{"id":13393683,"url":"https://github.com/github-release/github-release","last_synced_at":"2026-04-07T17:31:19.389Z","repository":{"id":43674658,"uuid":"16349521","full_name":"github-release/github-release","owner":"github-release","description":"Commandline app to create and edit releases on Github (and upload artifacts)","archived":false,"fork":false,"pushed_at":"2025-07-23T00:02:54.000Z","size":1010,"stargazers_count":1491,"open_issues_count":30,"forks_count":159,"subscribers_count":34,"default_branch":"master","last_synced_at":"2026-04-03T20:50:58.828Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github-release.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-01-29T15:50:20.000Z","updated_at":"2026-03-20T03:36:18.000Z","dependencies_parsed_at":"2024-06-18T12:16:28.928Z","dependency_job_id":"3f10b34a-43b9-482d-88c3-2c4dd4652429","html_url":"https://github.com/github-release/github-release","commit_stats":{"total_commits":101,"total_committers":13,"mean_commits":7.769230769230769,"dds":"0.28712871287128716","last_synced_commit":"100e85543f51525ecafcfb5c9e96119b6dea0aa2"},"previous_names":["aktau/github-release"],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/github-release/github-release","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github-release%2Fgithub-release","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github-release%2Fgithub-release/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github-release%2Fgithub-release/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github-release%2Fgithub-release/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github-release","download_url":"https://codeload.github.com/github-release/github-release/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github-release%2Fgithub-release/sbom","scorecard":{"id":428130,"data":{"date":"2025-08-11","repo":{"name":"github.com/github-release/github-release","commit":"2c19b119ec8a75203b6b6269ef02a5e32c9e4ebd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":4,"reason":"5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/github-release/github-release/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/github-release/github-release/ci.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.11.0 not signed: https://api.github.com/repos/github-release/github-release/releases/234395131","Warn: release artifact v0.10.0 not signed: https://api.github.com/repos/github-release/github-release/releases/36042186","Warn: release artifact v0.9.0 not signed: https://api.github.com/repos/github-release/github-release/releases/32789695","Warn: release artifact v0.8.1 not signed: https://api.github.com/repos/github-release/github-release/releases/26101706","Warn: release artifact v0.8.0 not signed: https://api.github.com/repos/github-release/github-release/releases/26020974","Warn: release artifact v0.11.0 does not have provenance: https://api.github.com/repos/github-release/github-release/releases/234395131","Warn: release artifact v0.10.0 does not have provenance: https://api.github.com/repos/github-release/github-release/releases/36042186","Warn: release artifact v0.9.0 does not have provenance: https://api.github.com/repos/github-release/github-release/releases/32789695","Warn: release artifact v0.8.1 does not have provenance: https://api.github.com/repos/github-release/github-release/releases/26101706","Warn: release artifact v0.8.0 does not have provenance: https://api.github.com/repos/github-release/github-release/releases/26020974"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T02:41:55.885Z","repository_id":43674658,"created_at":"2025-08-19T02:41:55.885Z","updated_at":"2025-08-19T02:41:55.885Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31522212,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T17:00:58.596Z","updated_at":"2026-04-07T17:31:19.382Z","avatar_url":"https://github.com/github-release.png","language":"Go","funding_links":[],"categories":["Command line","Go"],"sub_categories":[],"readme":"github-release\n==============\n\nA small commandline app written in Go that allows you to easily create\nand delete releases of your projects on Github. In addition it allows\nyou to attach files to those releases.\n\nIt interacts with the [github releases API][releases-api]. Though it's entirely\npossible to [do all these things with cURL][curl], it's not really that\nuser-friendly. For example, you need to first query the API to find the id of\nthe release you want, before you can upload an artifact. `github-release` takes\ncare of those little details.\n\n[curl]: https://github.com/blog/1645-releases-api-preview\n[releases-api]: https://developer.github.com/v3/repos/releases\n\nIt might still be a bit rough around the edges, pull requests are\nwelcome!\n\nHow to install\n==============\n\nIf you don't have the Go toolset installed, and you don't want to, but\nstill want to use the app, you can download binaries for your platform\non the [releases\npage](https://github.com/github-release/github-release/releases/latest). Yes, that's\ndogfooding, check the makefile!\n\nIf you have Go installed, you can just do:\n\n```sh\ngo install github.com/github-release/github-release\n```\n\nThis will automatically download, compile and install the app.\n\nAfter that you should have a `github-release` executable in your\n`$GOPATH/bin`.\n\nHow to use\n==========\n\n**NOTE**: for these examples I've [created a github token][token] and set it as\nthe env variable `GITHUB_TOKEN`. `github-release` will automatically pick it up\nfrom the environment so that you don't have to pass it as an argument.\n\n[token]: https://help.github.com/articles/creating-an-access-token-for-command-line-use\n\n```sh\n# set your token\nexport GITHUB_TOKEN=...\n\n# check the help\n$ github-release --help\n\n# make your tag and upload\n$ git tag ... \u0026\u0026 git push --tags\n\n# check the current tags and existing releases of the repo\n$ github-release info -u aktau -r gofinance\ngit tags:\n- v0.1.0 (commit: https://api.github.com/repos/aktau/gofinance/commits/f562727ce83ce8971a8569a1879219e41d56a756)\nreleases:\n- v0.1.0, name: 'hoary ungar', description: 'something something dark side 2', id: 166740, tagged: 29/01/2014 at 14:27, published: 30/01/2014 at 16:20, draft: ✔, prerelease: ✗\n  - artifact: github.go, downloads: 0, state: uploaded, type: application/octet-stream, size: 1.9KB, id: 68616\n\n# create a formal release\n$ github-release release \\\n    --user aktau \\\n    --repo gofinance \\\n    --tag v0.1.0 \\\n    --name \"the wolf of source street\" \\\n    --description \"Not a movie, contrary to popular opinion. Still, my first release!\" \\\n    --pre-release\n\n# you've made a mistake, but you can edit the release without\n# having to delete it first (this also means you can edit without having\n# to upload your files again)\n$ github-release edit \\\n    --user aktau \\\n    --repo gofinance \\\n    --tag v0.1.0 \\\n    --name \"Highlander II: The Quickening\" \\\n    --description \"This is the actual description!\"\n\n# upload a file, for example the OSX/AMD64 binary of my gofinance app\n$ github-release upload \\\n    --user aktau \\\n    --repo gofinance \\\n    --tag v0.1.0 \\\n    --name \"gofinance-osx-amd64\" \\\n    --file bin/darwin/amd64/gofinance\n\n# upload other files...\n$ github-release upload ...\n\n# you're not happy with it, so delete it\n$ github-release delete \\\n    --user aktau \\\n    --repo gofinance \\\n    --tag v0.1.0\n```\n\nErrata\n======\n\nThe `release` command does not have an `--auth-user` flag because in practice,\nGithub ignores the `--auth-user` flag when validating releases. The only thing\nthat matters is passing a token that has permission to create the release.\n\nGitHub Enterprise Support\n=========================\nYou can point to a different GitHub API endpoint via the environment variable ```GITHUB_API```:\n\n```\nexport GITHUB_API=http://github.company.com/api/v3\n```\n\nUsed libraries\n==============\n\n| Package                                                                    | Description         | License |\n| ------------------------------------------------------------------------   | ------------------- | ------- |\n| [github.com/dustin/go-humanize](https://github.com/dustin/go-humanize)     | humanize file sizes | MIT     |\n| [github.com/tomnomnom/linkheader](https://github.com/tomnomnom/linkheader) | GH API pagination   | MIT     |\n| [github.com/voxelbrain/goptions](https://github.com/voxelbrain/goptions)   | option parsing      | BSD     |\n| [github.com/kevinburke/rest](https://github.com/kevinburke/rest)   | HTTP client      | MIT     |\n\nTodo\n====\n\n- Check if an artifact is already uploaded before starting a new upload\n\nCopyright\n=========\n\nCopyright (c) 2014-2017, Nicolas Hillegeer. All rights reserved.\nCopyright (c) 2020, Meter, Inc. All rights reserved.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub-release%2Fgithub-release","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithub-release%2Fgithub-release","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub-release%2Fgithub-release/lists"}