Add dependency group metadata

README.md

@@ -84,6 +84,8 @@ Subsequent actions will have access to the following outputs:
   - If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0).
 - `steps.dependabot-metadata.outputs.maintainer-changes`
   - Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed.
+- `steps.dependabot-metadata.outputs.dependency-group`
+  - The dependency group that the PR is associated with (otherwise it is an empty string).
 
 **Note:** By default, these outputs will only be populated if the target Pull Request was opened by Dependabot and contains
 **only** Dependabot-created commits. To override, see `skip-commit-verification` / `skip-verification`.

src/dependabot/output.ts

@@ -28,6 +28,7 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
   const newVersion = firstDependency?.newVersion
   const compatScore = firstDependency?.compatScore
   const maintainerChanges = firstDependency?.maintainerChanges
+  const dependencyGroup = firstDependency?.dependencyGroup
   const alertState = firstDependency?.alertState
   const ghsaId = firstDependency?.ghsaId
   const cvss = firstDependency?.cvss
@@ -43,6 +44,7 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
   core.info(`outputs.new-version: ${newVersion}`)
   core.info(`outputs.compatibility-score: ${compatScore}`)
   core.info(`outputs.maintainer-changes: ${maintainerChanges}`)
+  core.info(`outputs.dependency-group: ${dependencyGroup}`)
   core.info(`outputs.alert-state: ${alertState}`)
   core.info(`outputs.ghsa-id: ${ghsaId}`)
   core.info(`outputs.cvss: ${cvss}`)
@@ -59,6 +61,7 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
   core.setOutput('new-version', newVersion)
   core.setOutput('compatibility-score', compatScore)
   core.setOutput('maintainer-changes', maintainerChanges)
+  core.setOutput('dependency-group', dependencyGroup)
   core.setOutput('alert-state', alertState)
   core.setOutput('ghsa-id', ghsaId)
   core.setOutput('cvss', cvss)

src/dependabot/update_metadata.ts

@@ -16,7 +16,8 @@ export interface updatedDependency extends dependencyAlert {
   prevVersion: string,
   newVersion: string,
   compatScore: number,
-  maintainerChanges: boolean
+  maintainerChanges: boolean,
+  dependencyGroup: string
 }
 
 export interface alertLookup {
@@ -31,6 +32,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
   const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>v?\d[^ ]*) to (?<to>v?\d[^ ]*)\.$/m)
   const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>v?\d\S*) to \S*? ?(?<to>v?\d\S*)$/m)
   const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m)
+  const groupName = body.match(/^Bumps the (?<name>\S*) group with/m)
   const newMaintainer = !!body.match(/Maintainer changes/m)
   const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 }))
   const scoreFn = getScore ?? (() => Promise.resolve(0))
@@ -43,6 +45,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
     const chunks = branchName.split(delim)
     const prev = bumpFragment?.groups?.from ?? (updateFragment?.groups?.from ?? '')
     const next = bumpFragment?.groups?.to ?? (updateFragment?.groups?.to ?? '')
+        const dependencyGroup = groupName?.groups?.name ?? ''
 
     if (data['updated-dependencies']) {
       return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => {
@@ -61,6 +64,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
           newVersion: nextVersion,
           compatScore: await scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]),
           maintainerChanges: newMaintainer,
+          dependencyGroup: dependencyGroup,
           ...await lookupFn(dependency['dependency-name'], lastVersion, dirname)
         }
       }))