@@ -24,14 +24,14 @@ jobs:
2424 id : dependabot-metadata
2525 uses :
dependabot/[email protected] 2626 with :
27- github-token : " ${{ secrets.GITHUB_TOKEN }}"
2827 alert-lookup : true
2928` ` `
3029
3130Supported inputs are:
3231
33- - ` github-token` (REQUIRED string)
32+ - ` github-token` (string)
3433 - The `GITHUB_TOKEN` secret
34+ - Defaults to `${{ github.token }}`
3535- ` alert-lookup` (boolean)
3636 - If `true`, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs.
3737 - Defaults to `false`
8888 - name: Dependabot metadata
8989 id: dependabot-metadata
9090 uses: dependabot/[email protected] 91- with:
92- github-token: "${{ secrets.GITHUB_TOKEN }}"
9391 - name: Approve a PR
9492 run: gh pr review --approve "$PR_URL"
9593 env:
@@ -118,8 +116,6 @@ jobs:
118116 - name: Dependabot metadata
119117 id: dependabot-metadata
120118 uses: dependabot/[email protected] 121- with:
122- github-token: "${{ secrets.GITHUB_TOKEN }}"
123119 - name: Enable auto-merge for Dependabot PRs
124120 if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
125121 run: gh pr merge --auto --merge "$PR_URL"
@@ -149,8 +145,6 @@ jobs:
149145 - name: Dependabot metadata
150146 id: dependabot-metadata
151147 uses: dependabot/[email protected] 152- with:
153- github-token: "${{ secrets.GITHUB_TOKEN }}"
154148 - name: Add a label for all production dependencies
155149 if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
156150 run: gh pr edit "$PR_URL" --add-label "production"
0 commit comments