{"id":34774903,"url":"https://github.com/cloudtruth/configure-action","last_synced_at":"2025-12-25T08:13:57.478Z","repository":{"id":37820574,"uuid":"365638193","full_name":"cloudtruth/configure-action","owner":"cloudtruth","description":"Securely deliver CloudTruth configuration and secrets into your GitHub Actions workflows.","archived":false,"fork":false,"pushed_at":"2025-04-08T10:14:13.000Z","size":2029,"stargazers_count":6,"open_issues_count":8,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-22T20:45:51.683Z","etag":null,"topics":["actions","cloudtruth","configuration-by-environment","configuration-management","dotenv","environment-variables","git-secrets","github-actions","secrets-management"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudtruth.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-09T00:40:03.000Z","updated_at":"2025-06-28T15:38:28.000Z","dependencies_parsed_at":"2024-12-03T17:41:27.736Z","dependency_job_id":"a71f1a08-e927-486f-aec9-8401d1166768","html_url":"https://github.com/cloudtruth/configure-action","commit_stats":{"total_commits":196,"total_committers":3,"mean_commits":65.33333333333333,"dds":"0.18877551020408168","last_synced_commit":"ca50fa936f918d5a94e9f085a5813a70f4e0a0d4"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/cloudtruth/configure-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudtruth%2Fconfigure-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudtruth%2Fconfigure-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudtruth%2Fconfigure-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudtruth%2Fconfigure-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudtruth","download_url":"https://codeload.github.com/cloudtruth/configure-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudtruth%2Fconfigure-action/sbom","scorecard":{"id":293345,"data":{"date":"2025-08-11","repo":{"name":"github.com/cloudtruth/configure-action","commit":"7ef7c9086c8cd23417954c4bfc760477da51c9be"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/test.yml:34","Info: jobLevel 'contents' permission set to 'read': .github/workflows/test.yml:35","Warn: no topLevel permission defined: .github/workflows/demo.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/demo.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/demo.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/cloudtruth/configure-action/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:77","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 10 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-x4c5-c7rf-jjgv","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T18:52:28.348Z","repository_id":37820574,"created_at":"2025-08-17T18:52:28.349Z","updated_at":"2025-08-17T18:52:28.349Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28024398,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-25T02:00:05.988Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","cloudtruth","configuration-by-environment","configuration-management","dotenv","environment-variables","git-secrets","github-actions","secrets-management"],"created_at":"2025-12-25T08:13:55.316Z","updated_at":"2025-12-25T08:13:57.469Z","avatar_url":"https://github.com/cloudtruth.png","language":"TypeScript","readme":"# configure-action\n\n ![ci](https://github.com/cloudtruth/configure-action/actions/workflows/test.yml/badge.svg)\n[![codecov](https://codecov.io/gh/cloudtruth/configure-action/branch/main/graph/badge.svg?token=CZs9Fqr6k9)](https://codecov.io/gh/cloudtruth/configure-action)\n[![open issues](https://img.shields.io/github/issues-raw/cloudtruth/configure-action?style=plastic)](https://github.com/cloudtruth/configure-action/issues)\n[![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=plastic)](https://github.com/prettier/prettier)\n[![license](https://img.shields.io/badge/License-Apache%202.0-blue.svg?style=plastic)](https://opensource.org/licenses/Apache-2.0)\n[![cloudtruth](https://img.shields.io/badge/configured--by-CloudTruth-blue.svg?style=plastic\u0026labelColor=384047\u0026color=00A6C0\u0026link=http://www.cloudtruth.com\u0026logoWidth=16\u0026logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAEKADAAQAAAABAAAAEAAAAAA0VXHyAAACPElEQVQ4EaWTS2gTYRDHu4+EhGjMyVrw4EECEgTBUrCCYHKIVRMJYelNDx56UqGg1x70UHxAEU+CRx8kJJFEEYQU1BURHwdLKJRWQSrFhiJKJNnmsf5m010C9tYPZme+mfnP95/vm1VyuZw2tIOlD2LT6fQBn883papqCv9epIuY3W73SbFYLEhuNpudIb6Yz+dzsvcKGIZxgf1cr9crA5hBFkgc1nV9VNO0uwAniP/Gd7bVasUFLMspANjAvtnpdM6VSqXXTqT/WUK9SSQS9yORyBzgy5ZlHapUKj/cHKXRaOwLhUJLnDgJzZcSSCaTe8LhcAU27wF9R4+ixwitIfPQvyF5slTAUyS8cMHi9Pv9u1FHAI2jjyNqs9mMt9vta9jTsVjMu3hp4Yxt27Nob0FxFdoj1Wr1r+fsG2t0+ysajY7VarV34lIAb9DXeLlcXiZYxafB6EM///8vrHYRbxOxsNdVDD9iD6QqA/Z2ZhzgQTcgLXzlqQ6jV7ichBughdA2LQzB8jSvdZ3XclrQofNcURR5xqcuOJVK7Q8EAoskL+BbFcq0eZWDZLiG6/X6ZzdXZSjuQSmZyWROuE6S/2B/AmiiXyGbwWBwnimdxL5tmqaFdpYi/wInnWc3CzUDam+3Yp7amgu5WJvip7jwb27QKSAbilxE3eLUZ7zMYwZrBWYjMsr4p5EvxJaFLaxPutMor+AsLvAB1Y+y+cns32GYPgJ+xD5OsSvEJwqFwiWKPOR+jvVRzMFOf+d/tiIEWie7N4kAAAAASUVORK5CYII=)](https://www.cloudtruth.com/)\n\n\nCloudTruth centralizes your configuration and secrets information to make it easier\nto manage.\n\nThis action allows you to extract the configuration and secrets from a project, scoped\nto an environment, into your GitHub Actions workflow.  This is done securely by ensuring\nthat the GitHub workflow engine is told which of your configuration values are considered\nsecrets, so it can ensure they are properly redacted.  This is analogous to the behavior\nyou would see if you added your secrets directly to your GitHub organization or repository\nand then accessed those secrets through the `secrets` object in your action.\n\nThis action will modify your `env` object to have values for all the parameters that\nyou have stored in your project for the given environment.\n\n## Prerequisites\n\nYou must have an api key established in your CloudTruth account.\n\n## Action inputs\n\n| name | required | description |\n| ---- | -------- | ----------- |\n| `apikey` | `yes` | The CloudTruth Service Account API Key to use. |\n| `project` | `yes` | The CloudTruth project (name or id) within the organization. |\n| `environment` | `yes` | The CloudTruth environment (name or id) view to use. |\n| `tag` | `no` | The CloudTruth tag (name) within the environment to use.  If not specified, current values will be retrieved. |\n| `overwrite` | `no` | (default: false) Allow existing environment variables to be overwritten. |\n| `server` | `no` | (default: `https://api.cloudtruth.io`) The CloudTruth server to execute the query against. |\n\n## Usage\n\nAdd a step to your workflow, ensuring that your CloudTruth service account api key is\nstored in GitHub as a secret:\n\n```yaml\n    - uses: cloudtruth/configure-action@v2\n      with:\n        apikey: \"${{ secrets.CLOUDTRUTH_API_KEY }}\"\n        project: \"\u003cproject name or id\u003e\"\n        environment: \"\u003cenvironment name or id\u003e\"\n```\n\nWe recommend using tags to provide consistent retrieval of configuration.\nTags isolate your deployments from changes being made in real-time by users.\n\nSee our [GitHub Actions workflow](https://github.com/cloudtruth/configure-action/blob/main/.github/workflows/demo.yml)\nfor a working example.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudtruth%2Fconfigure-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudtruth%2Fconfigure-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudtruth%2Fconfigure-action/lists"}