Skip to content

GitHub Action to show what changed when Dependabot bumps a Ruby gem

Notifications You must be signed in to change notification settings

dentarg/gem-compare

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

65 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Gem Compare

Reads the lockfile (Gemfile.lock by default) diff and posts comments with the output from gem compare and gem compare --diff for the gems that changed version.

Uses https://rubygems.org/gems/gem-compare (https://github.com/fedora-ruby/gem-compare).

To use in your repo, add a workflow like this:

name: Gem Compare

on:
  pull_request_target:
    types:
      - opened
      - reopened

permissions:
  contents: read
  pull-requests: write

jobs:
  compare:
    if: github.actor == 'dependabot[bot]' && startsWith(github.head_ref, 'dependabot/bundler/')
    runs-on: ubuntu-latest
    steps:
      - uses: dentarg/gem-compare@v1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

With the above workflow, to re-run the action, have Dependabot close and re-open the pull request:

gh pr comment --body '@dependabot close' NUM
gh pr comment --body '@dependabot reopen' NUM