{"id":15465343,"url":"https://github.com/gr2m/release-notifier-action","last_synced_at":"2026-02-05T18:01:16.551Z","repository":{"id":37081065,"uuid":"310420053","full_name":"gr2m/release-notifier-action","owner":"gr2m","description":"GitHub Action to notify repositories about the repository's releases using a GitHub App","archived":false,"fork":false,"pushed_at":"2026-01-21T16:22:46.000Z","size":6316,"stargazers_count":16,"open_issues_count":2,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-22T04:16:57.883Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gr2m.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"gr2m"}},"created_at":"2020-11-05T21:21:16.000Z","updated_at":"2026-01-21T16:30:56.000Z","dependencies_parsed_at":"2023-11-08T14:01:58.143Z","dependency_job_id":"135f2fa8-858f-49a9-9227-de926c6c0d30","html_url":"https://github.com/gr2m/release-notifier-action","commit_stats":{"total_commits":404,"total_committers":5,"mean_commits":80.8,"dds":0.3044554455445545,"last_synced_commit":"67c26c4ba30b921e49218b88acf33edf51c565aa"},"previous_names":[],"tags_count":111,"template":false,"template_full_name":null,"purl":"pkg:github/gr2m/release-notifier-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gr2m%2Frelease-notifier-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gr2m%2Frelease-notifier-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gr2m%2Frelease-notifier-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gr2m%2Frelease-notifier-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gr2m","download_url":"https://codeload.github.com/gr2m/release-notifier-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gr2m%2Frelease-notifier-action/sbom","scorecard":{"id":442927,"data":{"date":"2025-08-11","repo":{"name":"github.com/gr2m/release-notifier-action","commit":"8e1797b4d4a62702ee9935f4e266ff18419f5bf0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Maintained","score":10,"reason":"18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/echo.yml:1","Warn: no topLevel permission defined: .github/workflows/notify.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/notify.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/notify.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/gr2m/release-notifier-action/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/release.yml:18","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   3 out of   4 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:7"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T05:57:47.009Z","repository_id":37081065,"created_at":"2025-08-19T05:57:47.009Z","updated_at":"2025-08-19T05:57:47.009Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29128621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T17:12:17.649Z","status":"ssl_error","status_checked_at":"2026-02-05T17:11:23.670Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-02T01:00:52.646Z","updated_at":"2026-02-05T18:01:16.541Z","avatar_url":"https://github.com/gr2m.png","language":"JavaScript","funding_links":["https://github.com/sponsors/gr2m"],"categories":[],"sub_categories":[],"readme":"# release-notifier-action\n\n\u003e GitHub Action to notify repositories about the repository's releases using a GitHub App\n\n[![Build Status](https://github.com/gr2m/release-notifier-action/workflows/Test/badge.svg)](https://github.com/gr2m/release-notifier-action/actions)\n\n**Important**: if the release event was created by another GitHub action authenticated with `secrets.GITHUB_TOKEN`, no workflow is triggered for that release event. To workaround that problem, use a personal access token instead of `secrets.GITHUB_TOKEN` to create the `release` event. See [Triggering new workflows using a personal access token](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token).\n\n## Setup\n\nIn order to use the action, you have to [register a GitHub app](https://github.com/settings/apps/new).\n\n- `GitHub App name`: set to something like `\u003cYour Project\u003e Release Notifier`\n- `Description`: copy/paste most of this repository's [Notifier app](https://github.com/apps/release-notifier-release-notifier). Make sure to replace `release-notifier-release` with `\u003cyour-project\u003e-release`\n- `Homepage URL`: your repository URL\n- `Webhook`: remove the check from `[ ] Active`\n- `Repository permissions`: Enable Read \u0026 Write access for `Contents`\n- `Where can this GitHub App be installed?`: Any account (unless you only want installs for repositories with in your account/organization)\n\nOnce you are done, generate \u0026 download a private key. In your repository, create to secrets:\n\n1. `APP_ID`: set to your newly registered `App ID`\n2. `APP_PRIVATE_KEY`: set to the contents of the downloaded `*.pem` file\n\n## Usage\n\nNotify repositories only when a release was published. The [repository dispatch event type](https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#create-a-repository-dispatch-event) is set to `[current repositories full name] release` (e.g. `gr2m/release-notifier-action release`)\n\n```yml\nname: Release Notification\non:\n  release:\n    types:\n      - published\n\njobs:\n  notify:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: gr2m/release-notifier-action@v2\n        with:\n          app_id: ${{ secrets.APP_ID }}\n          private_key: ${{ secrets.APP_PRIVATE_KEY }}\n```\n\nIf you want to notify repositories for all [release activity types](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#release), you can do\n\n```yml\nname: Release Notification\non: release\n\njobs:\n  notify:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: gr2m/release-notifier-action@v2\n        with:\n          app_id: ${{ secrets.APP_ID }}\n          private_key: ${{ secrets.APP_PRIVATE_KEY }}\n```\n\nTo customize the repository dispatch event type use the `dispatch_event_type` argument\n\n```yml\nname: Release Notification\non:\n  release:\n    types:\n      - published\n\njobs:\n  notify:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: gr2m/release-notifier-action@v2\n        with:\n          app_id: ${{ secrets.APP_ID }}\n          private_key: ${{ secrets.APP_PRIVATE_KEY }}\n          dispatch_event_type: my-project-release\n```\n\n## How it works\n\nEach time you create, edit, or delete a release on your repository, the action will load all installations using the credentials you provided. For each installation, the action dispatch creates a [repository dispatch event](https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#create-a-repository-dispatch-event) and sets the event type to what you configured in `inputs.dispatchEventType`.\n\n## License\n\n[ISC](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgr2m%2Frelease-notifier-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgr2m%2Frelease-notifier-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgr2m%2Frelease-notifier-action/lists"}