{"id":18487010,"url":"https://github.com/mattermost/action-mattermost-notify","last_synced_at":"2026-05-07T09:01:05.948Z","repository":{"id":48304653,"uuid":"203577095","full_name":"mattermost/action-mattermost-notify","owner":"mattermost","description":"GitHub Action for sending a notification to a Mattermost channel ","archived":false,"fork":false,"pushed_at":"2026-04-28T01:47:51.000Z","size":2281,"stargazers_count":50,"open_issues_count":3,"forks_count":14,"subscribers_count":26,"default_branch":"master","last_synced_at":"2026-04-28T03:31:17.769Z","etag":null,"topics":["github-actions","go","golang","hacktoberfest","mattermost"],"latest_commit_sha":null,"homepage":"https://github.com/mattermost/action-mattermost-notify","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mattermost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-21T12:13:50.000Z","updated_at":"2026-04-28T01:47:57.000Z","dependencies_parsed_at":"2024-08-18T00:14:30.680Z","dependency_job_id":null,"html_url":"https://github.com/mattermost/action-mattermost-notify","commit_stats":{"total_commits":33,"total_committers":6,"mean_commits":5.5,"dds":0.2727272727272727,"last_synced_commit":"d317daebed2a792679f68fd0248557a8d21d82b6"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/mattermost/action-mattermost-notify","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Faction-mattermost-notify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Faction-mattermost-notify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Faction-mattermost-notify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Faction-mattermost-notify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mattermost","download_url":"https://codeload.github.com/mattermost/action-mattermost-notify/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mattermost%2Faction-mattermost-notify/sbom","scorecard":{"id":626286,"data":{"date":"2025-08-11","repo":{"name":"github.com/mattermost/action-mattermost-notify","commit":"d317daebed2a792679f68fd0248557a8d21d82b6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.1,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":2,"reason":"Found 6/24 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/check-dist.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/check-dist.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/ci.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/mattermost/action-mattermost-notify/codeql-analysis.yml/master?enable=pin","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/check-dist.yml:30","Info: jobLevel 'contents' permission set to 'read': .github/workflows/check-dist.yml:29","Info: topLevel 'contents' permission set to 'read': .github/workflows/check-dist.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:12","Info: topLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:25","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:26","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/codeql-analysis.yml:27"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'master'","Warn: 'stale review dismissal' is disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Info: codeowner review is required on branch 'master'","Warn: 'last push approval' is disabled on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/mattermost/.github/SECURITY.md:1","Info: Found linked content: github.com/mattermost/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/mattermost/.github/SECURITY.md:1","Info: Found text in security policy: github.com/mattermost/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 1 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T06:34:06.605Z","repository_id":48304653,"created_at":"2025-08-21T06:34:06.605Z","updated_at":"2025-08-21T06:34:06.605Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32730282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-07T02:14:30.463Z","status":"ssl_error","status_checked_at":"2026-05-07T02:14:29.405Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-actions","go","golang","hacktoberfest","mattermost"],"created_at":"2024-11-06T12:50:03.666Z","updated_at":"2026-05-07T09:01:05.890Z","avatar_url":"https://github.com/mattermost.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"## Github Action Mattermost notify\n\n[Mattermost](https://mattermost.com) — Send Mattermost messages. Fork/inspired\nfrom https://github.com/apex/actions/tree/master/slack\n\nFor the message format you can check the\n[Mattermost documentation](https://developers.mattermost.com/integrate/webhooks/incoming/)\n\n## Inputs\n\n| Input                  | Description                                        | Default         | Required |\n| ---------------------- | -------------------------------------------------- | --------------- | -------- |\n| MATTERMOST_WEBHOOK_URL | The Mattermost Incoming Webhook URL                |                 | true     |\n| MATTERMOST_CHANNEL     | The Mattermost channel to sent the message         |                 | false    |\n| MATTERMOST_USERNAME    | The Mattermost username shown in the webhook       |                 | false    |\n| MATTERMOST_ICON_URL    | The Mattermost Icon URL for the webhook            |                 | false    |\n| TEXT                   | The text for the webhook message                   |                 | false    |\n| PAYLOAD                | The payload for the webhook                        |                 | false    |\n| PAYLOAD_FILENAME       | The payload file name for the webhook (deprecated) | mattermost.json | false    |\n\n## Usage\n\nYou can use it as below:\n\n```yaml\non: [push, pull_request]\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: mattermost/action-mattermost-notify@master\n        with:\n          MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}\n          MATTERMOST_CHANNEL: the-best-channel\n          TEXT: |\n            This is a message from ${{ github.repository }}.\n            [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) was completed :white_check_mark:\n          MATTERMOST_USERNAME: ${{ github.triggering_actor }}\n          MATTERMOST_ICON_URL: https://cdn3.iconfinder.com/data/icons/system-basic-vol-4-1/20/icon-note-attention-alt3-512.png\n```\n\nor alternatively you can use the `PAYLOAD` input:\n\n```yaml\non: [push, pull_request]\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: mattermost/action-mattermost-notify@master\n        with:\n          MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}\n          PAYLOAD: |-\n            {\n              \"text\": \"What a message from ${{ github.repository }}\",\n              \"channel\": \"the-best-channel\",\n              \"username\": \"${{ github.triggering_actor }}\",\n              \"icon\": \"https://cdn3.iconfinder.com/data/icons/system-basic-vol-4-1/20/icon-note-attention-alt3-512.png\"\n            }\n```\n\n## Update the Action Metadata\n\nThe [`action.yml`](action.yml) file defines metadata about your action, such as\ninput(s) and output(s). For details about this file, see\n[Metadata syntax for GitHub Actions](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions).\n\nWhen you copy this repository, update `action.yml` with the name, description,\ninputs, and outputs for your action.\n\n## Update the Action Code\n\nThe [`src/`](./src/) directory is the heart of your action! This contains the\nsource code that will be run when your action is invoked. You can replace the\ncontents of this directory with your own code.\n\nThere are a few things to keep in mind when writing your action code:\n\n- Most GitHub Actions toolkit and CI/CD operations are processed asynchronously.\n  In `main.js`, you will see that the action is run in an `async` function.\n\n  ```javascript\n  const core = require('@actions/core')\n  //...\n\n  async function run() {\n    try {\n      //...\n    } catch (error) {\n      core.setFailed(error.message)\n    }\n  }\n  ```\n\n  For more information about the GitHub Actions toolkit, see the\n  [documentation](https://github.com/actions/toolkit/blob/master/README.md).\n\nSo, what are you waiting for? Go ahead and start customizing your action!\n\n1. Create a new branch\n\n   ```bash\n   git checkout -b releases/v1\n   ```\n\n1. Replace the contents of `src/` with your action code\n1. Add tests to `__tests__/` for your source code\n1. Format, test, and build the action\n\n   ```bash\n   npm run all\n   ```\n\n1. Commit your changes\n\n   ```bash\n   git add .\n   git commit -m \"My first action is ready!\"\n   ```\n\n1. Push them to your repository\n\n   ```bash\n   git push -u origin releases/v1\n   ```\n\n1. Create a pull request and get feedback on your action\n1. Merge the pull request into the `main` branch\n\nYour action is now published! :rocket:\n\nFor information about versioning your action, see\n[Versioning](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md)\nin the GitHub Actions toolkit.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattermost%2Faction-mattermost-notify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmattermost%2Faction-mattermost-notify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmattermost%2Faction-mattermost-notify/lists"}