Skip to content

octoaustenstone/dependabot-secrets-sync

BranchesTags
 
 

Repository files navigation

Dependabot Secrets Sync

Sync secrets from GitHub Actions to Dependabot.

Usage

Create a workflow (eg: .github/workflows/dependabot-secrets-sync). See Creating a Workflow file.

PAT(Personal Access Token)

You will need to create a PAT(Personal Access Token) that has repo access.

Add this PAT as a secret so we can use it as input github-token, see Creating encrypted secrets for a repository.

Organizations

If your organization has SAML enabled you must authorize the PAT, see Authorizing a personal access token for use with SAML single sign-on.

Example

name: Usage
on:
  schedule:
    - cron: "0 0 * * *" # every day at midnight

jobs:
  run:
    runs-on: ubuntu-latest
    steps:
      - uses: austenstone/dependabot-secrets-sync@main
        with:
          github-token: ${{ secrets.TOKEN }}
        env:
          SECRETS: ${{ toJson(secrets) }} # IMPORTANT: pass all secrets to the action

Example Include List

      - uses: austenstone/dependabot-secrets-sync@main
        with:
          github-token: ${{ secrets.TOKEN }}
          secrets-include: |
            MY_SECRET
            MY_OTHER_SECRET
        env:
          SECRETS: ${{ toJson(secrets) }} # IMPORTANT: pass all secrets to the action

Example Exclude List

      - uses: austenstone/dependabot-secrets-sync@main
        with:
          github-token: ${{ secrets.TOKEN }}
          secrets-exclude: |
            GITHUB_TOKEN
            SUPER_SECRET
        env:
          SECRETS: ${{ toJson(secrets) }} # IMPORTANT: pass all secrets to the action

Example Organization

      - uses: austenstone/dependabot-secrets-sync@main
        with:
          github-token: ${{ secrets.TOKEN }}
          organization: my-org
          secrets-exclude: |
            GITHUB_TOKEN
            SUPER_SECRET
        env:
          SECRETS: ${{ toJson(secrets) }} # IMPORTANT: pass all secrets to the action

Important

You must pass all secrets to the action via the SECRETS environment variable!

➡️ Inputs

Various inputs are defined in action.yml:

Name Description Default
github-token The GitHub token used to create an authenticated client ${{ github.token }}
organization Optional organization to run the workflow on. ${{ github.organization }}
owner Optional repository owner to run the workflow on. ${{ github.repository_owner }}
repo Optional repository name to run the workflow on. ${{ github.repository }}
secrets-include Optional list of secrets to include in the action payload. []
secrets-excluded Optional list of secrets to exclude from the action payload. ["GITHUB_TOKEN"]

Further help

To get more help on the Actions see documentation.

About

Sync GitHub Actions secrets to Dependabot secrets

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 100.0%