Add report file

.github/workflows/ci.yml

@@ -1,119 +0,0 @@
-name: CI
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-      - uses: actions/setup-python@v2
-        with:
-          python-version: '3.x'
-      - run: npm ci
-      - run: npm run clean
-      - run: npm run test
-      - run: npm run package
-      - uses: actions/upload-artifact@v2
-        with:
-          name: dist
-          path: dist
-
-  test:
-    needs: [build]
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        target: [built, committed]
-    steps:
-      - if: github.event_name == 'push'
-        uses: actions/checkout@v2
-      - if: github.event_name == 'pull_request'
-        uses: actions/checkout@v2
-        with:
-          ref: ${{ github.head_ref }}
-      - if: matrix.target == 'built'
-        uses: actions/download-artifact@v2
-        with:
-          name: dist
-          path: dist
-
-      - name: Create change
-        run: date +%s > report.txt
-
-      - name: Create Pull Request
-        id: cpr
-        uses: ./
-        with:
-          commit-message: '[CI] test ${{ matrix.target }}'
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          title: '[CI] test ${{ matrix.target }}'
-          body: |
-            - CI test case for target '${{ matrix.target }}'
-
-            Auto-generated by [create-pull-request][1]
-
-            [1]: https://github.com/peter-evans/create-pull-request
-          branch: ci-test-${{ matrix.target }}
-
-      - name: Close Pull
-        uses: peter-evans/close-pull@v1
-        with:
-          pull-request-number: ${{ steps.cpr.outputs.pr_number }}
-          comment: '[CI] test ${{ matrix.target }}'
-          delete-branch: true
-
-  commentTestSuiteHelp:
-    if: github.event_name == 'pull_request'
-    needs: [test]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Find Comment
-        uses: peter-evans/find-comment@v1
-        id: fc
-        with:
-          issue-number: ${{ github.event.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: Full test suite slash command
-
-      - if: steps.fc.outputs.comment-id == ''
-        name: Create comment
-        uses: peter-evans/create-or-update-comment@v1
-        with:
-          issue-number: ${{ github.event.number }}
-          body: |
-            Full test suite slash command (repository admin only)
-            ```
-            /test repository=${{ github.event.pull_request.head.repo.full_name }} branch=${{ github.event.pull_request.head.ref }} build=true
-            ```
-
-  package:
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
-    needs: [test]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: dist
-          path: dist
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v2
-        with:
-          commit-message: Update distribution
-          committer: GitHub <noreply@github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          title: Update distribution
-          body: |
-            - Updates the distribution for changes on `master`
-
-            Auto-generated by [create-pull-request][1]
-
-            [1]: https://github.com/peter-evans/create-pull-request
-          branch: update-distribution

README.md

@@ -49,7 +49,7 @@ All inputs are **optional**. If not set, sensible default values will be used.
 | `labels` | A comma separated list of labels. | |
 | `assignees` | A comma separated list of assignees (GitHub usernames). | |
 | `reviewers` | A comma separated list of reviewers (GitHub usernames) to request a review from. | |
-| `team-reviewers` | A comma separated list of GitHub teams to request a review from. A `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) may be required. See [this issue](https://github.com/peter-evans/create-pull-request/issues/155). | |
+| `team-reviewers` | A comma separated list of GitHub teams to request a review from. | |
 | `milestone` | The number of the milestone to associate this pull request with. | |
 | `project` | The name of the project for which a card should be created. Requires `project-column`. | |
 | `project-column` | The name of the project column under which a card should be created. Requires `project`. | |

dist/cpr/requirements.txt

@@ -1,4 +1,2 @@
-setuptools==46.1.3
-wheel==0.34.2
-GitPython==3.1.1
-PyGithub==1.50
+GitPython==3.1.0
+PyGithub==1.47

docs/concepts-guidelines.md

@@ -129,7 +129,7 @@ There are a number of workarounds with different pros and cons.
 - Use the default `GITHUB_TOKEN` and allow the action to create pull requests that have no checks enabled. Manually close pull requests and immediately reopen them. This will enable `on: pull_request` workflows to run and be added as checks.
 - Use a `repo` scoped [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and [recommended by GitHub](https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token). However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements) that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.
 - Use [SSH (deploy keys)](#push-using-ssh-deploy-keys) to push the pull request branch. This is arguably more secure than using a PAT because deploy keys can be set per repository. However, this method will only trigger `on: push` workflows.
-- Use a [machine account that creates pull requests from its own fork](#push-pull-request-branches-to-a-fork). This is the most secure because the PAT created only grants access to the machine account's fork, not the main repository. This method will trigger `on: pull_request` workflows to run. Workflows triggered `on: push` will not run because the push event is in the fork.
+- Use a [machine account that creates pull requests from its own fork](#push-pull-request-branches-to-a-fork). This is the most secure because the PAT created only has access to its own fork, not the main repository. This method will trigger `on: pull_request` workflows to run. Workflows triggered `on: push` will not run because the push event is in the fork.
 
 ### Security
 

package.json

@@ -23,14 +23,14 @@
   },
   "homepage": "https://github.com/peter-evans/create-pull-request",
   "dependencies": {
-    "@actions/core": "1.2.0",
-    "@actions/exec": "1.0.2",
-    "@actions/tool-cache": "1.1.2",
-    "is-docker": "2.0.0"
+    "@actions/core": "^1.1.1",
+    "@actions/exec": "^1.0.1",
+    "@actions/tool-cache": "^1.1.2",
+    "is-docker": "^2.0.0"
   },
   "devDependencies": {
     "@zeit/ncc": "0.22.1",
     "eslint": "6.8.0",
-    "jest": "25.5.3"
+    "jest": "25.3.0"
   }
 }

renovate.json

@@ -1,11 +1,5 @@
 {
   "extends": [
     "config:base"
-  ],
-  "packageRules": [
-    {
-      "depTypeList": ["devDependencies"],
-      "automerge": true
-    }
   ]
 }

report.txt

@@ -0,0 +1 @@
+1586506368

src/cpr/requirements.txt

@@ -1,4 +1,2 @@
-setuptools==46.1.3
-wheel==0.34.2
-GitPython==3.1.1
-PyGithub==1.50
+GitPython==3.1.0
+PyGithub==1.47