Created
July 12, 2018 18:57
-
-
Save skeggse/e223b2ebf92f3de20baa424b5e821312 to your computer and use it in GitHub Desktop.
Notify dependabot of a new version of a private npm module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # this script requires curl, jq, and npm to be available in the PATH | |
| # it also requires a github access token (with org read access) to be in ~/.dependabotrc.json in | |
| # this form: | |
| # {"github_token":"<token>"} | |
| if [[ "$#" -lt 1 ]]; then | |
| echo "usage: $0 <package_name>" >&2 | |
| exit 1 | |
| fi | |
| package="$1" | |
| version="$(npm info "$package" version)" | |
| echo "using $package@$version" | |
| token="$(jq -r .github_token ~/.dependabotrc.json)" | |
| payload="$(jq -n --arg package "$package" --arg version "$version" '{"name":$package,"version":$version,"package-manager":"npm_and_yarn"}')" | |
| curl -i -H 'content-type: application/json' -H "authorization: Personal $token" -d "$payload" https://api.dependabot.com/release_notifications/private; echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment