-
Notifications
You must be signed in to change notification settings - Fork 1
feat: Onboard actions4git/add-commit-push action #1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
+41,585
−1
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: Release GitHub Actions | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| tag: | ||
| description: "Tag for the release" | ||
| required: true | ||
| node_version: | ||
| description: "Node.js version to use" | ||
| required: false | ||
| default: "24" | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| release: | ||
| permissions: | ||
| actions: read | ||
| id-token: write | ||
| contents: write | ||
|
|
||
| uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1 | ||
| with: | ||
| tag: "${{ github.event.inputs.tag }}" | ||
| node_version: ${{ inputs.node_version || '24' }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| name: NPM Audit Fix Run | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| force: | ||
| description: "Use --force flag for npm audit fix?" | ||
| required: true | ||
| type: boolean | ||
| base_branch: | ||
| description: "Specify a base branch" | ||
| required: false | ||
| default: "main" | ||
| node_version: | ||
| description: "Node.js version to use" | ||
| required: false | ||
| default: "24" | ||
| schedule: | ||
| - cron: "0 0 * * 1" | ||
|
|
||
| jobs: | ||
| audit-fix: | ||
| uses: step-security/reusable-workflows/.github/workflows/audit_fix.yml@v1 | ||
| with: | ||
| force: ${{ inputs.force || false }} | ||
| base_branch: ${{ inputs.base_branch || 'main' }} | ||
| node_version: ${{ inputs.node_version || '24' }} | ||
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| packages: read | ||
| issues: write | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| name: Auto Cherry-Pick from Upstream | ||
|
|
||
| on: | ||
| workflow_run: | ||
| workflows: [ "Release GitHub Actions" ] | ||
| types: | ||
| - completed | ||
|
|
||
| workflow_dispatch: | ||
| inputs: | ||
| base_branch: | ||
| description: "Base branch to create the PR against" | ||
| required: true | ||
| default: "main" | ||
| mode: | ||
| description: "Run mode: cherry-pick or verify" | ||
| required: false | ||
| default: "cherry-pick" | ||
| node_version: | ||
| description: "Node.js version to use" | ||
| required: false | ||
| default: "24" | ||
|
|
||
| pull_request: | ||
| types: [ opened, synchronize, labeled ] | ||
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| packages: read | ||
| issues: write | ||
|
|
||
| jobs: | ||
| cherry-pick: | ||
| if: (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') || github.event_name == 'workflow_dispatch' || contains(fromJson(toJson(github.event.pull_request.labels)).*.name, 'review-required') | ||
| uses: step-security/reusable-workflows/.github/workflows/auto_cherry_pick.yaml@v1 | ||
| with: | ||
| original-owner: "actions4git" | ||
| repo-name: "add-commit-push" | ||
| base_branch: ${{ inputs.base_branch || 'main' }} | ||
| mode: ${{ github.event_name == 'pull_request' && 'verify' || inputs.mode || 'cherry-pick' }} | ||
| node_version: ${{ inputs.node_version || '24' }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| name: Test action | ||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths-ignore: | ||
| - README.md | ||
| - LICENSE | ||
| - .gitignore | ||
| - .github/** | ||
| - "!.github/workflows/test-action.yml" | ||
| pull_request: | ||
| paths-ignore: | ||
| - README.md | ||
| - LICENSE | ||
| - .gitignore | ||
| - .github/** | ||
| - "!.github/workflows/test-action.yml" | ||
| jobs: | ||
| branch: | ||
| concurrency: ${{ github.workflow }}-branch | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
|
anurag-stepsecurity marked this conversation as resolved.
anurag-stepsecurity marked this conversation as resolved.
|
||
| - uses: actions/checkout@v7 | ||
| - run: echo $RANDOM > random.txt | ||
| - uses: ./ | ||
|
anurag-stepsecurity marked this conversation as resolved.
|
||
| with: | ||
| push-branch: test-branch | ||
| push-force: true | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| .idea | ||
| node_modules |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| The MIT License (MIT) | ||
|
|
||
| Copyright (c) 2023 GitHub Actions for Git | ||
| Copyright (c) 2026 StepSecurity | ||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| of this software and associated documentation files (the "Software"), to deal | ||
| in the Software without restriction, including without limitation the rights | ||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| copies of the Software, and to permit persons to whom the Software is | ||
| furnished to do so, subject to the following conditions: | ||
|
|
||
| The above copyright notice and this permission notice shall be included in | ||
| all copies or substantial portions of the Software. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
| THE SOFTWARE. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,155 @@ | ||
| # add-commit-push | ||
| [](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) | ||
|
|
||
| # Add, commit, and push | ||
|
|
||
| ✨ Automagically `git add`, `git commit`, and `git push` | ||
|
|
||
| <table align=center><td> | ||
|
|
||
| ```yml | ||
| on: | ||
| pull_request: | ||
| jobs: | ||
| job: | ||
| permissions: | ||
| contents: write | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v7 | ||
| - run: npx --yes prettier --write . | ||
| - uses: step-security/add-commit-push@v1 | ||
| ``` | ||
|
|
||
| </table> | ||
|
|
||
| ➕ Adds all files by default \ | ||
| 👨 Uses `github.actor` as the default author \ | ||
| 🤖 Uses <b>@github-actions\[bot\]</b> as the default committer \ | ||
| 🔼 Pushes changes to the current branch \ | ||
| 🤩 Works great for the common use cases! | ||
|
|
||
| A convenience wrapper with sensible defaults so that you don't have to do | ||
| `git add`, `git commit`, and `git push` manually all the time. 😉 | ||
|
|
||
| ## Usage | ||
|
|
||
|  | ||
|  | ||
|
|
||
| **🚀 Here's what you want:** | ||
|
|
||
| ```yml | ||
| on: | ||
| push: | ||
| branches: "main" | ||
| pull_request: | ||
| jobs: | ||
| job: | ||
| permissions: | ||
| contents: write | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v7 | ||
| - run: npx --yes prettier --write . | ||
| - uses: step-security/add-commit-push@v1 | ||
| ``` | ||
|
|
||
| 🔒 Make sure you have the `permissions` set to `contents: write`! We need to be | ||
| able to edit the repository contents to push things. | ||
|
|
||
| If you're looking to have more control than the options provided below, it's | ||
| best if you tap in to the `git` CLI directly. The only tricky bit is setting a | ||
| default Git user (it's unset by default). You can either set it manually or use | ||
| a premade action like [actions4git/setup-git] to configure the `user.name` and | ||
| `user.email` settings. | ||
|
|
||
| ```yml | ||
| - uses: actions/checkout@v7 | ||
| - uses: actions4git/setup-git@v1 | ||
| # Then you can do whatever you want as the @github-actions[bot] user! | ||
| - run: git add random.txt | ||
| - run: git tag --force v1.0.0 | ||
| - run: git rebase --interactive HEAD~3 | ||
| - run: git merge --squash feature-branch | ||
| - run: git commit --message 'My custom commit message' | ||
| - run: git push origin other-branch:main --force | ||
| ``` | ||
|
|
||
| 🏷️ Automatic tag updating coming soon! Contributions welcome! ❤️ | ||
|
|
||
| ### Inputs | ||
|
|
||
| - **`path`:** The path to the repository root folder to perform the Git | ||
| operations in. This defaults to the current working directory (`.`). Change | ||
| this to a subfolder if you are using a different folder other than the default | ||
| `github.workspace` for your Git repository. | ||
|
|
||
| - **`add-pathspec`:** Additional path specifiers to be passed to `git add`. | ||
| These can be files, folders, globs, or even some fancy Git pathspec things | ||
| such as `:!ignoreme.txt`. Check out the CSS-Tricks [Git Pathspecs and How to | ||
| Use Them] article for the highlights of Git pathspecs. If this input is not | ||
| specified, `git add --all` will be used instead. Specifying `.` has slightly | ||
| different behavior from `--all`. | ||
|
|
||
| - **`add-force`:** Whether or not to use the `--force` flag when performing the | ||
| `git add` operation. Use this if you really want to add something but it's in | ||
| your `.gitignore`. This can be useful if you ever need to commit build | ||
| artifacts to Git that are normally ignored by your `.gitignore`. Defaults to | ||
| `false`. | ||
|
|
||
| - **`commit-author`:** A `Name Here <emailhere@example.org>` AiO author name & | ||
| email string. This is a shortcut alternative to the independant | ||
| 'commit-author-name' and `commit-author-email` options that are also | ||
| available. This defaults to <b>@github-actions\[bot\]</b>. You can set this to | ||
| the special value `github-actions` to use the <b>@github-actions\[bot\]</b> | ||
| user as the author, or the special `me` value to use the current | ||
| `github.actor` user as the author. Note that this is different from the | ||
| `commit-committer`. [The author of a commit is who wrote the thing and the | ||
| committer is who committed it to Git.] It's recommended to leave this as the | ||
| default. | ||
|
|
||
| - **`commit-author-name`:** The name of the author to associate with the commit. | ||
| Should be left unspecified if `commit-author` is specified. | ||
|
|
||
| - **`commit-author-email`:** The email address of the author to associate with | ||
| the commit. Should be left unspecified if `commit-author` is specified. | ||
|
|
||
| - **`commit-committer`:** A `Name Here <emailhere@example.org>` AiO author name | ||
| & email string. This input is a shortcut for the `commit-committer-name` and | ||
| `commit-committer-email` inputs that can also be individually specified. You | ||
| can set this to the special value `github-actions` to use the | ||
| <b>@github-actions\[bot\]</b> user as the committer, or the special `me` value | ||
| to use the current `github.actor` user as the committer. If this input is | ||
| unspecified, the committer defaults to the author. | ||
|
|
||
| - **`commit-committer-name`:** The name of the committer to associate with the | ||
| commit. Should be left unspecified if `commit-committer` is specified. | ||
|
|
||
| - **`commit-committer-email`:** The email address of the committer to associate | ||
| with the commit. Should be left unspecified if `commit-committer` is | ||
| specified. | ||
|
|
||
| - **`commit-message`:** The `--message` parameter to use for the commit. This | ||
| can be a multiline string if you want to specify a title and body. The default | ||
| is 'Automated changes'. | ||
|
|
||
| - **`push-force`:** Whether or not to use the `--force` parameter when doing the | ||
| `git push`. Defaults to `false`. | ||
|
|
||
| ### Outputs | ||
|
|
||
| - **`committed`:** Whether or not anything was actually committed to the | ||
| repository locally. This will be `true` if there were any changes and `false` | ||
| if not. | ||
|
|
||
| - **`commit-sha`:** The SHA of the commit that was created. Will not be set if | ||
| nothing was committed. | ||
|
|
||
| - **`pushed`:** Whether or not anything was actually pushed to the remote | ||
| repository. This will be `true` if there were any changes that were pushed and | ||
| `false` if not. | ||
|
|
||
| <!-- prettier-ignore-start --> | ||
| [actions4git/setup-git]: https://github.com/actions4git/setup-git | ||
| [Git Pathspecs and How to Use Them]: https://css-tricks.com/git-pathspecs-and-how-to-use-them/ | ||
| [The author of a commit is who wrote the thing and the committer is who committed it to Git.]: https://stackoverflow.com/questions/18750808/difference-between-author-and-committer-in-git |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Security Policy | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| Please report security vulnerabilities to security@stepsecurity.io |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| import { spawn } from "node:child_process"; | ||
| import { once } from "node:events"; | ||
| import { fileURLToPath } from "node:url"; | ||
| import {validateSubscription} from "./subscription.mjs"; | ||
|
|
||
| await validateSubscription(); | ||
|
|
||
| const file = fileURLToPath(import.meta.resolve("./main.sh")); // 👈 CHANGE ME! | ||
|
anurag-stepsecurity marked this conversation as resolved.
anurag-stepsecurity marked this conversation as resolved.
anurag-stepsecurity marked this conversation as resolved.
|
||
| const subprocess = spawn("bash", [file], { stdio: "inherit" }); | ||
| const [exitCode, signal] = await once(subprocess, "exit"); | ||
| if (signal) { | ||
| process.kill(process.pid, signal); | ||
| } else { | ||
| process.exit(exitCode); | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.