untested action

.eslintrc

@@ -0,0 +1,86 @@
+{
+    "parser": "babel-eslint",
+    "env": {
+        "node": true,
+        "es6": true
+    },
+    "extends": "eslint:recommended",
+    "parserOptions": {
+        "ecmaVersion": 7
+    },
+    "rules": {
+        "indent": [
+            "error",
+            4,
+            {
+                "SwitchCase": 2,
+                "VariableDeclarator": {
+                    "var": 2,
+                    "let": 2,
+                    "const": 3
+                },
+                 "MemberExpression": 1,
+                 "FunctionDeclaration": {"parameters": "first"},
+                 "CallExpression": {"arguments": "first"},
+                 "ObjectExpression": 1
+            }
+        ],
+        "quotes": [
+            "error",
+            "double"
+        ],
+        "semi": [
+            "error",
+            "always"
+        ],
+        "no-extra-parens": "error",
+        "default-case": "error",
+        "curly": "error",
+        "eqeqeq": "warn",
+        "no-loop-func": "error",
+        "no-sequences": "error",
+        "key-spacing": "error",
+        "yoda": [
+            "error",
+            "never"
+        ],
+        "array-bracket-spacing": [
+            "error",
+            "never"
+        ],
+        "block-spacing": [
+            "error",
+            "always"
+        ],
+        "brace-style": [
+            "error",
+            "stroustrup",
+            {
+                "allowSingleLine": true
+            }
+        ],
+        "eol-last": [
+            "error",
+            "always"
+        ],
+        "func-call-spacing": [
+            "error",
+            "never"
+        ],
+        "newline-after-var": [
+            "error",
+            "always"
+        ],
+        "no-lonely-if": "error",
+        "no-trailing-spaces": "error",
+        "no-whitespace-before-property": "error",
+        "space-infix-ops": "error",
+        "no-mixed-spaces-and-tabs": "error",
+        "no-plusplus": [
+            "error",
+            {
+                "allowForLoopAfterthoughts": true
+            }
+        ]
+    }
+}

.gitignore

@@ -1,3 +1,10 @@
+# local ignores
+secrets.json
+tryout.js
+
+# vscode configuration
+.vscode/
+
 # Logs
 logs
 *.log

README.md

@@ -1 +1,71 @@
-# dependency-check
+# Release Check
+
+Check if a push or pull request should trigger a release.
+
+This action is a handy helper for checking if a change should lead to a release. The action checks if the changes affect the code base of the business logic or if only package logistics are affected. The action helps to keep unnecessary releases low if one uses automatic releases through github actions. This action is designed to work with `dependabot` updates
+
+The `release-check` answers two questions. 
+
+1. Have changed only files in protected paths?
+2. Have changed only development dependencies?
+
+If the answers to these questions are true, then no release is necessary.
+
+`release-check` uses [`Octokit`](https://octokit.github.io/rest.js) for comparing the changes. You don't need to check out the repository.
+
+The default protected paths are: 
+
+- `.github`
+- `.gitignore`
+- `tests/`
+- `test/`
+- `package-lock.json`
+- `package.json`
+
+It is possible to add additional paths through the `protected-paths` input. 
+
+## Inputs
+
+### `protected-paths`
+
+**Optional** A list of protected paths that don't contain any business logic that would result into a release. Examples for such protected paths are the `.gitignore` file or the `.github` directories. 
+
+## Outputs
+
+###  `proceed`
+
+Boolean: is set to true, if the changes affect non-protected paths or upstream dependencies
+
+### `hold_development`
+
+Boolean: is set to true, if the changes affect only development dependencies (`devDependencies` in `package.json`).
+
+### `hold_protected`
+
+Boolean: is set to true, if the changes affect only changes in protected paths. It is false, if only upstream dependencies in package.json have changed.
+
+## Example Usage
+
+```
+name: Release Action
+
+on:
+- push
+- pull_request:
+    branches: 
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps: 
+    - id: release
+      uses: phish108/[email protected]
+      with: 
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+
+    - if: ${{ steps.release.outputs.proceed }}
+      uses: phish108/[email protected]
+      with: 
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+```

action.yml

@@ -0,0 +1,20 @@
+name: 'Release Check'
+author: 'phish108'
+description: 'Check if changes are relevant for a release'
+branding:
+  icon: thumbs-up
+  color: green
+inputs:
+  protected-paths:
+    description: 'list of protected paths, these paths are NOT relevant for releases'
+    required: false
+outputs:
+  proceed: # id of output
+    description: 'If true, the changes appear to affect the business logic and it is safe to proceed'
+  hold_development:
+    description: 'If true, the changes affect only development dependencies'
+  hold_protected:
+    description: 'If true, the changes affect only protected files and directories'
+runs:
+  using: node12
+  main: 'dist/index.js'

index.js

@@ -0,0 +1,80 @@
+const core   = require("@actions/core");
+const github = require("@actions/github");
+
+const protected_defaults = [
+    ".github/",
+    "tests/",
+    "test/",
+    ".gitignore"
+];
+
+async function action() {
+    const changeLog = await github.request(github.context.payload.repository.compare_url, {
+        base: github.context.payload.before,
+        head: github.context.payload.after
+    });
+
+    const files = changeLog.data.files.map(file => file.filename);
+
+    const protected_extra = core.getInput("protected-paths", {required: false});
+
+    const protected_paths = protected_defaults.concat(protected_extra || []);
+
+    // check normal protected files
+    const hold_protected = files
+        .map((file) => protected_paths
+            .map((path) => file.startsWith(path))
+            .reduce((v, c) => v || c, false))
+        .reduce((v, c) => v && c, true);
+
+    core.info(`protected directories? ${ hold_protected }`);
+
+    // check if package files changed
+    const hold_package = files
+        .map((file) => file === "package.json" ||
+                      file === "package-lock.json")
+        .reduce((v, c) => v || c, false);
+
+    let isdevChange = 0;
+
+    let isotherChange = 0;
+
+    if (hold_package) {
+        core.info("check for changed development dependencies");
+        const pInfo = changeLog.data.files
+            .filter((file) => file.filename === "package.json");
+
+        const pFile = await github.request(pInfo[0].raw_url);
+        const devDeps = Object.keys(JSON.parse(pFile.data).devDependencies);
+
+        const changes = pInfo[0].patch
+            .split("\n")
+            .filter((change) => change.match(/^[+-]\s*/))
+            .map((change) => change.replace(/^[+-]\s*"([^"]+).*$/, "$1"))
+            .filter((change) => change && change.length);
+
+        isdevChange = changes
+            .filter((change) => devDeps.includes(change))
+            .length;
+
+        isotherChange = changes.length - isdevChange;
+
+        core.info(`changed devDependencies ${ isdevChange }`);
+        core.info(`changed other dependencies ${ isotherChange }`);
+    }
+
+    core.setOutput("hold_protected", hold_protected && isotherChange === 0);
+
+    const hold_development = isdevChange > 0 && isotherChange === 0;
+
+    if (hold_development) {
+        core.info("is dev only change. HOLD!");
+    }
+
+    core.setOutput("hold_development", hold_development);
+    core.setOutput("proceed", !(hold_protected || hold_development));
+}
+
+action()
+    .then(() => core.info("success"))
+    .catch(error => core.setFailed(error.message));