{"id":14986089,"url":"https://github.com/cbrgm/mastodon-github-action","last_synced_at":"2026-03-01T14:04:25.213Z","repository":{"id":62958526,"uuid":"564026876","full_name":"cbrgm/mastodon-github-action","owner":"cbrgm","description":"Use this Action to send a toot (message) from a GitHub actions workflow to Mastodon.","archived":false,"fork":false,"pushed_at":"2026-01-28T16:56:25.000Z","size":564,"stargazers_count":37,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-01-29T13:51:52.365Z","etag":null,"topics":["action","github","mastodon","toot","workflow"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cbrgm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"ko_fi":"chrisbargmann"}},"created_at":"2022-11-09T20:50:26.000Z","updated_at":"2026-01-28T16:56:29.000Z","dependencies_parsed_at":"2023-09-21T20:14:44.884Z","dependency_job_id":"833334ee-3ede-4c72-9bb1-a36fffb22663","html_url":"https://github.com/cbrgm/mastodon-github-action","commit_stats":{"total_commits":82,"total_committers":4,"mean_commits":20.5,"dds":0.5731707317073171,"last_synced_commit":"eec9734402fe90511688538f942a916c61808ba7"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"purl":"pkg:github/cbrgm/mastodon-github-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbrgm%2Fmastodon-github-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbrgm%2Fmastodon-github-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbrgm%2Fmastodon-github-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbrgm%2Fmastodon-github-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cbrgm","download_url":"https://codeload.github.com/cbrgm/mastodon-github-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cbrgm%2Fmastodon-github-action/sbom","scorecard":{"id":268709,"data":{"date":"2025-08-11","repo":{"name":"github.com/cbrgm/mastodon-github-action","commit":"5b300a142d5b381ec8645e770b21b8dbb0e9622b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"25 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/example-workflow-envs.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/cbrgm/mastodon-github-action/example-workflow-envs.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/example-workflow.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/cbrgm/mastodon-github-action/example-workflow.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/stale.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/cbrgm/mastodon-github-action/stale.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/cbrgm/mastodon-github-action/tag.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile.linux.386:1","Warn: containerImage not pinned by hash: Dockerfile.linux.amd64:1","Warn: containerImage not pinned by hash: Dockerfile.linux.arm:1","Warn: containerImage not pinned by hash: Dockerfile.linux.arm64:1","Info:  10 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:  14 out of  18 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/automerge.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/container.yml:16","Warn: topLevel 'packages' permission set to 'write': .github/workflows/container.yml:17","Warn: no topLevel permission defined: .github/workflows/example-workflow-envs.yml:1","Warn: no topLevel permission defined: .github/workflows/example-workflow.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/go-binaries.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/go-lint-test.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/notify.yml:9","Warn: topLevel 'contents' permission set to 'write': .github/workflows/stale.yml:10","Warn: topLevel 'contents' permission set to 'write': .github/workflows/tag.yml:30","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.1.18 not signed: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/236870652","Warn: release artifact v2.1.17 not signed: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/229097537","Warn: release artifact v2.1.16 not signed: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/222276590","Warn: release artifact v2.1.15 not signed: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/215976389","Warn: release artifact v2.1.14 not signed: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/209584759","Warn: release artifact v2.1.18 does not have provenance: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/236870652","Warn: release artifact v2.1.17 does not have provenance: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/229097537","Warn: release artifact v2.1.16 does not have provenance: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/222276590","Warn: release artifact v2.1.15 does not have provenance: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/215976389","Warn: release artifact v2.1.14 does not have provenance: https://api.github.com/repos/cbrgm/mastodon-github-action/releases/209584759"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/container.yml:20"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T12:49:28.842Z","repository_id":62958526,"created_at":"2025-08-17T12:49:28.842Z","updated_at":"2025-08-17T12:49:28.842Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28980178,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T13:38:33.235Z","status":"ssl_error","status_checked_at":"2026-02-01T13:38:32.912Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","github","mastodon","toot","workflow"],"created_at":"2024-09-24T14:12:18.600Z","updated_at":"2026-02-01T14:07:16.796Z","avatar_url":"https://github.com/cbrgm.png","language":"Go","readme":"# Mastodon Send GitHub Action\n\n\u003cimg\n  src=\"https://upload.wikimedia.org/wikipedia/commons/4/48/Mastodon_Logotype_%28Simple%29.svg\"\n  width=\"120px\"\n  align=\"right\"\n/\u003e\n\n**Use this action to send a toot (message) from a GitHub actions workflow to Mastodon.**\n\n[![GitHub release](https://img.shields.io/github/release/cbrgm/mastodon-github-action.svg)](https://github.com/cbrgm/mastodon-github-action)\n[![Go Report Card](https://goreportcard.com/badge/github.com/cbrgm/mastodon-github-action)](https://goreportcard.com/report/github.com/cbrgm/mastodon-github-action)\n[![go-lint-test](https://github.com/cbrgm/mastodon-github-action/actions/workflows/go-lint-test.yml/badge.svg)](https://github.com/cbrgm/mastodon-github-action/actions/workflows/go-lint-test.yml)\n[![go-binaries](https://github.com/cbrgm/mastodon-github-action/actions/workflows/go-binaries.yml/badge.svg)](https://github.com/cbrgm/mastodon-github-action/actions/workflows/go-binaries.yml)\n[![container](https://github.com/cbrgm/mastodon-github-action/actions/workflows/container.yml/badge.svg)](https://github.com/cbrgm/mastodon-github-action/actions/workflows/container.yml)\n\n## Inputs\n\n- `url`: **Required** - Mastodon instance URL.\n- `access-token`: **Required** - Mastodon access token for authentication. Use secrets to protect your access token.\n- `message`: **Required** - The content of the toot to be posted.\n- `visibility`: Optional - Visibility of the toot (`public`, `unlisted`, `private`, `direct`). Defaults to `public`.\n- `sensitive`: Optional - Mark the toot and attached media as sensitive. Accepts `true` or `false`. Defaults to `false`.\n- `spoiler-text`: Optional - Text to be shown as a warning before the actual content, used when `sensitive` is `true`.\n- `language`: Optional - ISO 639 language code for the toot, helping to categorize the post by language.\n- `scheduled-at`: Optional - ISO 8601 Datetime when the toot should be posted. Must be at least 5 minutes in the future.\n\n## Outputs\n\n- `id`: The ID of the toot that was posted. Useful for further actions or logging.\n- `url`: The URL to the toot if present. Allows direct access to the posted toot.\n- `scheduled_at`: The datetime at which the toot is scheduled to be posted, in ISO 8601 format if the toot was scheduled for a future time.\n\n## Container Usage\n\nThis action can be executed independently from workflows within a container. To do so, use the following command:\n\n```\npodman run --rm -it ghcr.io/cbrgm/mastodon-github-action:v2 --help\n```\n\n## Workflow Usage\n\nFirst, open `/settings/applications/new` of your instance on your browser and create new application. Once the application is created set the following repository secrets\n\n* `MASTODON_URL` - Your instance URL, e.g. `https://example.social`\n* `MASTODON_ACCESS_TOKEN` - Your access token obtained from your newly created application\n\nUse the following step in your GitHub Actions Workflow:\n\n```yaml\n\n- name: Send toot to Mastodon\n  id: mastodon\n  uses: cbrgm/mastodon-github-action@v2\n  with:\n    access-token: ${{ secrets.MASTODON_ACCESS_TOKEN }} # access token\n    url: ${{ secrets.MASTODON_URL }} # https://example.social\n    message: \"Hello from GitHub Actions!\"\n\n```\n\nAdvanced usage:\n\n```yaml\n- name: Send toot to Mastodon with additional options\n  id: mastodon_toot\n  uses: cbrgm/mastodon-github-action@v2\n  with:\n    access-token: ${{ secrets.MASTODON_ACCESS_TOKEN }} # Mastodon access token for authentication.\n    url: ${{ secrets.MASTODON_URL }} # Mastodon instance URL, e.g., https://example.social.\n    message: \"Hello from GitHub Actions! Check out our latest update.\" # The content of the toot.\n    visibility: \"unlisted\" # Make the toot unlisted to avoid spamming public timelines.\n    sensitive: \"true\" # Mark the toot as sensitive.\n    spoiler-text: \"Latest Update\" # Provide a content warning for the actual message.\n    language: \"en\" # ISO 639 language code for the toot.\n    scheduled-at: \"2024-01-01T00:00:00Z\" # Schedule the toot for a future date/time.\n\n# Example on how to use outputs from the Mastodon action step.\n- name: Get toot information\n  run: |\n    echo \"Toot ID: ${{ steps.mastodon_toot.outputs.id }}\"\n    echo \"Toot URL: ${{ steps.mastodon_toot.outputs.url }}\"\n    echo \"Scheduled at: ${{ steps.mastodon_toot.outputs.scheduled_at }}\"\n```\n\nYou can find more usage examples in the [./example-workflows](./example-workflows/) subfolder.\n\n#### About message `visibility` types\n\n- **Public**: Posts are visible to everyone, including those outside the Fediverse. They can be found in Mastodon searches and on a user's public profile. Represented by a globe icon 🌎.\n- **Unlisted**: Posts are visible to everyone but do not appear in trending lists, Local or Federated timelines, or search results. Useful for replies in threads to avoid cluttering timelines. Marked with an open lock icon.\n- **Followers-only**: Only the poster's followers can see these posts. Advisable to enable follower requests to control who sees these posts. Indicated by a lock 🔒 or people 👥 icon.\n- **Mentioned**: Posts are only visible to users mentioned in the post. Use cautiously to ensure privacy. Denoted by an @ symbol.\n\n## Contributing \u0026 License\n\n* **Contributions Welcome!**: Interested in improving or adding features? Check our [Contributing Guide](https://github.com/cbrgm/mastodon-github-action/blob/main/CONTRIBUTING.md) for instructions on submitting changes and setting up development environment.\n* **Open-Source \u0026 Free**: Developed in my spare time, available for free under [Apache 2.0 License](https://github.com/cbrgm/mastodon-github-action/blob/main/LICENSE). License details your rights and obligations.\n* **Your Involvement Matters**: Code contributions, suggestions, feedback crucial for improvement and success. Let's maintain it as a useful resource for all 🌍.\n","funding_links":["https://ko-fi.com/chrisbargmann"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcbrgm%2Fmastodon-github-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcbrgm%2Fmastodon-github-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcbrgm%2Fmastodon-github-action/lists"}