{"id":19584812,"url":"https://github.com/flex-development/dist-tag-action","last_synced_at":"2026-05-01T17:33:49.096Z","repository":{"id":54566396,"uuid":"522121144","full_name":"flex-development/dist-tag-action","owner":"flex-development","description":"Distribution tag lookup utility for GitHub Actions","archived":false,"fork":false,"pushed_at":"2023-06-12T09:05:12.000Z","size":1682,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-11T11:09:34.094Z","etag":null,"topics":["dist-tag","github-action","npm-dist-tag","npm-publish","typescript"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/dist-tag","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flex-development.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-07T05:09:03.000Z","updated_at":"2022-08-15T03:31:54.000Z","dependencies_parsed_at":"2025-01-09T05:44:34.807Z","dependency_job_id":"53933dc0-eff3-4ac3-b1b3-0d7740de5a42","html_url":"https://github.com/flex-development/dist-tag-action","commit_stats":{"total_commits":223,"total_committers":2,"mean_commits":111.5,"dds":"0.10313901345291476","last_synced_commit":"1261df2c0e2f93c422c1d127be192fb8ca17891f"},"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/flex-development/dist-tag-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fdist-tag-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fdist-tag-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fdist-tag-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fdist-tag-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flex-development","download_url":"https://codeload.github.com/flex-development/dist-tag-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flex-development%2Fdist-tag-action/sbom","scorecard":{"id":403115,"data":{"date":"2025-08-11","repo":{"name":"github.com/flex-development/dist-tag-action","commit":"1261df2c0e2f93c422c1d127be192fb8ca17891f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Code-Review","score":1,"reason":"Found 2/14 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.1.2 not signed: https://api.github.com/repos/flex-development/dist-tag-action/releases/83819038","Warn: release artifact 1.1.1 not signed: https://api.github.com/repos/flex-development/dist-tag-action/releases/78400060","Warn: release artifact 1.1.0 not signed: https://api.github.com/repos/flex-development/dist-tag-action/releases/74789420","Warn: release artifact 1.0.1-alpha.3 not signed: https://api.github.com/repos/flex-development/dist-tag-action/releases/74693569","Warn: release artifact 1.0.1-alpha.2 not signed: https://api.github.com/repos/flex-development/dist-tag-action/releases/74692877","Warn: release artifact 1.1.2 does not have provenance: https://api.github.com/repos/flex-development/dist-tag-action/releases/83819038","Warn: release artifact 1.1.1 does not have provenance: https://api.github.com/repos/flex-development/dist-tag-action/releases/78400060","Warn: release artifact 1.1.0 does not have provenance: https://api.github.com/repos/flex-development/dist-tag-action/releases/74789420","Warn: release artifact 1.0.1-alpha.3 does not have provenance: https://api.github.com/repos/flex-development/dist-tag-action/releases/74693569","Warn: release artifact 1.0.1-alpha.2 does not have provenance: https://api.github.com/repos/flex-development/dist-tag-action/releases/74692877"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/integrity.yml:35","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:71","Info: jobLevel 'packages' permission set to 'read': .github/workflows/release.yml:72","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:143","Warn: no topLevel permission defined: .github/workflows/action-test.yml:1","Warn: no topLevel permission defined: .github/workflows/add-to-project.yml:1","Warn: no topLevel permission defined: .github/workflows/approve-pr.yml:1","Info: topLevel 'packages' permission set to 'read': .github/workflows/ci.yml:22","Warn: no topLevel permission defined: .github/workflows/dependabot-auto.yml:1","Warn: no topLevel permission defined: .github/workflows/integrity.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/release.yml:61","Warn: third-party GitHubAction not pinned by hash: .github/workflows/action-test.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/action-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/action-test.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/action-test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/add-to-project.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/add-to-project.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/approve-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/approve-pr.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/approve-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/dependabot-auto.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/dependabot-auto.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot-auto.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/dependabot-auto.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/dependabot-auto.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrity.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/integrity.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-linked-issues.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/label-linked-issues.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-linked-issues.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/label-linked-issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-linked-issues.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/label-linked-issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labels.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/labels.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lock-inactive-threads.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/lock-inactive-threads.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/no-response-handler.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/no-response-handler.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/flex-development/dist-tag-action/release.yml/main?enable=pin","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  14 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":0,"reason":"41 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-f6v4-cf5j-vf3w","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-5r9g-qh6m-jxff","Warn: Project is vulnerable to: GHSA-r6ch-mqf9-qc9w","Warn: Project is vulnerable to: GHSA-wqq4-5wpv-mx2g","Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3","Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672","Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67","Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw","Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g","Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3","Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx","Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6","Warn: Project is vulnerable to: GHSA-x574-m823-4x7w","Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8","Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x","Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4","Warn: Project is vulnerable to: GHSA-859w-5945-r5v3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-f9xv-q969-pqx4"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T20:32:58.497Z","repository_id":54566396,"created_at":"2025-08-18T20:32:58.498Z","updated_at":"2025-08-18T20:32:58.498Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32507087,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dist-tag","github-action","npm-dist-tag","npm-publish","typescript"],"created_at":"2024-11-11T07:49:52.330Z","updated_at":"2026-05-01T17:33:49.068Z","avatar_url":"https://github.com/flex-development.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dist-tag-action\n\n[![action-test](https://github.com/flex-development/dist-tag-action/actions/workflows/action-test.yml/badge.svg)](https://github.com/flex-development/dist-tag-action/actions/workflows/action-test.yml)\n[![conventional commits](https://img.shields.io/badge/conventional%20commits-1.0.0-yellow.svg)](https://conventionalcommits.org)\n[![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg)](https://github.com/prettier/prettier)\n[![module type: esm](https://img.shields.io/badge/module%20type-esm-brightgreen)](https://github.com/voxpelli/badges-cjs-esm)\n[![license](https://img.shields.io/github/license/flex-development/dist-tag-action.svg)](LICENSE.md)\n[![typescript](https://badgen.net/badge/-/typescript?color=2a72bc\u0026icon=typescript\u0026label)](https://typescriptlang.org)\n\n\u003e **[Distribution tag][3] lookup utility for GitHub Actions.**\n\n## Usage\n\nSee [`action.yml`](action.yml)\n\n```yaml\nname: dist-tag\non:\n  workflow_dispatch:\n    inputs:\n      delimiter:\n        description: lookup target separator\n        required: true\n      target:\n        description: lookup target\n        required: true\njobs:\n  dist-tag:\n    runs-on: ubuntu-latest\n    steps:\n      - id: dist-tag\n        name: Get dist tag\n        uses: flex-development/dist-tag-action@\u003cVERSION\u003e\n        with:\n          delimiter: ${{ github.event.inputs.delimiter }}\n          target: ${{ github.event.inputs.target }}\n      - id: print-raw\n        name: Print raw dist tag\n        run: echo ${{ steps.dist-tag.outputs.tag }}\n      - id: print-flag\n        name: Print dist tag as npm flag (--tag \u003ctag\u003e)\n        run: echo ${{ steps.dist-tag.outputs.flag }}\n      - id: print-prerelease-state\n        name: Print prerelease state\n        run: echo ${{ steps.dist-tag.outputs.prerelease }}\n```\n\n## Inputs and Outputs\n\n```yaml\ninputs:\n  delimiter:\n    description: lookup target separator\n    required: false\n  target:\n    description: lookup target\n    required: false\noutputs:\n  flag:\n    description: |\n      dist tag in cli flag format (--tag \u003ctag\u003e) or empty string\n      see: https://docs.npmjs.com/cli/v8/commands/npm-publish#tag\n  prerelease:\n    description: boolean indicating prerelease state. determined by dist tag length\n  tag:\n    description: dist tag or empty string\n```\n\n## Examples\n\n### Publish GitHub Release\n\nSee [`.github/workflows/release.yml`](.github/workflows/release.yml) for a\nbreadth worthy alternative.\n\n```yaml\n# Release\n#\n# Publish a GitHub release when a `release/*` branch is merged into `main`.\n#\n# References:\n#\n# - https://cli.github.com/manual/gh_release_create\n# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request\n# - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows\n# - https://github.com/actions/checkout\n# - https://github.com/crazy-max/ghaction-import-gpg\n\n---\nname: release\non:\n  pull_request:\n    branches:\n      - main\n    types:\n      - closed\njobs:\n  metadata:\n    if: startsWith(github.head_ref, 'release/') \u0026\u0026 github.event.pull_request.merged\n    runs-on: ubuntu-latest\n    outputs:\n      prerelease: ${{ steps.dist-tag.outputs.prerelease }}\n      tag: ${{ steps.tag.outputs.result }}\n      version: ${{ steps.version.outputs.result }}\n    steps:\n      - id: checkout\n        name: Checkout ${{ github.head_ref }}\n        uses: actions/checkout@v3.0.2\n        with:\n          ref: ${{ github.head_ref }}\n      - id: version\n        name: Get version\n        run: echo \"::set-output name=result::$(jq .version package.json -r)\"\n      - id: tag\n        name: Get release tag\n        run: echo \"::set-output name=result::${{ steps.version.outputs.result }}\"\n      - id: dist-tag\n        name: Get dist tag\n        uses: flex-development/dist-tag-action@\u003cVERSION\u003e\n        with:\n          target: ${{ steps.version.outputs.result }}\n  publish:\n    needs: metadata\n    runs-on: ubuntu-latest\n    environment:\n      name: production\n      url:\n        ${{ format('{0}/{1}/releases/tag/{2}', github.server_url, github.repository,\n        needs.metadata.outputs.tag) }}\n    env:\n      NOTES_FILE: ./RELEASE_NOTES.md\n      TAG: ${{ needs.metadata.outputs.tag }}\n    steps:\n      - id: checkout\n        name: Checkout event.pull_request.merge_commit_sha\n        uses: actions/checkout@v3.0.2\n        with:\n          fetch-depth: 0\n          ref: ${{ github.event.pull_request.merge_commit_sha }}\n      - id: gpg-import\n        name: Import GPG key\n        uses: crazy-max/ghaction-import-gpg@v5.1.0\n        with:\n          git_config_global: true\n          git_tag_gpgsign: true\n          git_user_signingkey: true\n          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}\n      # todo: remove when https://github.com/crazy-max/ghaction-import-gpg/issues/118 is resolved\n      - id: gpg-trust\n        name: Set trust on GPG key\n        run: |\n          gpg --no-tty --command-fd 0 --edit-key ${{ steps.gpg-import.outputs.keyid }} \u003c\u003c EOTRUST\n          trust\n          5\n          y\n          quit\n          EOTRUST\n      - id: yarn\n        name: Install dependencies\n        run: yarn\n        env:\n          HUSKY: 0\n      - id: pack\n        name: Pack project\n        run: yarn pack -o %s-%v.tgz\n        env:\n          NODE_ENV: production\n      - id: release-notes\n        name: Generate release notes\n        run: yarn conventional-changelog -o $NOTES_FILE\n      - id: tag\n        name: Create annotated tag\n        run: |\n          git tag --annotate --force --sign $TAG --message \"release: $TAG\"\n          git tag --verify $TAG\n          git push origin --tags\n        env:\n          GIT_AUTHOR_EMAIL: ${{ steps.gpg-import.outputs.email }}\n          GIT_AUTHOR_NAME: ${{ steps.gpg-import.outputs.name }}\n          GIT_COMMITTER_EMAIL: ${{ steps.gpg-import.outputs.email }}\n          GIT_COMMITTER_NAME: ${{ steps.gpg-import.outputs.name }}\n      - id: publish\n        name: Publish release\n        run: gh release create $TAG *.tgz -t=$TAG -F=$NOTES_FILE -p=$PRERELEASE\n        env:\n          GITHUB_TOKEN: ${{ secrets.PAT_REPO_ADMIN }}\n          PRERELEASE: ${{ needs.metadata.outputs.prerelease }}\n```\n\n## Built With\n\n- [`@actions/core`][1]\n- [`@flex-development/dist-tag`][2]\n\n[1]: https://github.com/actions/toolkit/tree/main/packages/core\n[2]: https://github.com/flex-development/dist-tag\n[3]: https://docs.npmjs.com/cli/v8/commands/npm-dist-tag\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflex-development%2Fdist-tag-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflex-development%2Fdist-tag-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflex-development%2Fdist-tag-action/lists"}