Skip to content

exclude or whitelist certain dependencies #1118

Description

@tobiasehlert

Is your feature request related to a problem? Please describe.
When using reusable workflows in an organization from an internal repository, a pull request that is bumping a version tag gets listed as change.

Describe the solution you'd like
Be able to add an input for certain workflows to be whitelisted or excluded from a bump.
Based on the examples a little later, I'd like to exclude version-bumps of my reusable workflows in the ExampleOrg/gh-actions repo.

Describe alternatives you've considered
No workaround I can come up with.

Additional context
Example reusable workflow:

name: Dependency Review

on:
  workflow_call:
permissions:
  contents: read
  pull-requests: write

jobs:
  dependency-review:
    runs-on: ubuntu-24.04
    steps:
      - name: Dependency review
        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
        with:
          warn-only: true
          comment-summary-in-pr: on-change

Example of calling the reusable workflow:

name: Dependency Review
on: [pull_request]

permissions: {}

jobs:
  dependency-review:
    permissions:
      contents: read
      pull-requests: write
    uses: ExampleOrg/gh-actions/.github/workflows/dependency-review.yml@ 1234567890123456789012345678901234567890 # v0.1.0

Example of a comment:
Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions