Skip to content

README.md

Latest commit

 

History

History
101 lines (68 loc) · 3.05 KB

README.md

File metadata and controls

101 lines (68 loc) · 3.05 KB

packagist/conductor-github-action

Automatic dependency updates for Composer - tailor-made for PHP. Apply security patches within minutes and never worry about being too far behind on updates again.

About

Configure this GitHub Action for Conductor to run Composer updates in your CI environment.

The GitHub Action requires a Private Packagist account. Follow our setup guide to get started.

Dependencies

PHP and Composer are required and can be setup using the Setup PHP GitHub Action.

Supported are PHP >= 7.2 and Composer >= 2.7.0.

Usage

The GitHub Action gets triggered via the dependency_update repository_dispatch event and requires content:write permissions to commit any changes made by the composer update command using the GitHub API. The GitHub Action can then be used as a step within a job.

Create any config files and start any services that are required to run composer install/update before the Conductor step.

on:
    repository_dispatch:
        types:
            - dependency_update

name: Private Packagist Conductor

permissions:
    contents: write

jobs:
    conductor:
        name: Private Packagist Conductor
        runs-on: "ubuntu-latest"

        steps:
            - uses: actions/checkout@v4

            - name: Install PHP
              uses: "shivammathur/setup-php@v2"
              with:
                  php-version: "latest"

            # Set up any necessary config files or database here before composer install is run

            - name: "Running Conductor"
              uses: packagist/conductor-github-action

Input Parameters

file_pattern

The file_pattern input parameter allows you to configure which changed files should be included as part of the commit created by the GitHub action.

For example:

- uses: packagist/conductor-github-action
  with:
      file_pattern: "composer.*"

skip_git_hooks

The skip_git_hooks input parameter allows you to disable any git hooks that get installed as part of the GitHub Action e.g. during composer install or update.

For example:

- uses: packagist/conductor-github-action
  with:
    skip_git_hooks: "true"

packagist_url

The packagist_url input parameter sets the base URL of the Private Packagist instance that dispatches this action. Webhook callbacks in the dispatched payload must point at a URL under this prefix; any other host is refused before the action makes the HTTP request, preventing a hostile payload from redirecting the webhook (and its credentials) to an attacker-controlled server.

The default is https://packagist.com. Override it only when running a Private Packagist Self-Hosted installation:

- uses: packagist/conductor-github-action
  with:
      packagist_url: "https://packagist.example.com"

Copyright and License

The GitHub Action is licensed under the MIT License.