{"id":13393570,"url":"https://github.com/codfish/semantic-release-action","last_synced_at":"2025-10-08T06:11:03.125Z","repository":{"id":37484068,"uuid":"204737196","full_name":"codfish/semantic-release-action","owner":"codfish","description":"The Original GitHub Action for running semantic-release. Sets output and environment variables for you to use in subsequent actions.","archived":false,"fork":false,"pushed_at":"2025-09-22T20:22:28.000Z","size":739,"stargazers_count":115,"open_issues_count":2,"forks_count":21,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-22T21:25:10.773Z","etag":null,"topics":["actions","ci-cd","github-actions","semantic-release","semantic-versioning"],"latest_commit_sha":null,"homepage":"https://github.com/codfish/semantic-release-action","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codfish.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-08-27T15:48:58.000Z","updated_at":"2025-09-22T18:26:31.000Z","dependencies_parsed_at":"2024-03-30T20:33:45.158Z","dependency_job_id":"95a42066-b198-412f-9591-d4b9736bb15f","html_url":"https://github.com/codfish/semantic-release-action","commit_stats":{"total_commits":68,"total_committers":11,"mean_commits":6.181818181818182,"dds":"0.42647058823529416","last_synced_commit":"a9d6d1550a1bd93a9ddc19a95ba4c790bff32be7"},"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/codfish/semantic-release-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codfish%2Fsemantic-release-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codfish%2Fsemantic-release-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codfish%2Fsemantic-release-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codfish%2Fsemantic-release-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codfish","download_url":"https://codeload.github.com/codfish/semantic-release-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codfish%2Fsemantic-release-action/sbom","scorecard":{"id":298086,"data":{"date":"2025-08-11","repo":{"name":"github.com/codfish/semantic-release-action","commit":"14f7beb73f79f126539141e5aa436a1a1f161d34"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.1,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":3,"reason":"Found 7/20 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: found token with 'none' permissions: .github/workflows/validate.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event.pull_request.head.sha || github.ref }}': .github/workflows/validate.yml:11"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/validate.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/validate.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/validate.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/validate.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/codfish/semantic-release-action/validate.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:20.12.1-slim to node:20.12.1-slim@sha256:b0bc8ac0cc6d3587478658223fb5d56a0a6a92eef01a8db11ab8b2142b4ccb46","Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned","Info: 0 out of 6 third-party GitHubAction dependencies pinned","Info: 0 out of 1 containerImage dependencies pinned","Info: 2 out of 2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"19 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T20:01:36.404Z","repository_id":37484068,"created_at":"2025-08-17T20:01:36.404Z","updated_at":"2025-08-17T20:01:36.404Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278898181,"owners_count":26064949,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","ci-cd","github-actions","semantic-release","semantic-versioning"],"created_at":"2024-07-30T17:00:56.133Z","updated_at":"2025-10-08T06:11:03.118Z","avatar_url":"https://github.com/codfish.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# semantic-release-action\n\nGitHub Action for running `semantic-release`. Respects any semantic-release configuration file in\nyour repo or the `release` prop in your `package.json`. Exports [environment variables](#outputs)\nfor you to use in subsequent actions containing version numbers.\n\n\u003e **Note**: `v4` of this action uses semantic-release v24 \u0026 node v22.18.0. `v3` uses\n\u003e `semantic-release` v22 \u0026 node v20.9. `v2` uses `semantic-release` v20 \u0026 node v18.7.\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Usage](#usage)\n - [Which Version to Use](#which-version-to-use)\n- [Why](#why)\n- [Configuration](#configuration)\n - [Example with all inputs](#example-with-all-inputs)\n - [Outputs](#outputs)\n- [Recipes](#recipes)\n - [Including all commit types in a release](#including-all-commit-types-in-a-release)\n- [Maintenance](#maintenance)\n - [Test pull requests in downstream apps before merging](#test-pull-requests-in-downstream-apps-before-merging)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e Check the release notes for help:\n\u003e\n\u003e - [migrating to v4](https://github.com/codfish/semantic-release-action/releases/tag/v4.0.0).\n\u003e - [migrating to v3](https://github.com/codfish/semantic-release-action/releases/tag/v3.0.0).\n\n## Usage\n\n```yml\nsteps:\n - uses: actions/checkout@v5\n\n - uses: codfish/semantic-release-action@v4\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n```\n\n**Using output variables set by `semantic-release-action`:**\n\n```yml\nsteps:\n - uses: actions/checkout@v5\n\n # you'll need to add an `id` in order to access output variables\n - uses: codfish/semantic-release-action@v4\n id: semantic\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n\n - run: echo ${{ steps.semantic.outputs.release-version }}\n\n - run: echo \"$OUTPUTS\"\n env:\n OUTPUTS: ${{ toJson(steps.semantic.outputs) }}\n\n - uses: codfish/some-other-action@v1\n with:\n release-version: ${{ steps.semantic.outputs.release-version }}\n```\n\n**Example:** Only run an action if a new version was created.\n\n```yml\nsteps:\n - uses: actions/checkout@v5\n\n # you'll need to add an `id` in order to access output variables\n - uses: codfish/semantic-release-action@v4\n id: semantic\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n\n - name: docker push version\n if: steps.semantic.outputs.new-release-published == 'true'\n run: |\n docker tag some-image some-image:$TAG\n docker push some-image:$TAG\n env:\n TAG: v$RELEASE_VERSION\n```\n\n**Using environment variables set by `semantic-release-action`:**\n\n```yml\nsteps:\n - uses: actions/checkout@v5\n\n - uses: codfish/semantic-release-action@v4\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n\n - run: |\n echo $RELEASE_VERSION\n echo $RELEASE_MAJOR\n echo $RELEASE_MINOR\n echo $RELEASE_PATCH\n```\n\n\u003e [!NOTE]\n\u003e\n\u003e If you're _not_ publishing to npm and only want to use this action for GitHub releases, the\n\u003e easiest approach would simply be to add `\"private\": true,` to your `package.json`.\n\n\u003e [!NOTE]\n\u003e\n\u003e For scoped packages that you want to be public, you'll need to add\n\u003e `\"publishConfig\": { \"access\": \"public\" },` to your `package.json`.\n\n### Which Version to Use\n\nSee [action.yml](action.yml).\n\n```yml\nsteps:\n # Recommended: Docker image digest from GitHub Container Registry (best for speed \u0026 security)\n - uses: docker://ghcr.io/codfish/semantic-release-action@sha256:327a3ce08284f9dd9b83b607e3f668dae90139e68ce90780b0a43a09d577dc3a\n\n # Major version of a release\n - uses: codfish/semantic-release-action@v4\n\n # Minor version of a release\n - uses: codfish/semantic-release-action@v4.0.1\n\n # Specific commit\n - uses: codfish/semantic-release-action@ee5b4afec556c3bf8b9f0b9cd542aade9e486033\n\n # Git branch\n - uses: codfish/semantic-release-action@main\n```\n\n\u003e [!NOTE]\n\u003e\n\u003e Whenever you use a custom docker-based GitHub Action like this one, you may notice in your run\n\u003e logs, one of the first steps you'll see will be GA building the image for you. You can speed up\n\u003e runs by pulling pre-built docker images instead of making GitHub Actions build them on every run.\n\n```yml\nsteps:\n # GitHub Container Registry\n - uses: docker://ghcr.io/codfish/semantic-release-action:v4\n\n # Dockerhub\n - uses: docker://codfish/semantic-release-action:v4\n```\n\n\u003e [!TIP]\n\u003e\n\u003e **If you're security conscious**, you can\n\u003e [pin the docker image down to a specific digest](https://francoisbest.com/posts/2020/the-security-of-github-actions#docker-based-actions)\n\u003e instead of using an image tag, which is a mutable reference.\n\n```yml\nsteps:\n # Docker image digest from GitHub Container Registry\n - uses: docker://ghcr.io/codfish/semantic-release-action@sha256:327a3ce08284f9dd9b83b607e3f668dae90139e68ce90780b0a43a09d577dc3a\n```\n\nWhere `\u003cdigest\u003e` is any\n[docker image digest you want here](https://github.com/users/codfish/packages/container/package/semantic-release-action).\n\n## Why\n\nIt's fairly easy to run `semantic-release` as a \"host action,\" aka something that runs directly on\nthe VM.\n\n```yml\nsteps:\n - run: npx semantic-release\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n```\n\nIf you're just publishing a node package, then this could still work well for you. The problem I\nfound with this is when I was in projects where I had subsequent steps/actions in which I wanted to\nknow whether a new version was cut.\n\n\u003e **Use Case:** For instance, in an application where I'm using `semantic-release` to manage GitHub\n\u003e releases, but also building and pushing docker images. Dockerhub has a\n\u003e [nice GitHub integration](https://docs.docker.com/docker-hub/builds/) to handle this for us, but\n\u003e some other registries do not. If I need to cut a new release, then update a docker registry by\n\u003e adding a new tagged build, I'll want to run `semantic-release` and then build a docker image, tag\n\u003e it with a version and push it up. In my case I like to push up tags for `latest`, the semver (i.e.\n\u003e `v1.8.3`), and just the major the version (i.e. `v1`).\n\nI want to know 1) if semantic-release cut a new version and 2) what the version is.\n\nThere's a number of ways to handle this, but the most elegant way I found to do it was to abstract\nit into it's own custom action. It abstracts away whatever logic you need to figure out what that\nnew release number is.\n\nThis also scales well, just in case I want to add some flexibility and functionality to this action,\nI can easily leverage it across any project.\n\n## Configuration\n\nYou can pass in `semantic-release` configuration options via GitHub Action inputs using `with`.\n\nIt's important to note, **NONE** of these inputs are required. Semantic release has a default\nconfiguration that it will use if you don't provide any.\n\nAlso of note, if you'd like to override the default configuration, and you'd rather not use the\ninputs here, the action will automatically use any\n[`semantic-release` configuration](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#configuration-file)\ndefined in your repo (`.releaserc`, `release.config.js`, `release` prop in `package.json`)\n\n\u003e [!NOTE]\n\u003e\n\u003e Each input **will take precedence** over options configured in the configuration file and\n\u003e shareable configurations.\n\n| Input Variable | Type | Description | Default |\n| --------------------- | --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |\n| `branches` | `Array`, `String`, `Object` | The branches on which releases should happen. Our default mimic's semantic-release's, with one major inclusion: the `main` branch. | `['+([0-9])?(.{+([0-9]),x}).x', 'master', 'main', 'next', 'next-major', {name: 'beta', prerelease: true}, {name: 'alpha', prerelease: true}]` |\n| `plugins` | `Array` | Define the list of plugins to use. Plugins will run in series, in the order defined, for each steps if they implement it | [Semantic default](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#plugins) |\n| `extends` | `Array`, `String` | List of modules or file paths containing a shareable configuration. | [Semantic default](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#extends) |\n| `additional-packages` | `Array`, `String` | Define a list of additional plugins/configurations (official or community) to install. Use this if you 1) use any plugins other than the defaults, which are already installed along with semantic-release or 2) want to extend from a shareable configuration. | `[]` |\n| `dry-run` | `Boolean` | The objective of the dry-run mode is to get a preview of the pending release. Dry-run mode skips the following steps: prepare, publish, success and fail. | [Semantic default](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#dryrun) |\n| `working-directory` | `String` | The working directory to use for all semantic-release actions. | `.` |\n| `repository-url` | `String` | The git repository URL | [Semantic default](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#repositoryurl) |\n| `tag-format` | `String` | The Git tag format used by semantic-release to identify releases. | [Semantic default](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#tagformat) |\n\n\u003e [!NOTE]\n\u003e\n\u003e Any package specified in `extends` or `additional-packages` will be installed automatically for\n\u003e you as a convenience, allowing you to use this action without adding new dependencies to your\n\u003e application or install deps in a separate action step.\n\n\u003e [!NOTE]\n\u003e\n\u003e `additional-packages` won't get used automatically, setting this variable will just install them\n\u003e so you can use them. You'll need to actually list them in your `plugins` and/or `extends`\n\u003e configuration for **semantic-release** to use them.\n\n\u003e [!NOTE]\n\u003e\n\u003e The `branch` input is **DEPRECATED**. Will continue to be supported for v1. Use `branches`\n\u003e instead. Previously used in semantic-release v15 to set a single branch on which releases should\n\u003e happen.\n\n- **GitHub Actions Inputs:**\n https://help.github.com/en/articles/metadata-syntax-for-github-actions#inputs\n- **Semantic Release Configuration:**\n https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md\n\n### Example with all inputs\n\n```yml\nsteps:\n - run: codfish/semantic-release-action@v4\n with:\n dry-run: true\n branches: |\n [\n '+([0-9])?(.{+([0-9]),x}).x',\n 'main',\n 'next',\n 'next-major',\n {\n name: 'beta',\n prerelease: true\n },\n {\n name: 'alpha',\n prerelease: true\n }\n ]\n repository-url: https://github.com/codfish/semantic-release-action.git\n tag-format: 'v${version}'\n working-directory: dist\n extends: '@semantic-release/apm-config'\n additional-packages: |\n ['@semantic-release/apm@4.0.0', '@semantic-release/git']\n plugins: |\n ['@semantic-release/commit-analyzer', '@semantic-release/release-notes-generator', '@semantic-release/github', '@semantic-release/apm', '@semantic-release/git']\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n```\n\n### Outputs\n\n`semantic-release-action` sets both output variables and environment variables because why not?\nAllows users the ability to use whichever they want. I don't know or understand every use case there\nmight be so this is a way to cover more cases.\n\n**Docs:** https://help.github.com/en/articles/metadata-syntax-for-github-actions#outputs\n\n#### Output Variables\n\n| Output Variable | Description |\n| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |\n| new-release-published | Either `'true'` when a new release was published or `'false'` when no release was published. Allows other actions to run or not-run based on this |\n| release-version | The new releases' semantic version, i.e. `1.8.3` |\n| release-major | The new releases' major version number, i.e. `1` |\n| release-minor | The new releases' minor version number, i.e. `8` |\n| release-patch | The new releases' patch version number, i.e. `3` |\n| release-notes | The release notes of the next release. |\n| type | The semver export type of the release, e.g. `major`, `prerelease`, etc. |\n| channel | The release channel of the release. |\n| git-head | The git hash of the release. |\n| git-tag | The version with v prefix. |\n| name | The release name. |\n\n#### Environment Variables\n\n| Environment Variable | Description |\n| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |\n| NEW_RELEASE_PUBLISHED | Either `'true'` when a new release was published or `'false'` when no release was published. Allows other actions to run or not-run based on this |\n| RELEASE_VERSION | The new releases' semantic version, i.e. `1.8.3` |\n| RELEASE_MAJOR | The new releases' major version number, i.e. `1` |\n| RELEASE_MINOR | The new releases' minor version number, i.e. `8` |\n| RELEASE_PATCH | The new releases' patch version number, i.e. `3` |\n| RELEASE_NOTES | The release notes of the next release in markdown. |\n| RELEASE_TYPE | The semver export type of the release, e.g. `major`, `prerelease`, etc. |\n| RELEASE_CHANNEL | The release channel of the release. |\n| RELEASE_GIT_HEAD | The git hash of the release. |\n| RELEASE_GIT_TAG | The version with v prefix. |\n| RELEASE_NAME | The release name. |\n\n## Recipes\n\n### Including all commit types in a release\n\nBy default, `semantic-release` only includes `fix`, `feat`, and `perf` commit types in the release.\nA lot of projects want to include all commit types in their release notes, while still using\n`semantic-release`'s commit analyzer to only create releases for `fix`, `feat`, and `perf` commits.\n\n```yml\n- run: codfish/semantic-release-action@v4\n with:\n additional-packages: ['conventional-changelog-conventionalcommits@7']\n plugins: |\n [\n '@semantic-release/commit-analyzer',\n [\n \"@semantic-release/release-notes-generator\",\n {\n \"preset\": \"conventionalcommits\",\n \"presetConfig\": {\n \"types\": [\n { type: 'feat', section: 'Features', hidden: false },\n { type: 'fix', section: 'Bug Fixes', hidden: false },\n { type: 'perf', section: 'Performance Improvements', hidden: false },\n { type: 'revert', section: 'Reverts', hidden: false },\n { type: 'docs', section: 'Other Updates', hidden: false },\n { type: 'style', section: 'Other Updates', hidden: false },\n { type: 'chore', section: 'Other Updates', hidden: false },\n { type: 'refactor', section: 'Other Updates', hidden: false },\n { type: 'test', section: 'Other Updates', hidden: false },\n { type: 'build', section: 'Other Updates', hidden: false },\n { type: 'ci', section: 'Other Updates', hidden: false }\n ]\n }\n }\n ],\n '@semantic-release/npm',\n '@semantic-release/github'\n ]\n```\n\nThis configuration uses the `conventional-changelog-conventionalcommits` package to generate release\nnotes \u0026 configures `@semantic-release/release-notes-generator` to include all commit types. Tweaking\nthe `types` array will allow you to include or exclude specific commit types \u0026 group them to your\nliking.\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e This example uses the `additional-packages` input to install the\n\u003e `conventional-changelog-conventionalcommits` package. This is necessary because `semantic-release`\n\u003e doesn't install it by default \u0026 it's required for the customization of the `presetConfig` in the\n\u003e `@semantic-release/release-notes-generator` plugin.\n\n## Maintenance\n\n\u003e Make the new release available to those binding to the major version tag: Move the major version\n\u003e tag (v3, v4, etc.) to point to the ref of the current release. This will act as the stable release\n\u003e for that major version. You should keep this tag updated to the most recent stable minor/patch\n\u003e release.\n\n```sh\ngit tag -fa v4 -m \"Update v4 tag\" \u0026\u0026 git push origin v4 --force\n```\n\n**Reference**:\nhttps://github.com/actions/toolkit/blob/main/docs/action-versioning.md#recommendations\n\n### Test pull requests in downstream apps before merging\n\nOur validation workflow builds and publishes a multi-arch Docker image to GitHub Container Registry\nfor every pull request, tagging the image with the PR's branch name. You can point downstream\nrepositories at this branch-tagged image to try changes before merging.\n\n```yml\n- uses: docker://ghcr.io/codfish/semantic-release-action:\u003cbranch-name\u003e\n```\n\nReplace `\u003cbranch-name\u003e` with the PR's branch name (for example, `feature/xyz`). Switch back to your\npinned version (for example, `codfish/semantic-release-action@v4` or a specific digest) when you're\ndone testing.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodfish%2Fsemantic-release-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodfish%2Fsemantic-release-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodfish%2Fsemantic-release-action/lists"}