{"id":20210792,"url":"https://github.com/bluekeyes/patch2pr","last_synced_at":"2026-02-18T05:20:51.062Z","repository":{"id":39600514,"uuid":"252635704","full_name":"bluekeyes/patch2pr","owner":"bluekeyes","description":"Create pull requests from patches without cloning the repository","archived":false,"fork":false,"pushed_at":"2026-01-30T15:07:50.000Z","size":351,"stargazers_count":49,"open_issues_count":1,"forks_count":6,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-31T07:45:59.540Z","etag":null,"topics":["git","github","golang","patch","pullrequest"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bluekeyes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-04-03T04:54:41.000Z","updated_at":"2026-01-30T14:57:11.000Z","dependencies_parsed_at":"2023-11-14T04:24:39.292Z","dependency_job_id":"7cafd2df-43c4-41a7-88ff-a28870e8f2cb","html_url":"https://github.com/bluekeyes/patch2pr","commit_stats":null,"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/bluekeyes/patch2pr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluekeyes%2Fpatch2pr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluekeyes%2Fpatch2pr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluekeyes%2Fpatch2pr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluekeyes%2Fpatch2pr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bluekeyes","download_url":"https://codeload.github.com/bluekeyes/patch2pr/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bluekeyes%2Fpatch2pr/sbom","scorecard":{"id":244563,"data":{"date":"2025-08-11","repo":{"name":"github.com/bluekeyes/patch2pr","commit":"34ce27f43cf5624076b8712c405f8e956acc7352"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":3,"reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 3/15 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/go.yml:9","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:8","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bluekeyes/patch2pr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bluekeyes/patch2pr/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bluekeyes/patch2pr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/bluekeyes/patch2pr/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bluekeyes/patch2pr/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/bluekeyes/patch2pr/release.yml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.37.0 not signed: https://api.github.com/repos/bluekeyes/patch2pr/releases/235722783","Warn: release artifact v0.36.0 not signed: https://api.github.com/repos/bluekeyes/patch2pr/releases/228867922","Warn: release artifact v0.35.0 not signed: https://api.github.com/repos/bluekeyes/patch2pr/releases/222134145","Warn: release artifact v0.34.0 not signed: https://api.github.com/repos/bluekeyes/patch2pr/releases/212695313","Warn: release artifact v0.33.0 not signed: https://api.github.com/repos/bluekeyes/patch2pr/releases/206433155","Warn: release artifact v0.37.0 does not have provenance: https://api.github.com/repos/bluekeyes/patch2pr/releases/235722783","Warn: release artifact v0.36.0 does not have provenance: https://api.github.com/repos/bluekeyes/patch2pr/releases/228867922","Warn: release artifact v0.35.0 does not have provenance: https://api.github.com/repos/bluekeyes/patch2pr/releases/222134145","Warn: release artifact v0.34.0 does not have provenance: https://api.github.com/repos/bluekeyes/patch2pr/releases/212695313","Warn: release artifact v0.33.0 does not have provenance: https://api.github.com/repos/bluekeyes/patch2pr/releases/206433155"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T07:19:56.973Z","repository_id":39600514,"created_at":"2025-08-17T07:19:56.973Z","updated_at":"2025-08-17T07:19:56.973Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29569856,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T04:18:28.490Z","status":"ssl_error","status_checked_at":"2026-02-18T04:13:49.018Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","github","golang","patch","pullrequest"],"created_at":"2024-11-14T05:49:28.664Z","updated_at":"2026-02-18T05:20:46.630Z","avatar_url":"https://github.com/bluekeyes.png","language":"Go","readme":"# patch2pr\n[![PkgGoDev](https://pkg.go.dev/badge/github.com/bluekeyes/patch2pr)](https://pkg.go.dev/github.com/bluekeyes/patch2pr)\n\nCreate GitHub pull requests from Git patches without cloning the repository.\n\n## Why?\n\nAs a command line tool, it's mostly a curiosity and test for the library, but\nmight have some use for exceptionally large repositories or in environments\nwhere cloning is not feasible.\n\nAs a library, however, it enables tools to make automated code changes without\ngiving every part of system write access or requiring extra logic for managing\nclones. One part of the system can generate a patch and send it to another part\nthat uses this library to apply it and create a pull request.\n\n## Usage: CLI\n\nPre-built binaries for common platforms are available on the [releases][] page.\n\nYou can also install from source using `go install`:\n\n    go install github.com/bluekeyes/patch2pr/cmd/patch2pr@latest\n\nThe CLI takes a path to a patch file as the only argument or reads a patch from\nstdin if no file is given.\n\nThe other required arguments are:\n\n- The `-repository` flag to specify the repository in `owner/name` format\n- A GitHub token, set with the `-token` flag or in the `GITHUB_TOKEN`\n  environment variable.\n  - Classic tokens must have `repo` scope\n  - Fine-grained tokens must have read and write access to `administration` (for creating forks), `contents` (for committing changes), and `pull requests`\n\nFor example:\n\n    $ export GITHUB_TOKEN=\"token\"\n    $ patch2pr -repository bluekeyes/patch2pr /path/to/file.patch\n\nSee the CLI help (`-h` or `-help`) or below for full details.\n\n[releases]: https://github.com/bluekeyes/patch2pr/releases\n\n### Full Usage\n\n```\nUsage: patch2pr [options] [patch...]\n\n  Create a GitHub pull request from a patch file\n\n  This command parses one or more patches, applies them, and creates a pull\n  request with the result. It does not clone the repository. If no patch files\n  are given, the command reads the patches from standard input. Each file can\n  contain a single patch or multiple patches in the mbox format produced by 'git\n  format-patch --stdout' or GitHub's patch view.\n\n  By default, patch2pr uses the patch header for author and committer\n  information, falling back to the authenticated GitHub user if the headers are\n  missing or invalid. Callers can override these values using the standard Git\n  environment variables:\n\n    GIT_AUTHOR_NAME\n    GIT_AUTHOR_EMAIL\n    GIT_AUTHOR_DATE\n    GIT_COMMITTER_NAME\n    GIT_COMMITER_EMAIL\n    GIT_COMMITER_DATE\n\n  Override the commit message by using the -message flag.\n\n  With the -fork and -fork-repository flags, the command can submit the pull\n  request from a fork repository. If an existing fork does not exist, the\n  command creates a new fork, which may take up to five minutes.\n\nOptions:\n\n  -base-branch=branch    The branch to target with the pull request. If unset,\n                         use the repository's default branch.\n\n  -draft                 Create a draft pull request.\n\n  -force                 Update the head branch even if it exists and is not a\n                         fast-forward.\n\n  -fork                  Submit the pull request from a fork instead of pushing\n                         directly to the repository. With no other flags, use a\n                         fork in the current account with the same name as the\n                         target repository, creating the fork if it does not exist.\n\n  -fork-repository=repo  Submit the pull request from the named fork instead of\n                         pushing directly to the repository, creating the fork\n                         if it does not exist. Implies the -fork flag.\n\n  -head-branch=branch    The branch to create or update with the new commit. If\n                         unset, use 'patch2pr'.\n\n  -json                  Output information about the new commit and pull request\n                         in JSON format.\n\n  -message=message       Message for the commit. Overrides the patch header.\n\n  -no-pull-request       Do not create a pull request after creating a commit.\n\n  -patch-base=base       Base commit to apply the patch to. Can be a SHA1, a\n                         branch, or a tag. Branches and tags must start with\n                         'refs/heads/' or 'refs/tags/' respectively. If unset,\n                         use the repository's default branch.\n\n  -pull-body=body        The body for the pull request. If unset, use the body of\n                         the commit message.\n\n  -pull-title=title      The title for the pull request. If unset, use the title\n                         of the commit message.\n\n  -repository=repo       Repository to apply the patch to in 'owner/name' format.\n                         Required.\n\n  -token=token           GitHub API token with 'repo' scope for authentication.\n                         If unset, use the value of the GITHUB_TOKEN environment\n                         variable.\n\n  -url=url               GitHub API URL. If unset, use https://api.github.com.\n\n  -v/-version            Print the version and exit.\n```\n\n## Usage: Library\n\nThe CLI is built on the `patch2pr` library, which can be used to build other\ntools that apply patches directly to GitHub. See the [documentation][] for full\ndetails.\n\nThe library uses [google/go-github][] to interact with GitHub and exposes types\nfrom that package in the API.\n\n[documentation]: https://pkg.go.dev/github.com/bluekeyes/patch2pr?tab=doc\n[google/go-github]: https://github.com/google/go-github\n\n## Stability\n\nBeta. The library is used in a production application that applies thousands of\npatches every day, but the interface for both the CLI and the library may\nchange.\n\nWhile the underlying patch library ([bluekeyes/go-gitdiff][]) has good test\ncoverage and real-world usage, the space of all possible patches is large, so\nthere are likely undiscovered bugs.\n\n[bluekeyes/go-gitdiff]: https://github.com/bluekeyes/go-gitdiff\n\n## Contributing\n\nContributions are welcome. If reporting an issue with applying a patch, please\ninclude the patch file and the base commit or file content if possible. A link\nto a public repository is most helpful.\n\nAt this time, I don't intend to support services other than GitHub. If you'd\nlike support for another service, please file an issue with a link to the\nrelevant API documentation so I can estimate the work involved in adding the\nnecessary abstractions.\n\n## License\n\nMIT\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbluekeyes%2Fpatch2pr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbluekeyes%2Fpatch2pr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbluekeyes%2Fpatch2pr/lists"}