Merge pull request #168 from peter-evans/renovate/jest-monorepo

Update dependency jest to v25.5.3

.github/workflows/ci.yml

@@ -0,0 +1,119 @@
+name: CI
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: 12.x
+      - uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - run: npm ci
+      - run: npm run clean
+      - run: npm run test
+      - run: npm run package
+      - uses: actions/upload-artifact@v2
+        with:
+          name: dist
+          path: dist
+
+  test:
+    needs: [build]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target: [built, committed]
+    steps:
+      - if: github.event_name == 'push'
+        uses: actions/checkout@v2
+      - if: github.event_name == 'pull_request'
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.head_ref }}
+      - if: matrix.target == 'built'
+        uses: actions/download-artifact@v2
+        with:
+          name: dist
+          path: dist
+
+      - name: Create change
+        run: date +%s > report.txt
+
+      - name: Create Pull Request
+        id: cpr
+        uses: ./
+        with:
+          commit-message: '[CI] test ${{ matrix.target }}'
+          committer: GitHub <noreply@github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          title: '[CI] test ${{ matrix.target }}'
+          body: |
+            - CI test case for target '${{ matrix.target }}'
+
+            Auto-generated by [create-pull-request][1]
+
+            [1]: https://github.com/peter-evans/create-pull-request
+          branch: ci-test-${{ matrix.target }}
+
+      - name: Close Pull
+        uses: peter-evans/close-pull@v1
+        with:
+          pull-request-number: ${{ steps.cpr.outputs.pr_number }}
+          comment: '[CI] test ${{ matrix.target }}'
+          delete-branch: true
+
+  commentTestSuiteHelp:
+    if: github.event_name == 'pull_request'
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Find Comment
+        uses: peter-evans/find-comment@v1
+        id: fc
+        with:
+          issue-number: ${{ github.event.number }}
+          comment-author: 'github-actions[bot]'
+          body-includes: Full test suite slash command
+
+      - if: steps.fc.outputs.comment-id == ''
+        name: Create comment
+        uses: peter-evans/create-or-update-comment@v1
+        with:
+          issue-number: ${{ github.event.number }}
+          body: |
+            Full test suite slash command (repository admin only)
+            ```
+            /test repository=${{ github.event.pull_request.head.repo.full_name }} branch=${{ github.event.pull_request.head.ref }} build=true
+            ```
+
+  package:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v2
+        with:
+          name: dist
+          path: dist
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          commit-message: Update distribution
+          committer: GitHub <noreply@github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          title: Update distribution
+          body: |
+            - Updates the distribution for changes on `master`
+
+            Auto-generated by [create-pull-request][1]
+
+            [1]: https://github.com/peter-evans/create-pull-request
+          branch: update-distribution

.github/workflows/cpr-example-command.yml

@@ -13,9 +13,9 @@ jobs:
         id: cpr
         uses: ./
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Add report file
-          committer: Peter Evans <peter-evans@users.noreply.github.com>
+          committer: GitHub <noreply@github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
           title: '[Example] Add report file'
           body: |
             New report
@@ -29,6 +29,7 @@ jobs:
           milestone: 1
           project: Example Project
           project-column: To do
+          draft: false
           branch: example-patches
           request-to-parent: false
       - name: Check outputs
@@ -38,7 +39,6 @@ jobs:
       - name: Add reaction
         uses: peter-evans/create-or-update-comment@v1
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
           comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
           reaction-type: hooray

README.md

@@ -27,22 +27,20 @@ Create Pull Request action will:
 ```yml
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 You can also pin to a [specific release](https://github.com/peter-evans/create-pull-request/releases) version in the format `@v2.x.x`
 
 ### Action inputs
 
-With the exception of `token`, all inputs are **optional**. If not set, sensible default values will be used.
+All inputs are **optional**. If not set, sensible default values will be used.
 
-**Note**: If you want pull requests created by this action to trigger an `on: push` or `on: pull_request` workflow then you must use a [Personal Access Token](https://help.github.com/en/articles/creating-a-personal-access-token-for-the-command-line) instead of the default `GITHUB_TOKEN`. Alternatively, allow the action to [push using SSH](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-using-ssh-deploy-keys) by configuring a deploy key.
+**Note**: If you want pull requests created by this action to trigger an `on: push` or `on: pull_request` workflow then you cannot use the default `GITHUB_TOKEN`. See the [documentation here](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#triggering-further-workflow-runs) for workarounds.
 
 | Name | Description | Default |
 | --- | --- | --- |
-| `token` | `GITHUB_TOKEN` or a `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line). | |
+| `token` | `GITHUB_TOKEN` or a `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line). | `GITHUB_TOKEN` |
-| `path` | Relative path under `$GITHUB_WORKSPACE` to the repository. | `$GITHUB_WORKSPACE` |
+| `path` | Relative path under `GITHUB_WORKSPACE` to the repository. | `GITHUB_WORKSPACE` |
 | `commit-message` | The message to use when committing changes. | `[create-pull-request] automated change` |
 | `committer` | The committer name and email address in the format `Display Name <email@address.com>`. | Defaults to the GitHub Actions bot user. See [Committer and author](#committer-and-author) for details. |
 | `author` | The author name and email address in the format `Display Name <email@address.com>`. | Defaults to the GitHub Actions bot user. See [Committer and author](#committer-and-author) for details. |
@@ -51,12 +49,13 @@ With the exception of `token`, all inputs are **optional**. If not set, sensible
 | `labels` | A comma separated list of labels. | |
 | `assignees` | A comma separated list of assignees (GitHub usernames). | |
 | `reviewers` | A comma separated list of reviewers (GitHub usernames) to request a review from. | |
-| `team-reviewers` | A comma separated list of GitHub teams to request a review from. | |
+| `team-reviewers` | A comma separated list of GitHub teams to request a review from. A `repo` scoped [PAT](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) may be required. See [this issue](https://github.com/peter-evans/create-pull-request/issues/155). | |
 | `milestone` | The number of the milestone to associate this pull request with. | |
 | `project` | The name of the project for which a card should be created. Requires `project-column`. | |
 | `project-column` | The name of the project column under which a card should be created. Requires `project`. | |
+| `draft` | Create a [draft pull request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests). | `false` |
 | `branch` | The branch name. See [Branch naming](#branch-naming) for details. | `create-pull-request/patch` |
-| `request-to-parent` | Create the pull request in the parent repository of the checked out fork. | `false` |
+| `request-to-parent` | Create the pull request in the parent repository of the checked out fork. See [push pull request branches to a fork](https://github.com/peter-evans/create-pull-request/blob/master/docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | `false` |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `branch-suffix` | The branch suffix type. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Branch naming](#branch-naming) for details. | |
 
@@ -69,8 +68,6 @@ Note that in order to read the step output the action step must have an id.
       - name: Create Pull Request
         id: cpr
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
       - name: Check outputs
         run: |
           echo "Pull Request Number - ${{ env.PULL_REQUEST_NUMBER }}"
@@ -115,13 +112,13 @@ If there are files or directories you want to ignore you can simply add them to
 
 If neither `committer` or `author` inputs are supplied the action will default to making commits that appear to be made by the GitHub Actions bot user.
 
-In most cases, where the committer and author are the same, just the committer can be set.
+The following configuration can be used to have commits authored by the user who triggered the workflow event.
 ```yml
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          committer: GitHub <noreply@github.com>
-          committer: Peter Evans <peter-evans@users.noreply.github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
 ```
 
 ### Controlling commits
@@ -144,8 +141,6 @@ As well as relying on the action to handle uncommitted changes, you can addition
         run: date +%s > report.txt
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ## Reference Example
@@ -170,8 +165,8 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Add report file
-          committer: Peter Evans <peter-evans@users.noreply.github.com>
+          committer: GitHub <noreply@github.com>
-          author: Peter Evans <peter-evans@users.noreply.github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
           title: '[Example] Add report file'
           body: |
             New report
@@ -186,6 +181,7 @@ jobs:
           milestone: 1
           project: Example Project
           project-column: To do
+          draft: false
           branch: example-patches
           request-to-parent: false
       - name: Check outputs

action.yml

@@ -3,7 +3,7 @@ description: 'Creates a pull request for changes to your repository in the actio
 inputs:
   token:
     description: 'GITHUB_TOKEN or a repo scoped PAT'
-    required: true
+    default: ${{ github.token }}
   path:
     description: 'Relative path under $GITHUB_WORKSPACE to the repository.'
   commit-message:

dist/cpr/create_or_update_pull_request.py

@@ -4,6 +4,20 @@ from github import Github, GithubException
 import os
 
 
+def string_to_bool(str):
+    if str is None:
+        return False
+    else:
+        return str.lower() in [
+            "true",
+            "1",
+            "t",
+            "y",
+            "yes",
+            "on",
+        ]
+
+
 def cs_string_to_list(str):
     # Split the comma separated string into a list
     l = [i.strip() for i in str.split(",")]
@@ -56,27 +70,31 @@ def create_or_update_pull_request(
     team_reviewers,
     project_name,
     project_column_name,
+    draft,
     request_to_parent,
 ):
-    if request_to_parent is None:
-        request_to_parent = False
-    else:
-        request_to_parent = request_to_parent.lower() in ['true', '1', 't', 'y', 'yes', 'on']
-
     github_repo = head_repo = Github(github_token).get_repo(github_repository)
-    if request_to_parent:
+    if string_to_bool(request_to_parent):
         github_repo = github_repo.parent
         if github_repo is None:
-            raise ValueError("The checked out repository is not a fork. Input 'request-to-parent' should be set to false.")
+            raise ValueError(
+                "The checked out repository is not a fork. Input 'request-to-parent' should be set to false."
+            )
 
     head_branch = f"{head_repo.owner.login}:{branch}"
 
     # Create the pull request
     try:
         pull_request = github_repo.create_pull(
-            title=title, body=body, base=base, head=head_branch
+            title=title,
+            body=body,
+            base=base,
+            head=head_branch,
+            draft=string_to_bool(draft),
+        )
+        print(
+            f"Created pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
         )
-        print(f"Created pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})")
     except GithubException as e:
         if e.status == 422:
             # A pull request exists for this branch and base
@@ -86,7 +104,9 @@ def create_or_update_pull_request(
             )[0]
             # Update title and body
             pull_request.as_issue().edit(title=title, body=body)
-            print(f"Updated pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})")
+            print(
+                f"Updated pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
+            )
         else:
             print(str(e))
             raise

dist/cpr/create_pull_request.py

@@ -224,5 +224,6 @@ if result["action"] in ["created", "updated"]:
         os.environ.get("CPR_TEAM_REVIEWERS"),
         os.environ.get("CPR_PROJECT_NAME"),
         os.environ.get("CPR_PROJECT_COLUMN_NAME"),
+        os.environ.get("CPR_DRAFT"),
         os.environ.get("CPR_REQUEST_TO_PARENT"),
     )

dist/cpr/requirements.txt

@@ -1,2 +1,4 @@
-GitPython==3.1.0
+setuptools==46.1.3
-PyGithub==1.47
+wheel==0.34.2
+GitPython==3.1.1
+PyGithub==1.50

dist/index.js

@@ -4274,6 +4274,7 @@ async function run() {
       milestone: core.getInput("milestone"),
       project: core.getInput("project"),
       projectColumn: core.getInput("project-column"),
+      draft: core.getInput("draft"),
       branch: core.getInput("branch"),
       request_to_parent: core.getInput("request-to-parent"),
       base: core.getInput("base"),
@@ -4296,6 +4297,7 @@ async function run() {
     if (inputs.milestone) process.env.CPR_MILESTONE = inputs.milestone;
     if (inputs.project) process.env.CPR_PROJECT_NAME = inputs.project;
     if (inputs.projectColumn) process.env.CPR_PROJECT_COLUMN_NAME = inputs.projectColumn;
+    if (inputs.draft) process.env.CPR_DRAFT = inputs.draft;
     if (inputs.branch) process.env.CPR_BRANCH = inputs.branch;
     if (inputs.request_to_parent) process.env.CPR_REQUEST_TO_PARENT = inputs.request_to_parent;
     if (inputs.base) process.env.CPR_BASE = inputs.base;

docs/concepts-guidelines.md

@@ -9,6 +9,7 @@ This document covers terminology, how the action works, general usage guidelines
   - [Providing a consistent base](#providing-a-consistent-base)
   - [Pull request events](#pull-request-events)
   - [Restrictions on forked repositories](#restrictions-on-forked-repositories)
+  - [Triggering further workflow runs](#triggering-further-workflow-runs)
   - [Security](#security)
 - [Advanced usage](#advanced-usage)
   - [Creating pull requests in a remote repository](#creating-pull-requests-in-a-remote-repository)
@@ -113,6 +114,23 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
 ```
 
+### Triggering further workflow runs
+
+Pull requests created by the action using the default `GITHUB_TOKEN` cannot trigger other workflows. If you have `on: pull_request` or `on: push` workflows acting as checks on pull requests, they will not run.
+
+> When you use the repository's GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run.
+
+[GitHub Actions: Events that trigger workflows](https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token)
+
+#### Workarounds to trigger further workflow runs
+
+There are a number of workarounds with different pros and cons.
+
+- Use the default `GITHUB_TOKEN` and allow the action to create pull requests that have no checks enabled. Manually close pull requests and immediately reopen them. This will enable `on: pull_request` workflows to run and be added as checks.
+- Use a `repo` scoped [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) created on an account that has write access to the repository that pull requests are being created in. This is the standard workaround and [recommended by GitHub](https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token). However, the PAT cannot be scoped to a specific repository so the token becomes a very sensitive secret. If this is a concern, the PAT can instead be created for a dedicated [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements) that has collaborator access to the repository. Also note that because the account that owns the PAT will be the creator of pull requests, that user account will be unable to perform actions such as request changes or approve the pull request.
+- Use [SSH (deploy keys)](#push-using-ssh-deploy-keys) to push the pull request branch. This is arguably more secure than using a PAT because deploy keys can be set per repository. However, this method will only trigger `on: push` workflows.
+- Use a [machine account that creates pull requests from its own fork](#push-pull-request-branches-to-a-fork). This is the most secure because the PAT created only grants access to the machine account's fork, not the main repository. This method will trigger `on: pull_request` workflows to run. Workflows triggered `on: push` will not run because the push event is in the fork.
+
 ### Security
 
 From a security perspective it's good practice to fork third-party actions, review the code, and use your fork of the action in workflows.
@@ -162,50 +180,47 @@ How to use SSH (deploy keys) with create-pull-request action:
 1. [Create a new SSH key pair](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) for your repository. Do not set a passphrase.
 2. Copy the contents of the public key (.pub file) to a new repository [deploy key](https://developer.github.com/v3/guides/managing-deploy-keys/#deploy-keys) and check the box to "Allow write access."
 3. Add a secret to the repository containing the entire contents of the private key.
-4. As shown in the example steps below, use the [`webfactory/ssh-agent`](https://github.com/webfactory/ssh-agent) action to install the private key and clone your repository. Remember to checkout the `base` of your pull request if it's not the default branch, e.g. `git checkout my-branch`.
+4. As shown in the example below, configure `actions/checkout` to use the deploy key you have created.
 
 ```yml
     steps:
-      - uses: webfactory/ssh-agent@v0.2.0
+      - uses: actions/checkout@v2
         with:
-          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
-
-      - name: Checkout via SSH
-        run: git clone git@github.com:peter-evans/create-pull-request.git .
 
       # Make changes to pull request here
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ### Push pull request branches to a fork
 
-To enforce security, you can use a dedicated user using [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
+Instead of pushing pull request branches to the repository you want to update, you can push them to a fork of that repository.
-This user has no access to the main repository, it will use their own fork to push code and create the pull request.
+This allows you to employ the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) by using a dedicated user acting as a [machine account](https://help.github.com/en/github/site-policy/github-terms-of-service#3-account-requirements).
+This user has no access to the main repository.
+It will use their own fork to push code and create the pull request.
 
-1. Create a new github user, then login with this user.
+1. Create a new GitHub user and login.
-2. fork the repository.
+2. Fork the repository that you will be creating pull requests in.
-3. create a [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
+3. Create a [Personal Access Token (PAT)](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line).
-4. logout and go back to your main user.
+4. Logout and log back in to your main user account.
-5. Add a secret to the repository containing the above PAT.
+5. Add a secret to your repository containing the above PAT.
-6. As shown in the example below, switch the git remote to the fork's url after checkout and set the action input `request-on-parent` to `true`.
+6. As shown in the following example workflow, switch the git remote to the fork's URL after checkout and set the action input `request-on-parent` to `true`.
 
 ```yaml
       - uses: actions/checkout@v2
 
       - run: |
-          git config user.password ${{ secrets.PAT }}
+          git config user.password ${{ secrets.MACHINE_USER_PAT }}
-          git remote set-url origin https://github.com/bot-user/fork-project
+          git remote set-url origin https://github.com/machine-user/fork-of-repository
           git fetch --unshallow -p origin
 
       # Make changes to pull request here
 
       - uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.PAT }}
+          token: ${{ secrets.MACHINE_USER_PAT }}
           request-on-parent: true
 ```
 
@@ -234,8 +249,6 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 **Ubuntu container example:**
@@ -259,8 +272,6 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
 ### Creating pull requests on tag push
@@ -294,7 +305,6 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           base: master
 
       - name: Delete tag branch
@@ -322,6 +332,4 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
 ```

docs/examples.md

@@ -45,7 +45,6 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: update authors
           title: Update AUTHORS
           body: Credit new contributors by updating AUTHORS
@@ -78,7 +77,6 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           branch: production-promotion
 ```
 
@@ -110,7 +108,6 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: update dependencies
           title: Automated Dependency Updates
           body: This is an auto-generated PR with dependency updates.
@@ -161,7 +158,6 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Update swagger-ui to ${{ steps.swagger-ui.outputs.release_tag }}
           title: Update SwaggerUI to ${{ steps.swagger-ui.outputs.release_tag }}
           body: |
@@ -204,7 +200,6 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: update local website copy
           title: Automated Updates to Local Website Copy
           body: This is an auto-generated PR with website updates.
@@ -299,7 +294,6 @@ jobs:
         if: steps.autopep8.outputs.exit-code == 2
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: autopep8 action fixes
           title: Fixes by autopep8 action
           body: This is an auto-generated PR with fixes by autopep8.
@@ -358,7 +352,6 @@ The recommended method is to use [`set-output`](https://help.github.com/en/githu
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           title: ${{ steps.vars.outputs.pr_title }}
           body: ${{ steps.vars.outputs.pr_body }}
 ```
@@ -374,7 +367,6 @@ Alternatively, [`set-env`](https://help.github.com/en/github/automating-your-wor
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           title: ${{ env.PULL_REQUEST_TITLE }}
           body: ${{ env.PULL_REQUEST_BODY }}
 ```

package.json

@@ -23,14 +23,14 @@
   },
   "homepage": "https://github.com/peter-evans/create-pull-request",
   "dependencies": {
-    "@actions/core": "^1.1.1",
+    "@actions/core": "1.2.0",
-    "@actions/exec": "^1.0.1",
+    "@actions/exec": "1.0.2",
-    "@actions/tool-cache": "^1.1.2",
+    "@actions/tool-cache": "1.1.2",
-    "is-docker": "^2.0.0"
+    "is-docker": "2.0.0"
   },
   "devDependencies": {
-    "@zeit/ncc": "0.22.0",
+    "@zeit/ncc": "0.22.1",
     "eslint": "6.8.0",
-    "jest": "25.2.3"
+    "jest": "25.5.3"
   }
 }

renovate.json

@@ -1,5 +1,11 @@
 {
   "extends": [
     "config:base"
+  ],
+  "packageRules": [
+    {
+      "depTypeList": ["devDependencies"],
+      "automerge": true
+    }
   ]
 }

src/cpr/create_or_update_pull_request.py

@@ -4,6 +4,20 @@ from github import Github, GithubException
 import os
 
 
+def string_to_bool(str):
+    if str is None:
+        return False
+    else:
+        return str.lower() in [
+            "true",
+            "1",
+            "t",
+            "y",
+            "yes",
+            "on",
+        ]
+
+
 def cs_string_to_list(str):
     # Split the comma separated string into a list
     l = [i.strip() for i in str.split(",")]
@@ -56,27 +70,31 @@ def create_or_update_pull_request(
     team_reviewers,
     project_name,
     project_column_name,
+    draft,
     request_to_parent,
 ):
-    if request_to_parent is None:
-        request_to_parent = False
-    else:
-        request_to_parent = request_to_parent.lower() in ['true', '1', 't', 'y', 'yes', 'on']
-
     github_repo = head_repo = Github(github_token).get_repo(github_repository)
-    if request_to_parent:
+    if string_to_bool(request_to_parent):
         github_repo = github_repo.parent
         if github_repo is None:
-            raise ValueError("The checked out repository is not a fork. Input 'request-to-parent' should be set to false.")
+            raise ValueError(
+                "The checked out repository is not a fork. Input 'request-to-parent' should be set to false."
+            )
 
     head_branch = f"{head_repo.owner.login}:{branch}"
 
     # Create the pull request
     try:
         pull_request = github_repo.create_pull(
-            title=title, body=body, base=base, head=head_branch
+            title=title,
+            body=body,
+            base=base,
+            head=head_branch,
+            draft=string_to_bool(draft),
+        )
+        print(
+            f"Created pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
         )
-        print(f"Created pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})")
     except GithubException as e:
         if e.status == 422:
             # A pull request exists for this branch and base
@@ -86,7 +104,9 @@ def create_or_update_pull_request(
             )[0]
             # Update title and body
             pull_request.as_issue().edit(title=title, body=body)
-            print(f"Updated pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})")
+            print(
+                f"Updated pull request #{pull_request.number} ({head_branch} => {github_repo.owner.login}:{base})"
+            )
         else:
             print(str(e))
             raise

src/cpr/create_pull_request.py

@@ -192,7 +192,7 @@ result = coub.create_or_update_branch(repo, repo_url, commit_message, base, bran
 
 if result["action"] in ["created", "updated"]:
     # The branch was created or updated
-    print(f"Pushing pull request branch to '{repo.full_name}/{branch}'")
+    print(f"Pushing pull request branch to 'origin/{branch}'")
     repo.git.push("--force", repo_url, f"HEAD:refs/heads/{branch}")
 
     # Set the base. It would have been 'None' if not specified as an input
@@ -224,5 +224,6 @@ if result["action"] in ["created", "updated"]:
         os.environ.get("CPR_TEAM_REVIEWERS"),
         os.environ.get("CPR_PROJECT_NAME"),
         os.environ.get("CPR_PROJECT_COLUMN_NAME"),
+        os.environ.get("CPR_DRAFT"),
         os.environ.get("CPR_REQUEST_TO_PARENT"),
     )

src/cpr/requirements.txt

@@ -1,2 +1,4 @@
-GitPython==3.1.0
+setuptools==46.1.3
-PyGithub==1.47
+wheel==0.34.2
+GitPython==3.1.1
+PyGithub==1.50

src/index.js

@@ -62,6 +62,7 @@ async function run() {
       milestone: core.getInput("milestone"),
       project: core.getInput("project"),
       projectColumn: core.getInput("project-column"),
+      draft: core.getInput("draft"),
       branch: core.getInput("branch"),
       request_to_parent: core.getInput("request-to-parent"),
       base: core.getInput("base"),
@@ -84,6 +85,7 @@ async function run() {
     if (inputs.milestone) process.env.CPR_MILESTONE = inputs.milestone;
     if (inputs.project) process.env.CPR_PROJECT_NAME = inputs.project;
     if (inputs.projectColumn) process.env.CPR_PROJECT_COLUMN_NAME = inputs.projectColumn;
+    if (inputs.draft) process.env.CPR_DRAFT = inputs.draft;
     if (inputs.branch) process.env.CPR_BRANCH = inputs.branch;
     if (inputs.request_to_parent) process.env.CPR_REQUEST_TO_PARENT = inputs.request_to_parent;
     if (inputs.base) process.env.CPR_BASE = inputs.base;