{"id":29555438,"url":"https://github.com/launchdarkly/find-code-references-in-pull-request","last_synced_at":"2026-02-12T23:04:31.869Z","repository":{"id":191217384,"uuid":"357182761","full_name":"launchdarkly/find-code-references-in-pull-request","owner":"launchdarkly","description":"Find Code Reference Flags in Pull Requests","archived":false,"fork":false,"pushed_at":"2025-12-15T10:05:39.000Z","size":11682,"stargazers_count":13,"open_issues_count":11,"forks_count":6,"subscribers_count":28,"default_branch":"main","last_synced_at":"2026-01-13T19:59:26.422Z","etag":null,"topics":["actions","github-action","github-actions","launchdarkly","launchdarkly-integration","managed-by-terraform"],"latest_commit_sha":null,"homepage":"https://docs.launchdarkly.com/home/code/code-references","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/launchdarkly.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-04-12T12:20:51.000Z","updated_at":"2025-12-01T12:14:26.000Z","dependencies_parsed_at":"2023-12-11T15:30:51.376Z","dependency_job_id":"580c91d1-5dee-4262-88de-e779c85837d5","html_url":"https://github.com/launchdarkly/find-code-references-in-pull-request","commit_stats":{"total_commits":121,"total_committers":9,"mean_commits":"13.444444444444445","dds":"0.47933884297520657","last_synced_commit":"0ab81584eecd6e1c76dd3edb1bf08905217690bd"},"previous_names":["launchdarkly/find-code-references-in-pull-request","launchdarkly/cr-flags"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/launchdarkly/find-code-references-in-pull-request","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchdarkly%2Ffind-code-references-in-pull-request","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchdarkly%2Ffind-code-references-in-pull-request/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchdarkly%2Ffind-code-references-in-pull-request/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchdarkly%2Ffind-code-references-in-pull-request/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/launchdarkly","download_url":"https://codeload.github.com/launchdarkly/find-code-references-in-pull-request/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/launchdarkly%2Ffind-code-references-in-pull-request/sbom","scorecard":{"id":462208,"data":{"date":"2025-08-11","repo":{"name":"github.com/launchdarkly/find-code-references-in-pull-request","commit":"e8ebad1c07c86d0feef43d01c7b64caed60c0e50"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating golang:alpine to golang:alpine@sha256:244baa35bcfaf9a5b3444519df6d42554a1f92dc33820bd98f0662df270d8a6a","Warn: npmCommand not pinned by hash: .github/workflows/main.yml:22","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:36","Warn: goCommand not pinned by hash: .github/workflows/main.yml:46","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:130","Warn: pipCommand not pinned by hash: .github/workflows/main.yml:131","Warn: npmCommand not pinned by hash: .github/workflows/main.yml:140","Info:   8 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T11:24:25.451Z","repository_id":191217384,"created_at":"2025-08-19T11:24:25.451Z","updated_at":"2025-08-19T11:24:25.451Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29385158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T22:07:52.078Z","status":"ssl_error","status_checked_at":"2026-02-12T22:07:49.026Z","response_time":55,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","github-action","github-actions","launchdarkly","launchdarkly-integration","managed-by-terraform"],"created_at":"2025-07-18T09:01:44.441Z","updated_at":"2026-02-12T23:04:31.865Z","avatar_url":"https://github.com/launchdarkly.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LaunchDarkly Find Code References in Pull Request GitHub action\n\nAdds a comment to a pull request (PR) whenever a feature flag reference is found in a PR diff and creates a [flag link](https://docs.launchdarkly.com/home/organize/links) in LaunchDarkly.\n\n\u003cimg src=\"https://github.com/launchdarkly/find-code-references-in-pull-request/raw/main/images/example-comment.png?raw=true\" alt=\"An example code references PR comment\" width=\"100%\"\u003e\n\n\u003cimg src=\"https://github.com/launchdarkly/find-code-references-in-pull-request/raw/main/images/example-flag-link.png?raw=true\" alt=\"An example GitHub pull request flag link\" width=\"100%\"\u003e\n\n## Permissions\n\nThis action requires a [LaunchDarkly access token](https://docs.launchdarkly.com/home/account-security/api-access-tokens) with:\n\n* Read access for the designated `project-key`\n* (Optional) the `createFlagLink` action, when [`create-flag-links` input is `true` (default behavior)](#inputs)\n\nAccess tokens should be stored as an [encrypted secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets).\n\nTo add a comment to a PR, the `repo-token` used requires `write` permission for PRs. You can also specify permissions for the workflow with:\n\n```yaml\npermissions:\n  pull-requests: write\n```\n\n## Usage\n\nBasic:\n\n```yaml\non: pull_request\n\njobs:\n  find-flags:\n    runs-on: ubuntu-latest\n    name: Find LaunchDarkly feature flags in diff\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n      - name: Find flags\n        uses: launchdarkly/find-code-references-in-pull-request@v2\n        id: find-flags\n        with:\n          project-key: default\n          environment-key: production\n          access-token: ${{ secrets.LD_ACCESS_TOKEN }}\n          repo-token: ${{ secrets.GITHUB_TOKEN }}\n```\n\nUse outputs in workflow:\n\n```yaml\non: pull_request\n\njobs:\n  find-feature-flags:\n    runs-on: ubuntu-latest\n    name: Find LaunchDarkly feature flags in diff\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n      - name: Find flags\n        uses: launchdarkly/find-code-references-in-pull-request@v2\n        id: find-flags\n        with:\n          project-key: default\n          environment-key: production\n          access-token: ${{ secrets.LD_ACCESS_TOKEN }}\n          repo-token: ${{ secrets.GITHUB_TOKEN }}\n\n      # Add or remove labels on PRs if any flags have changed.\n      # Note: This example requires the \"ld-flags\" label to have been created in the repository first:\n      # https://docs.github.com/en/issues/using-labels-and-milestones-to-track-work/managing-labels#creating-a-label\n      - name: Add label\n        if: steps.find-flags.outputs.any-changed == 'true'\n        run: gh pr edit $PR_NUMBER --add-label ld-flags\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n          PR_NUMBER: ${{ github.event.pull_request.number }}\n      - name: Remove label\n        if: steps.find-flags.outputs.any-changed == 'false'\n        run: gh pr edit $PR_NUMBER --remove-label ld-flags\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n          PR_NUMBER: ${{ github.event.pull_request.number }}\n```\n\n### Flag aliases\n\nThis action has full support for code reference aliases. If the project has an existing [`.launchdarkly/coderefs.yaml`](https://github.com/launchdarkly/ld-find-code-refs/blob/main/docs/CONFIGURATION.md#yaml) file, it will use the aliases defined there.\n\nYou can find more information on aliases at [launchdarkly/ld-find-code-refs](https://github.com/launchdarkly/ld-find-code-refs/blob/main/docs/ALIASES.md).\n\n### Monorepos\n\nThis action does not support monorepos or searching for flags across LaunchDarkly projects.\n\n\u003c!-- action-docs-inputs source=\"action.yml\" --\u003e\n### Inputs\n\n| name | description | required | default |\n| --- | --- | --- | --- |\n| `repo-token` | \u003cp\u003eToken to use to authorize comments on PR. Typically the \u003ccode\u003eGITHUB_TOKEN\u003c/code\u003e secret or equivalent \u003ccode\u003egithub.token\u003c/code\u003e.\u003c/p\u003e | `true` | `\"\"` |\n| `access-token` | \u003cp\u003eLaunchDarkly access token\u003c/p\u003e | `true` | `\"\"` |\n| `project-key` | \u003cp\u003eLaunchDarkly project key\u003c/p\u003e | `false` | `default` |\n| `environment-key` | \u003cp\u003eLaunchDarkly environment key for creating flag links\u003c/p\u003e | `false` | `production` |\n| `placeholder-comment` | \u003cp\u003eComment on PR when no flags are found. If flags are found in later commits, this comment will be updated.\u003c/p\u003e | `false` | `false` |\n| `include-archived-flags` | \u003cp\u003eScan for archived flags\u003c/p\u003e | `false` | `true` |\n| `max-flags` | \u003cp\u003eMaximum number of flags to find per PR\u003c/p\u003e | `false` | `5` |\n| `base-uri` | \u003cp\u003eThe base URI for the LaunchDarkly server. Most members should use the default value.\u003c/p\u003e | `false` | `https://app.launchdarkly.com` |\n| `check-extinctions` | \u003cp\u003eCheck if removed flags still exist in codebase\u003c/p\u003e | `false` | `true` |\n| `create-flag-links` | \u003cp\u003eCreate links to flags in LaunchDarkly. To use this feature you must use an access token with the \u003ccode\u003ecreateFlagLink\u003c/code\u003e role. To learn more, read \u003ca href=\"https://docs.launchdarkly.com/home/organize/links\"\u003eFlag links\u003c/a\u003e.\u003c/p\u003e | `false` | `true` |\n\u003c!-- action-docs-inputs source=\"action.yml\" --\u003e\n\n\u003c!-- action-docs-outputs source=\"action.yml\" --\u003e\n### Outputs\n\n| name | description |\n| --- | --- |\n| `any-modified` | \u003cp\u003eReturns true if any flags have been added or modified in PR\u003c/p\u003e |\n| `modified-flags` | \u003cp\u003eSpace-separated list of flags added or modified in PR\u003c/p\u003e |\n| `modified-flags-count` | \u003cp\u003eNumber of flags added or modified in PR\u003c/p\u003e |\n| `any-removed` | \u003cp\u003eReturns true if any flags have been removed in PR\u003c/p\u003e |\n| `removed-flags` | \u003cp\u003eSpace-separated list of flags removed in PR\u003c/p\u003e |\n| `removed-flags-count` | \u003cp\u003eNumber of flags removed in PR\u003c/p\u003e |\n| `any-changed` | \u003cp\u003eReturns true if any flags have been changed in PR\u003c/p\u003e |\n| `changed-flags` | \u003cp\u003eSpace-separated list of flags changed in PR\u003c/p\u003e |\n| `changed-flags-count` | \u003cp\u003eNumber of flags changed in PR\u003c/p\u003e |\n| `any-extinct` | \u003cp\u003eReturns true if any flags have been removed in PR and no longer exist in codebase. Only returned if \u003ccode\u003echeck-extinctions\u003c/code\u003e is true.\u003c/p\u003e |\n| `extinct-flags` | \u003cp\u003eSpace-separated list of flags removed in PR and no longer exist in codebase. Only returned if \u003ccode\u003echeck-extinctions\u003c/code\u003e is true.\u003c/p\u003e |\n| `extinct-flags-count` | \u003cp\u003eNumber of flags removed in PR and no longer exist in codebase. Only returned if \u003ccode\u003echeck-extinctions\u003c/code\u003e is true.\u003c/p\u003e |\n\u003c!-- action-docs-outputs source=\"action.yml\" --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchdarkly%2Ffind-code-references-in-pull-request","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaunchdarkly%2Ffind-code-references-in-pull-request","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaunchdarkly%2Ffind-code-references-in-pull-request/lists"}