{"id":17993936,"url":"https://github.com/jimeh/update-tags-action","last_synced_at":"2026-04-17T08:31:32.006Z","repository":{"id":167002837,"uuid":"642555255","full_name":"jimeh/update-tags-action","owner":"jimeh","description":"Easily create/update one or more Git tags in a GitHub repository.","archived":false,"fork":false,"pushed_at":"2026-03-27T00:40:11.000Z","size":10476,"stargazers_count":1,"open_issues_count":10,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-27T13:07:00.640Z","etag":null,"topics":["git-tags","github-action","github-actions","github-tags"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/update-tags-action","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jimeh.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2023-05-18T20:50:40.000Z","updated_at":"2026-01-19T00:05:17.000Z","dependencies_parsed_at":"2026-03-14T12:09:32.984Z","dependency_job_id":null,"html_url":"https://github.com/jimeh/update-tags-action","commit_stats":null,"previous_names":["jimeh/update-tags-action"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/jimeh/update-tags-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimeh%2Fupdate-tags-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimeh%2Fupdate-tags-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimeh%2Fupdate-tags-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimeh%2Fupdate-tags-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jimeh","download_url":"https://codeload.github.com/jimeh/update-tags-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimeh%2Fupdate-tags-action/sbom","scorecard":{"id":520414,"data":{"date":"2025-08-11","repo":{"name":"github.com/jimeh/update-tags-action","commit":"e58fa0f2f874a12bf0eb90ef8ab4256808c0f373"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/jimeh/update-tags-action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/jimeh/update-tags-action/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/jimeh/update-tags-action/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/jimeh/update-tags-action/ci.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 7 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T02:54:17.837Z","repository_id":167002837,"created_at":"2025-08-20T02:54:17.837Z","updated_at":"2025-08-20T02:54:17.837Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31921785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"online","status_checked_at":"2026-04-17T02:00:06.879Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git-tags","github-action","github-actions","github-tags"],"created_at":"2024-10-29T20:13:31.027Z","updated_at":"2026-04-17T08:31:31.999Z","avatar_url":"https://github.com/jimeh.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# update-tags-action\n\n**Easily create/update one or more Git tags in a GitHub repository.**\n\n[![Latest Release](https://img.shields.io/github/release/jimeh/update-tags-action.svg)](https://github.com/jimeh/update-tags-action/releases)\n[![GitHub Issues](https://img.shields.io/github/issues/jimeh/update-tags-action.svg?logo=github\u0026logoColor=white)](https://github.com/jimeh/update-tags-action/issues)\n[![GitHub Pull Requests](https://img.shields.io/github/issues-pr/jimeh/update-tags-action.svg?logo=github\u0026logoColor=white)](https://github.com/jimeh/update-tags-action/pulls)\n[![License](https://img.shields.io/github/license/jimeh/update-tags-action.svg)](https://github.com/jimeh/update-tags-action/blob/main/LICENSE)\n\n\u003c/div\u003e\n\nGenerally useful for moving major (`v1`) and minor (`v1.2`) tags to same commit\nas the latest `v1.x.x` tag.\n\nThis action\n[uses itself](https://github.com/jimeh/update-tags-action/blob/main/.github/workflows/ci.yml)\nto move its own major and minor tags.\n\n## Examples\n\n### Basic\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: v1,v1.2\n```\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: |\n      v1\n      v1.2\n```\n\n### Deriving Tags from Version\n\nAutomatically derive major and minor tags from a semver version string:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    derive_from: v1.2.3\n    # Creates tags: v1, v1.2\n```\n\nWith a custom template (major tag only):\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    derive_from: v1.2.3\n    derive_from_template: '{{prefix}}{{major}}'\n    # Creates tag: v1\n```\n\nCombine derived tags with explicit tags:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    derive_from: v1.2.3\n    tags: latest\n    # Creates tags: latest, v1, v1.2\n```\n\n### With Release Please\n\nThis example uses\n[jimeh/release-please-manifest-action](https://github.com/jimeh/release-please-manifest-action),\nbut you can just as easily use the official\n[google-github-actions/release-please-action](https://github.com/google-github-actions/release-please-action)\ninstead.\n\nFirst you'll want the workflow setup to run on push:\n\n```yaml\non: [push]\n```\n\nThen you'll want a release-please job which only runs on pushes to your `main`\nbranch, and exposes relevant outputs from release please:\n\n```yaml\njobs:\n  # [...]\n  release-please:\n    runs-on: ubuntu-latest\n    if: ${{ github.ref == 'refs/heads/main' }}\n    outputs:\n      release_created: ${{ steps.release-please.outputs.release_created }}\n      tag_name: ${{ steps.release-please.outputs.tag_name }}\n    permissions:\n      contents: write\n      issues: write\n      pull-requests: write\n    steps:\n      - uses: jimeh/release-please-manifest-action@v3\n        id: release-please\n```\n\nAnd finally a job to create MAJOR and MINOR release tags, which only runs when\nrelease-please reports having created a release:\n\n```yaml\njobs:\n  # [...]\n  release-tags:\n    runs-on: ubuntu-latest\n    needs: release-please\n    if: ${{ needs.release-please.outputs.release_created }}\n    permissions:\n      contents: write\n    steps:\n      - uses: jimeh/update-tags-action@v2\n        with:\n          derive_from: ${{ needs.release-please.outputs.tag_name }}\n          # Creates tags: v1, v1.2 (for tag_name v1.2.3)\n```\n\n\u003c!-- action-docs-inputs source=\"action.yml\" --\u003e\n\n## Inputs\n\n| name                   | description                                                                                                                                                                                                                                                                                                                                                                    | required | default                                             |\n| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | --------------------------------------------------- |\n| `tags`                 | \u003cp\u003eList/CSV of tags to create/update. Supports per-tag ref and annotation overrides using the format 'tag:ref:annotation'. Use 'tag::annotation' to specify an annotation with the default ref.\u003c/p\u003e                                                                                                                                                                            | `false`  | `\"\"`                                                |\n| `derive_from`          | \u003cp\u003eSemver version string to derive tags from (e.g., 'v1.2.3'). When provided, generates tags using \u003ccode\u003ederive_from_template\u003c/code\u003e input. Default template will produce major and minor tags. (e.g., 'v1', 'v1.2')\u003c/p\u003e                                                                                                                                                       | `false`  | `\"\"`                                                |\n| `derive_from_template` | \u003cp\u003eHandlebars template for deriving tags from the \u003ccode\u003ederive_from\u003c/code\u003e input. Uses the same format as the \u003ccode\u003etags\u003c/code\u003e input, and supports the following handlebars placeholders: \u003ccode\u003e{{prefix}}\u003c/code\u003e, \u003ccode\u003e{{major}}\u003c/code\u003e, \u003ccode\u003e{{minor}}\u003c/code\u003e, \u003ccode\u003e{{patch}}\u003c/code\u003e, \u003ccode\u003e{{prerelease}}\u003c/code\u003e, \u003ccode\u003e{{build}}\u003c/code\u003e, \u003ccode\u003e{{version}}\u003c/code\u003e.\u003c/p\u003e | `false`  | `{{prefix}}{{major}},{{prefix}}{{major}}.{{minor}}` |\n| `ref`                  | \u003cp\u003eThe SHA or ref to tag. Defaults to SHA of current commit.\u003c/p\u003e                                                                                                                                                                                                                                                                                                               | `false`  | `${{ github.sha }}`                                 |\n| `when_exists`          | \u003cp\u003eWhat to do if the tag already exists. Must be one of 'update', 'skip', or 'fail'.\u003c/p\u003e                                                                                                                                                                                                                                                                                       | `false`  | `update`                                            |\n| `annotation`           | \u003cp\u003eOptional default annotation message for tags. If provided, creates annotated tags. If empty, creates lightweight tags. Can be overridden per-tag using the 'tag:ref:annotation' syntax in the tags input.\u003c/p\u003e                                                                                                                                                               | `false`  | `\"\"`                                                |\n| `dry_run`              | \u003cp\u003eIf true, logs planned operations without executing them.\u003c/p\u003e                                                                                                                                                                                                                                                                                                                | `false`  | `false`                                             |\n| `github_token`         | \u003cp\u003eThe GitHub token to use for authentication.\u003c/p\u003e                                                                                                                                                                                                                                                                                                                             | `false`  | `${{ github.token }}`                               |\n\n\u003c!-- action-docs-inputs source=\"action.yml\" --\u003e\n\n### Tag Input Syntax\n\nThe `tags` input accepts a comma or newline-delimited list of tags. Each tag\nspecification supports optional per-tag ref and annotation overrides using the\nformat:\n\n```\ntag[:ref[:annotation]]\n```\n\n| Format               | Description                                     |\n| -------------------- | ----------------------------------------------- |\n| `tag`                | Tag using default `ref` and `annotation` inputs |\n| `tag:ref`            | Tag using specified ref, default annotation     |\n| `tag:ref:annotation` | Tag using specified ref and annotation          |\n| `tag::annotation`    | Tag using default ref with specified annotation |\n\n**Per-tag refs** allow different tags to point to different commits:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: |\n      v1:main\n      v2:develop\n```\n\n**Per-tag annotations** allow different annotation messages for each tag:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: |\n      v1:main:Latest v1.x release\n      v1.2:main:Latest v1.2.x release\n```\n\nUse `tag::annotation` to specify an annotation while using the default ref:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: |\n      v1::This is the v1 tag annotation\n      v1.2::This is the v1.2 tag annotation\n```\n\nPer-tag values override the global `ref` and `annotation` inputs:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: |\n      v1:main:Custom annotation for v1\n      v2\n    ref: develop\n    annotation: Default annotation for tags without per-tag override\n    # v1 -\u003e main with \"Custom annotation for v1\"\n    # v2 -\u003e develop with \"Default annotation...\"\n```\n\nAnnotations can contain colons (everything after the second colon is the\nannotation):\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    tags: |\n      v1:main:Release: version 1.0.0\n    # Annotation will be \"Release: version 1.0.0\"\n```\n\n### Derive Template Syntax\n\nThe `derive_from_template` input uses [Handlebars](https://handlebarsjs.com/)\nfor template rendering. Splitting the template into separate tags by comma or\nnewline is done after the template is rendered.\n\nAvailable placeholders:\n\n| Placeholder      | Description                                           |\n| ---------------- | ----------------------------------------------------- |\n| `{{prefix}}`     | `v` or `V` if input had a prefix, empty otherwise     |\n| `{{major}}`      | Major version number                                  |\n| `{{minor}}`      | Minor version number                                  |\n| `{{patch}}`      | Patch version number                                  |\n| `{{prerelease}}` | Prerelease identifier (e.g., `beta.1`), empty if none |\n| `{{build}}`      | Build metadata (e.g., `build.123`), empty if none     |\n| `{{version}}`    | Full version string without prefix                    |\n\n#### Conditional Sections\n\nUse Handlebars `{{#if}}` blocks to include content only when a variable has a\nvalue. This is useful for optional components like prerelease or build metadata:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    derive_from: v1.2.3-beta.1\n    derive_from_template: |\n      {{prefix}}{{major}}{{#if prerelease}}-{{prerelease}}{{/if}}\n    # Creates tag: v1-beta.1\n```\n\nFor a stable release without prerelease:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    derive_from: v1.2.3\n    derive_from_template: |\n      {{prefix}}{{major}}{{#if prerelease}}-{{prerelease}}{{/if}}\n    # Creates tag: v1 (prerelease section omitted)\n```\n\nYou can also use `{{#unless}}` for inverse logic:\n\n```yaml\n- uses: jimeh/update-tags-action@v2\n  with:\n    derive_from: v1.2.3\n    derive_from_template: |\n      {{prefix}}{{major}}{{#unless prerelease}}-stable{{/unless}}\n    # Creates tag: v1-stable (only for non-prerelease versions)\n```\n\n\u003c!-- action-docs-outputs source=\"action.yml\" --\u003e\n\n## Outputs\n\n| name      | description                                    |\n| --------- | ---------------------------------------------- |\n| `tags`    | \u003cp\u003eList of tags that were created/updated.\u003c/p\u003e |\n| `created` | \u003cp\u003eList of tags that were created.\u003c/p\u003e         |\n| `updated` | \u003cp\u003eList of tags that were updated.\u003c/p\u003e         |\n| `skipped` | \u003cp\u003eList of tags that were skipped.\u003c/p\u003e         |\n\n\u003c!-- action-docs-outputs source=\"action.yml\" --\u003e\n\u003c!-- action-docs-runs source=\"action.yml\" --\u003e\n\n## Runs\n\nThis action is a `node24` action.\n\n\u003c!-- action-docs-runs source=\"action.yml\" --\u003e\n\n## License\n\n[MIT](https://github.com/jimeh/update-tags-action/blob/main/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjimeh%2Fupdate-tags-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjimeh%2Fupdate-tags-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjimeh%2Fupdate-tags-action/lists"}