps:\n      - uses: phucbm/dependabot-release-action@v1\n```\n\n## Requirements\n\n- Repository must have a `package.json` file for version detection\n- Workflow must have `contents: write` permission for creating tags and releases\n- Works best with semantic versioning (e.g., `1.2.3`)\n\n## Troubleshooting\n\n**Action doesn't trigger**\n- Ensure the push was made by `dependabot[bot]`\n- Check that workflow has `contents: write` permission\n- Verify the action runs only on push to main branch\n\n**Invalid version errors**\n- Ensure `package.json` has a valid semantic version\n- Check that version follows `major.minor.patch` format\n\n**Tag creation fails**\n- Verify GitHub token has permission to push tags\n- Check if tag already exists (action won't overwrite)\n\n**Release creation fails**\n- Ensure workflow has `contents: write` permission\n- Check GitHub token permissions for repository\n\n## Best Practices\n\n1. **Use with Dependabot** for automatic dependency management\n2. **Combine with test workflows** to ensure quality before release\n3. **Set up publish workflows** to trigger on release creation\n4. **Monitor release notes** for dependency update summaries\n5. **Use patch bumps** for dependency updates (safe default)\n\n## Important Notes\n\n- **Package.json versioning**: This action only creates tags and releases. It does NOT update `package.json` - leave that for your publish workflow to avoid conflicts.\n- **Dependabot-only**: Only triggers for pushes made by `dependabot[bot]` to prevent unintended releases.\n- **Semantic versioning**: Assumes your project follows semantic versioning practices.\n\n## License\n\nMIT License - feel free to use in your projects!\n\n## Contributing\n\nIssues and pull requests welcome! This action is designed to be simple, reliable, and focused on Dependabot automation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphucbm%2Fdependabot-release-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphucbm%2Fdependabot-release-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphucbm%2Fdependabot-release-action/lists"}