https://github.com/dentarg/gem-compare
GitHub Action to show what changed when Dependabot bumps a Ruby gem
https://github.com/dentarg/gem-compare
gem github-actions ruby security
Last synced: 5 months ago
JSON representation
GitHub Action to show what changed when Dependabot bumps a Ruby gem
- Host: GitHub
- URL: https://github.com/dentarg/gem-compare
- Owner: dentarg
- Created: 2022-06-25T08:41:36.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2025-12-30T23:52:32.000Z (6 months ago)
- Last Synced: 2026-01-03T06:31:14.583Z (6 months ago)
- Topics: gem, github-actions, ruby, security
- Language: Ruby
- Homepage:
- Size: 178 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Gem Compare
Reads the lockfile (`Gemfile.lock` by default) diff and posts comments with the output from `gem compare` and `gem compare --diff` for the gems that changed version.
Uses https://rubygems.org/gems/skillnad (https://github.com/dentarg/skillnad).
To use in your repo, add a workflow like this:
````yaml
name: Gem Compare
on:
pull_request_target:
types:
- opened
- reopened
permissions:
contents: read
pull-requests: write
jobs:
compare:
if: github.actor == 'dependabot[bot]' && startsWith(github.head_ref, 'dependabot/bundler/')
runs-on: ubuntu-latest
steps:
- uses: dentarg/gem-compare@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
````
With the above workflow, to re-run the action, have Dependabot close and re-open the pull request:
```bash
gh pr comment --body '@dependabot close' NUM
gh pr comment --body '@dependabot reopen' NUM
````