Merge pull request #113 from github/brrygrdn/readme-release-ready-pass

Initial copy pass on the README

README.md

@@ -1,100 +1,22 @@
-## Setup
+<p align="center">
+  <img src="https://s3.eu-west-2.amazonaws.com/dependabot-images/logo-with-name-horizontal.svg?v5" alt="Dependabot" width="336">
+</p>
 
-### Prerequisites
+# Updater Action
 
-**Node Version Manager**: e.g. `brew install nvm` on Mac
+**Name:** `dependabot/updater-action`
 
-**Docker**: e.g. `brew install docker` on Mac
+Runs Dependabot workloads via GitHub Actions.
 
-### Project dependencies
+## Usage Instructions
 
-```bash
-$ nvm use
-$ npm install
-```
+This action is used by the Dependabot [version][docs-version-updates] and [security][docs-security-updates] features in GitHub.com. It does not support being used in workflow files directly.
 
-## Tests
+## Issues
 
-Run the tests (excluding integration tests) :heavy_check_mark:
+If you have any problems with Dependabot, please [open an issue][code-dependabot-core-new-issue] on [dependabot/dependabot-core][code-dependabot-core] or contact GitHub Support.
 
-```bash
-$ npm test
-
- PASS  ./index.test.js
-  ✓ throws invalid number (3ms)
-  ✓ wait 500 ms (504ms)
-  ✓ test runs (95ms)
-
-...
-```
-
-### Running integration tests
-
-```bash
-$ npm run test-integration
-```
-
-The integration test will time out if you don't already have the docker image on
-your local machine.
-
-You'll need to create a [GitHub PAT](https://github.com/settings/tokens/new)
-(Personal Access Token) to access the updater image hosted on [dependabot/dependabot-updater](https://github.com/dependabot/dependabot-updater/pkgs/container/dependabot-updater%2Fdependabot-updater).
-
-Create the PAT with `read:packages` permissions checked and export it:
-
-```bash
-export GPR_TOKEN=_pat_with_read_packages_
-```
-
-Pull the updater image:
-
-```bash
-docker login docker.pkg.github.com -u x -p $GPR_TOKEN
-docker pull docker.pkg.github.com/dependabot/dependabot-updater:latest
-```
-
-#### Debugging the fake dependabot-api json-server
-
-Integration tests run against a fake dependabot-api server using
-[json-server](https://github.com/typicode/json-server).
-
-Initial responses are defined in `__tess__/server/db.json` and the server itself
-configured in `__tests__server/server.js`.
-
-Run the api server outside of tests:
-
-```bash
-node __tests__/server/server.js
-```
-
-Inspect resources:
-
-```bash
-curl http://localhost:9000/update_jobs/1/details
-```
-
-### Running against a local dependabot-api instance
-
-TBD
-
-## Releasing a new version of the action
-
-Actions executes the `dist/index.js` file when run, defined in `action.yml`. This is packaged using [ncc](https://github.com/zeit/ncc).
-
-To update the `dist/index.js` run:
-
-```bash
-$ npm run package
-```
-
-### Tagging releases
-
-When tagging a release, use semver e.g. `v1.0.0`.
-
-Also update the major version tag to point to the latest major release, e.g. `git tag v1`.
-
-### Major versions
-
-Create a new `releases/v1` branch before merging a `v2` branch to main to allow releasing patch releases of previous major versions.
-
-![versioning](https://github.com/actions/toolkit/blob/master/docs/assets/action-releases.png)
+[code-dependabot-core]: https://github.com/dependabot/dependabot-core/
+[code-dependabot-core-new-issue]: https://github.com/dependabot/dependabot-core/issues/new
+[docs-version-updates]: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
+[docs-security-updates]: https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates