|
| 1 | +# @e18e/action-dependency-diff |
| 2 | + |
| 3 | +> A GitHub action for reporting differences in dependencies between two branches or commits. |
| 4 | +
|
| 5 | +## What it does |
| 6 | + |
| 7 | +This action compares dependencies between your base branch and current branch, analyzing potential security and maintenance concerns: |
| 8 | + |
| 9 | +- 🔒 **Provenance changes** - Detects loss of provenance |
| 10 | +- ✅ **Trusted publisher changes** - Detects loss of trusted publish status |
| 11 | +- 📈 **Dependency growth** - Warns when dependency count increases significantly |
| 12 | +- 📦 **Install size** - Warns when package size increases significantly |
| 13 | + |
| 14 | +## Usage |
| 15 | + |
| 16 | +```yaml |
| 17 | +name: Dependency Diff |
| 18 | + |
| 19 | +on: |
| 20 | + pull_request: |
| 21 | + types: [opened] |
| 22 | + |
| 23 | +jobs: |
| 24 | + diff_dependencies: |
| 25 | + runs-on: ubuntu-latest |
| 26 | + permissions: |
| 27 | + pull-requests: write |
| 28 | + steps: |
| 29 | + - name: Checkout repository |
| 30 | + uses: actions/checkout@v4 |
| 31 | + - name: Create Diff |
| 32 | + uses: e18e/action-dependency-diff@main |
| 33 | +``` |
| 34 | +
|
| 35 | +## Inputs |
| 36 | +
|
| 37 | +| Name | Description | Required | Default | |
| 38 | +|------|-------------|----------|---------| |
| 39 | +| `base-ref` | Base ref to compare against (defaults to main or PR target) | Yes | `main` | |
| 40 | +| `github-token` | The GitHub token for authentication | Yes | `${{ github.token }}` | |
| 41 | +| `pr-number` | The number of the pull request to comment on | Yes | `${{ github.event.pull_request.number }}` | |
| 42 | +| `dependency-threshold` | Threshold for warning about significant increase in number of dependencies | No | `10` | |
| 43 | +| `size-threshold` | Threshold (in bytes) for warning about significant increase in package size | No | `100000` | |
| 44 | + |
| 45 | +## Example with custom inputs |
| 46 | + |
| 47 | +```yaml |
| 48 | +- name: Create Diff |
| 49 | + uses: e18e/action-dependency-diff@main |
| 50 | + with: |
| 51 | + base-ref: 'develop' |
| 52 | + dependency-threshold: '5' |
| 53 | + size-threshold: '50000' |
| 54 | +``` |
| 55 | + |
| 56 | +## Supported package managers |
| 57 | + |
| 58 | +- npm (package.json) |
| 59 | +- Yarn (package.json) |
| 60 | +- pnpm (package.json) |
| 61 | + |
| 62 | +## Permissions |
| 63 | + |
| 64 | +The action requires the following permissions: |
| 65 | + |
| 66 | +```yaml |
| 67 | +permissions: |
| 68 | + pull-requests: write # To comment on pull requests |
| 69 | +``` |
| 70 | + |
| 71 | +## License |
| 72 | + |
| 73 | +MIT |
0 commit comments