{"id":31765120,"url":"https://github.com/actions-r-us/actions-tagger","last_synced_at":"2025-10-10T00:13:28.090Z","repository":{"id":40281016,"uuid":"228677300","full_name":"Actions-R-Us/actions-tagger","owner":"Actions-R-Us","description":"A meta-action to keep your action versions up-to-date :rocket:","archived":false,"fork":false,"pushed_at":"2024-02-16T18:20:43.000Z","size":1452,"stargazers_count":128,"open_issues_count":10,"forks_count":13,"subscribers_count":2,"default_branch":"release/v2","last_synced_at":"2025-10-06T03:30:09.513Z","etag":null,"topics":["actions","cross-platform","github-actions","typescript","versioning"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Actions-R-Us.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-17T18:25:09.000Z","updated_at":"2025-08-27T12:39:39.000Z","dependencies_parsed_at":"2023-02-12T20:16:20.123Z","dependency_job_id":"84bfd9d8-e460-4188-8c3d-a6778c27af30","html_url":"https://github.com/Actions-R-Us/actions-tagger","commit_stats":{"total_commits":104,"total_committers":6,"mean_commits":"17.333333333333332","dds":0.3557692307692307,"last_synced_commit":"68b8860d45b8d5a78fc2b0b4c7bb19da085b38c6"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/Actions-R-Us/actions-tagger","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Actions-R-Us%2Factions-tagger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Actions-R-Us%2Factions-tagger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Actions-R-Us%2Factions-tagger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Actions-R-Us%2Factions-tagger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Actions-R-Us","download_url":"https://codeload.github.com/Actions-R-Us/actions-tagger/tar.gz/refs/heads/release/v2","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Actions-R-Us%2Factions-tagger/sbom","scorecard":{"id":8357,"data":{"date":"2025-08-11","repo":{"name":"github.com/Actions-R-Us/actions-tagger","commit":"148653c6179832f8392d083de6b46ad3dcc54de3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/cicd.yml:1","Warn: no topLevel permission defined: .github/workflows/versioning.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/Actions-R-Us/actions-tagger/cicd.yml/release/v2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cicd.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Actions-R-Us/actions-tagger/cicd.yml/release/v2?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/versioning.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Actions-R-Us/actions-tagger/versioning.yml/release/v2?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"14 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T14:03:21.138Z","repository_id":40281016,"created_at":"2025-08-14T14:03:21.138Z","updated_at":"2025-08-14T14:03:21.138Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002382,"owners_count":26083356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","cross-platform","github-actions","typescript","versioning"],"created_at":"2025-10-10T00:13:24.917Z","updated_at":"2025-10-10T00:13:28.082Z","avatar_url":"https://github.com/Actions-R-Us.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Actions Tagger\n\n:speedboat: Keep your action versions up-to-date by automatically promoting a\nmajor tag (and optionally, a `latest` tag) each time a release is created.\n\n# Rationale\n\nAccording to the github actions\n[versioning guide](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md#versioning),\nactions publishers should have a major tag (`v1`, `v2`, etc) which points to the\nlatest version of any minor/patch release of their action, for ease of use by\nthe others.\n\nI found this process quite tedious, and repetitive which is why this action\nexists. If you have published an action and would like to have your action\nfollow the same versioning structure as many others in the\n[marketplace](https://github.com/marketplace?type=actions), then simply create a\nrelease workflow that includes this action. See the\n[_usage_ example](#sample-usage).\n\n---\n\n[![Tested with Jest](https://img.shields.io/badge/tested_with-jest-99424f.svg)](https://github.com/facebook/jest)\n\n# Inputs\n\n### `publish_latest_tag`\n\nIndicates to the action whether or not to create/update a tag called `latest`\npointing to the latest release. **Default: `\"false\"`**.\n\n### `prefer_branch_releases`\n\nDo you prefer creating `vN` branches or `vN` tags? **Default: `\"false\"`**\n\n### `token`\n\nA github token used for creating an octoclient for making API calls. **Default:\n`${{ github.token }}`**.\n\n## Outputs\n\n### `tag`\n\nThe version of the branch/tag that was published/updated.\n\n### `latest`\n\nWas _latest_ also published?\n\n### \u003cstrike\u003e`ref_name`\u003c/strike\u003e\n\n**Deprecated in v3:** _Use [`tag`](#tag)_\n\n# Env Inputs\n\n### `GITHUB_TOKEN`\n\n**Deprecated in v3:** _If a non-default PAT (Personal Access Token) is needed,\nuse [`token`](#token) instead._\n\n# Debug Logging\n\nThis action supports\n[debug logging](https://docs.github.com/en/actions/managing-workflow-runs/enabling-debug-logging#enabling-step-debug-logging).\nWhen enabled, it will dump the output of the api call for creating the\ntags/branches. This is useful for testing and should be included when reporting\nbugs.\n\n# Sample Usage\n\n`versioning.yml`\n\n```yaml\nname: Keep the versions up-to-date\n\non:\n  release: # (1)\n    types:\n      - released\n      - edited\n  push: # (1)\n    tags:\n      - 'v?[0-9]+.[0-9]+.[0-9]+'\n    branches-ignore:\n      - '**'\n    paths-ignore:\n      - '**'\n\njobs:\n  actions-tagger:\n    runs-on: windows-latest\n    permissions: # (2)\n      contents: write\n    steps:\n      - uses: Actions-R-Us/actions-tagger@v2\n        with:\n          publish_latest_tag: true\n```\n\n---\n\n### Notes\n\n1. Add the push configuration if you want this action to also run when a new tag\n   or branch is created. Due to the nature of releases, a new tag will also be\n   created with a new release, which will trigger a new workflow run. Therefore,\n   pick one or the other to avoid conflicts.\n\n   **An event will\n   [not be created](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push)\n   when more than three tags are pushed at once.**\n\n   If using the push event, and you want to track branches, replace `tags` with\n   `branches` and `branches-ignore` with `tags-ignore`. At all times, leave the\n   filter for `paths-ignore` as is.\n\n2. The\n   [`permissions`](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions)\n   option is only required if the workflow permission for the given repository\n   is set to readonly. `readonly` permission renders the main purpose of this\n   action useless because it will be unable to create tags. Using the\n   `contents: write` scope allows this action to once again gain the ability to\n   create/update tags. For more details on changing the workflow permissions for\n   a given repository, see\n   [Configuring the default `GITHUB_TOKEN` permissions](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions).\n   For more details on the various available scopes that can be configured for\n   the `GITHUB_TOKEN`, see\n   [`permissions`](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions).\n\n   It is also important to note that when modifying one scope of the\n   [permission of `GITHUB_TOKEN`](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token),\n   all other unspecified scopes are set to _no access_ with the exception of the\n   `metadata` scope, which is set to `read`. See\n   [Modifying the permissions for the `GITHUB_TOKEN`](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token)\n   for more details. This shouldn't be a concern for this action, because it\n   only exclusively deals with the contents of the given repository.\n\n---\n\n# Similar projects\n\n### [EndBug/latest-tag](https://github.com/EndBug/latest-tag)\n\n- Creates a `latest` tag\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions-r-us%2Factions-tagger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Factions-r-us%2Factions-tagger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Factions-r-us%2Factions-tagger/lists"}