Skip to content

chore(deps): bump @actions/github from 6.0.1 to 9.1.1#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/actions/github-9.1.1
Open

chore(deps): bump @actions/github from 6.0.1 to 9.1.1#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/actions/github-9.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps @actions/github from 6.0.1 to 9.1.1.

Changelog

Sourced from @​actions/github's changelog.

9.1.1

  • Bump undici from 6.23.0 to 6.24.0 #2346

9.1.0

  • Append actions_orchestration_id to user-agent when the ACTIONS_ORCHESTRATION_ID environment variable is set #2364

9.0.0

  • Breaking change: Package is now ESM-only
    • CommonJS consumers must use dynamic import() instead of require()
    • Example: const { getOctokit, context } = await import('@actions/github')
  • Fix TypeScript compilation by migrating to ESM, enabling proper imports from @octokit/core/types

8.0.1

  • Update undici to 6.23.0
  • Update @actions/http-client to 3.0.2

8.0.0

  • Update @​octokit dependencies
    • @octokit/core ^7.0.6
    • @octokit/plugin-paginate-rest ^14.0.0
    • @octokit/plugin-rest-endpoint-methods ^17.0.0
    • @octokit/request ^10.0.7
    • @octokit/request-error ^7.1.0
  • Breaking change: Minimum Node.js version is now 20 (previously 18)

7.0.0

  • Update to v3.0.1 of @actions/http-client
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​actions/github since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 19, 2026
@dependabot
chore(deps): bump @actions/github from 6.0.1 to 9.1.1
dc13134 
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 6.0.1 to 9.1.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump @actions/github from 6.0.0 to 9.1.1 chore(deps): bump @actions/github from 6.0.1 to 9.1.1 Jun 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/actions/github-9.1.1 branch from e5ecf31 to dc13134 Compare June 19, 2026 12:24
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Current branch is dependabot/npm_and_yarn/actions/github-9.1.1.
(execution 27825502187 / attempt 1)

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Comment Pull Request - GitHub Actions

Fork maintained by @andyghc — Node.js 24 runtime (upstream stuck on Node 20).
Based on thollander/actions-comment-pull-request v3.0.1 with Node 20→24 upgrade from PR #449.

What is it ?

A GitHub action that comments with a given message the pull request linked to the pushed branch.
You can even put dynamic data thanks to Contexts and expression syntax.

Usage

Classic usage

on: pull_request

jobs:
  example_comment_pr:
    runs-on: ubuntu-latest
    name: An example job to comment a PR
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Comment PR
        uses: andyghc/actions-comment-pull-request@v3
        with:
          message: |
            Hello world ! :wave:

Comment a file content

Thanks to the file-path input, a file content can be commented.
You can either pass an absolute file-path or a relative one that will be by default retrieved from GITHUB_WORKSPACE.
(Note that if both a message and file-path are provided, message will take precedence.)

- name: PR comment with file
  uses: andyghc/actions-comment-pull-request@v3
  with:
    file-path: /path/to/file.txt

Setting reactions

You can also set some reactions on your comments through the reactions input.
It takes only valid reactions and adds it to the comment you've just created. (See https://docs.github.com/en/rest/reactions#reaction-types)

- name: PR comment with reactions
  uses: andyghc/actions-comment-pull-request@v3
  with:
    message: |
      Hello world ! :wave:
    reactions: eyes, rocket

Specifying which pull request to comment on

You can explicitly input which pull request should be commented on by passing the pr-number input.
That is particularly useful for manual workflow for instance (workflow_run).

...
- name: Comment PR
  uses: andyghc/actions-comment-pull-request@v3
  with:
    message: |
      Hello world ! :wave:
    pr-number: 123 # This will comment on pull request #123

Update a comment

Editing an existing comment is also possible thanks to the comment-tag input.

Thanks to this parameter, it will be possible to identify your comment and then to upsert on it.
If the comment is not found at first, it will create a new comment.

That is particularly interesting while committing multiple times in a PR and that you just want to have the last execution report printed. It avoids flooding the PR.

...
- name: Comment PR with execution number
  uses: andyghc/actions-comment-pull-request@v3
  with:
    message: |
      _(execution **${{ github.run_id }}** / attempt **${{ github.run_attempt }}**)_
    comment-tag: execution

Note: the input mode can be used to either upsert (by default) or recreate the comment (= delete and create)

Delete a comment

Deleting a comment with a specific comment-tag is possible with the mode: delete. If a comment with the comment-tag exists, it will be deleted when ran.

...
- name: Delete a comment
  uses: andyghc/actions-comment-pull-request@v3
  with:
    comment-tag: to_delete
    mode: delete

Delete a comment on job completion

Deleting an existing comment on job completion is also possible thanks to the comment-tag input combined with mode: delete-on-completion.

This will delete the comment at the end of the job.

...
- name: Write a comment that will be deleted at the end of the job
  uses: andyghc/actions-comment-pull-request@v3
  with:
    message: |
      The PR is being built...
    comment-tag: to_delete_on_completion
    mode: delete-on-completion

Inputs

Action inputs

Name Description Required Default
github-token Token that is used to create comments. Defaults to ${{ github.token }}
message Comment body
file-path Path of the file that should be commented
reactions List of reactions for the comment (comma separated). See https://docs.github.com/en/rest/reactions#reaction-types
pr-number The number of the pull request where to create the comment current pull-request/issue number (deduced from context)
comment-tag A tag on your comment that will be used to identify a comment in case of replacement
mode Mode that will be used to update comment (upsert/recreate/delete/delete-on-completion) upsert
create-if-not-exists Whether a comment should be created even if comment-tag is not found true

Outputs

Action outputs

You can get some outputs from this actions :

Name Description
id Comment id that was created or updated
body Comment body
html-url URL of the comment created or updated

Example output

- name: Comment PR
  uses: andyghc/actions-comment-pull-request@v3
  id: hello
  with:
    message: |
      Hello world ! :wave:
- name: Check outputs
  run: |
    echo "id : ${{ steps.hello.outputs.id }}"
    echo "body : ${{ steps.hello.outputs.body }}"
    echo "html-url : ${{ steps.hello.outputs.html-url }}"

Permissions

Depending on the permissions granted to your token, you may lack some rights.
To run successfully, this actions needs at least :

permissions: 
   pull-requests: write

Add this in case you get Resource not accessible by integration error.
See jobs.<job_id>.permissions for more information.

Note that, if the PR comes from a fork, it will have only read permission despite the permissions given in the action for the pull_request event.
In this case, you may use the pull_request_target event. With this event, permissions can be given without issue (the difference is that it will execute the action from the target branch and not from the origin PR).

Contributing

Build

The build steps transpiles the src/main.ts to lib/index.js which is used in a NodeJS environment.
It is handled by vercel/ncc compiler.

$ npm run build

@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Content of file referenced with absolute path

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants