{"id":26481965,"url":"https://github.com/matticusau/pr-helper","last_synced_at":"2026-02-26T16:01:47.868Z","repository":{"id":39451543,"uuid":"273435106","full_name":"Matticusau/pr-helper","owner":"Matticusau","description":"Extremely powerful GitHub Action to streamline management of PRs through automation of common tasks. Very versatile with plenty of configuration settings to adapt to many different implementations.","archived":false,"fork":false,"pushed_at":"2023-03-05T01:17:26.000Z","size":3113,"stargazers_count":9,"open_issues_count":20,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-16T15:49:58.127Z","etag":null,"topics":["automation","configurable","github-actions","interactive","labeling-tool","labels","powerful","pull-requests","workflow-automation"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Matticusau.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-19T07:43:35.000Z","updated_at":"2024-07-19T09:05:51.000Z","dependencies_parsed_at":"2024-10-25T04:20:23.808Z","dependency_job_id":"44933cfc-4356-425b-893c-fe70d5fbe77d","html_url":"https://github.com/Matticusau/pr-helper","commit_stats":{"total_commits":79,"total_committers":2,"mean_commits":39.5,"dds":0.08860759493670889,"last_synced_commit":"3843ffe43d19e6bc01da4f3953d1e5f713e062ee"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/Matticusau/pr-helper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matticusau%2Fpr-helper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matticusau%2Fpr-helper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matticusau%2Fpr-helper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matticusau%2Fpr-helper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Matticusau","download_url":"https://codeload.github.com/Matticusau/pr-helper/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Matticusau%2Fpr-helper/sbom","scorecard":{"id":91511,"data":{"date":"2025-08-11","repo":{"name":"github.com/Matticusau/pr-helper","commit":"3843ffe43d19e6bc01da4f3953d1e5f713e062ee"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/pullrequest.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/pullrequest.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/Matticusau/pr-helper/pullrequest.yml/main?enable=pin","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"29 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-7r3h-m5j6-3q42","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T08:00:39.615Z","repository_id":39451543,"created_at":"2025-08-15T08:00:39.615Z","updated_at":"2025-08-15T08:00:39.615Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29863773,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T08:51:08.701Z","status":"ssl_error","status_checked_at":"2026-02-26T08:50:19.607Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","configurable","github-actions","interactive","labeling-tool","labels","powerful","pull-requests","workflow-automation"],"created_at":"2025-03-20T03:36:26.673Z","updated_at":"2026-02-26T16:01:47.832Z","avatar_url":"https://github.com/Matticusau.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/github/license/Matticusau/pr-helper.svg?style=flat-square)](LICENSE)\n[![Last commit](https://img.shields.io/github/last-commit/Matticusau/pr-helper.svg?style=flat-square)](https://github.com/heinrichreimer/action-github-changelog-generator/commits)\n[![Latest tag](https://img.shields.io/github/tag/Matticusau/pr-helper.svg?style=flat-square)](https://github.com/heinrichreimer/action-github-changelog-generator/releases)\n[![Issues](https://img.shields.io/github/issues/Matticusau/pr-helper.svg?style=flat-square)](https://github.com/heinrichreimer/action-github-changelog-generator/issues)\n[![Pull requests](https://img.shields.io/github/issues-pr/Matticusau/pr-helper.svg?style=flat-square)](https://github.com/heinrichreimer/action-github-changelog-generator/pulls)\n\n# pr-helper\n\nExtremely powerful [GitHub Action](https://github.com/features/actions) to streamline management of PRs through automation of common tasks. Very versatile with plenty of configuration settings to adapt to many different implementations.\n\nCurrently supports the following functionality:\n\n- Welcome message on new PR\n- Automatic Label assignment and removal\n  - Based on Review criteria (required/provided)\n  - If PRs qualify for automatic merge\n- PR Comment automation\n  - Welcome message with instructions on new PRs\n  - Assign a label indicating if the PR is ready or on hold based on key words\n- Pull Request Reviewers\n  - Automatically assign reviewers from YAML front matter\n  - Name matching to github username via Jekyll or DocFX Author/People YAML file. More details [here](./docs/FrontMatter.md).\n- Pull Request Merge\n  - Automatically merge when criteria is met\n  - Respect requested reviews (_i.e. CODEOWNERS_)\n  - Respect a minimal review count (_for now configured by input param, repo setting on roadmap_)\n  - Delete branch (head ref) on merge\n\n## Events\n\nThe Action can respond to the following [workflow events](https://help.github.com/en/actions/reference/events-that-trigger-workflows):\n\n- pull_request\n- pull_request_review\n- issue_comment\n- schedule\n\n## Inputs\n\nSet the following inputs in the workflow file\n\n### `repo-token`\n\n**Required** The token to use for github authentication. Recommend using `${{ secrets.GITHUB_TOKEN }}`. If additional access is required use a PAT/Secret and set it as a secret. More info see [here](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token).\n\n\u003e If you have enabled Branch Protection rules then a PAT/Secret will need to be configured.\n\n### `enable-prmerge-automation`\n\n**Required** Set to true to enable the auto merge capabilities\n\n### `enable-prcomment-automation`\n\n**Required** Set to true to enable the PR/Issue comment automation\n\n### `enable-prlabel-automation`\n\n**Required** Set to true to enable the PR label automation\n\n### `enable-prreviewer-frontmatter`\n\nSet to true to enable reviewers to be set from owner in YAML front matter.\n\n### `enable-welcomemessage`\n\n**Required** Set to true to automatically send a welcome message to new contributors\n\n### `welcome-message`\n\nThe custom welcome message to send to new contributors\n\nRequires `enable-welcomemessage: true`\n\n### `prmerge-requireallchecks`\n\nSet to true if all checks need to complete before auto merging\n\n### `prmerge-requirereviewcount`\n\nShould match the setting in your GitHub repo. Set it to -1 to disable.\n\n### `prmerge-method`\n\nThe method to use when merging the PRs\n\n### `prmerge-pathcheck`\n\nSet to true to require a path check for auto merge capabilities\n\nRequires `enable-prmerge-automation: true`\n\n### `prmerge-allowpaths`\n\nProvide the path globs which will allow auto merge. JSON object as string, example format {\"any\":[\"docs/**\"]}.\n\nRequires `prmerge-pathcheck: true`\n\n### `prmerge-deletebranch`\n\nIf true then the branch will be deleted on merge\n\nRequires `enable-prmerge-automation: true`\n\n### `prmerge-deletebranch-config`\n\nProvide the branch patterns which will allow/deny auto delete on merge. JSON object as string, example format {\"deny\":[\"dev\"]}.\n\nRequires `prmerge-deletebranch: true`\n\n### `prreviewer-authorkey`\n\nThe key in the YAML front matter to define the article author(s), who will be assigned as reviewers. Defaults to `author`\n\n```yml\n---\ntitle: My great article\nauthor: octocat\n---\n```\n\nRequires `enable-prreviewer-frontmatter: true`\n\n### `prreviewer-githubuserfromauthorfile`\n\nWhen set to `true` enables the lookup of the author from the Jekyll style Author YAML file\n\nRequires `enable-prreviewer-frontmatter: true`\n\n### `prreviewer-authorfilepath`\n\nProvides the ability to configure the path to the Jekyll authors YAML file to use in lookup. Default is `docs/_data/authors.yml`\n\nRequires `enable-prreviewer-frontmatter: true` and `prreviewer-githubuserfromauthorfile: true`\n\n### `prreviewer-bypassforfileowner`\n\nProvides the ability to by pass review checks when all the changed files are owned by the author of the PR.\nIf you configure [Branch Protection](https://docs.github.com/en/github/administering-a-repository/about-protected-branches) within GitHub security, then it may block this setting from working. Configuring the `prmerge-requirereviewcount` setting in it's place will not affect this setting.\n\nRequires `enable-prreviewer-frontmatter: true`\n\n### `prlabel-default`\n\nThe initial label to set on PRs when first created\n\n### `prlabel-ready`\n\nThe label to use when the PR has been signed off and ready for merge\n\n### `prlabel-onhold`\n\nThe label to use when the PR is on hold\n\n### `prlabel-reviewrequired`\n\nThe label to use when the PR requires reviews\n\n### `prlabel-automerge`\n\nThe label to set on PRs when it qualifies for automatic merge by this action\n\n## Outputs\n\nNone\n\n## Example usage\n\nCreate the following file within your repo as `.github/workflows/pullrequest.yml` to configure an action.\n\n```yml\nname: PR Helper\n\non: [pull_request, pull_request_review, issue_comment]\n\njobs:\n  prhelper_job:\n    runs-on: ubuntu-latest\n    steps:\n    - name: Run PR Helper\n      id: runprhelper\n      uses: Matticusau/pr-helper@v1.2.4\n      with:\n        repo-token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n\u003e Note: The `uses` syntax includes tag/branch specification. For the latest release see [tags](https://github.com/Matticusau/pr-helper/tags).\n\nTo restrict the branches that this workflow executes on use this syntax\n\n```yml\nname: PR Helper\n\non:\n  pull_request:\n    branches:\n      - master\n  pull_request_review:\n    branches:\n      - master\n  issue_comment:\n    branches:\n      - master\njobs:\n  ...\n```\n\n## Example inputs\n\nThe action can be customized using the additional inputs on the workflow yaml file. This will always be read from the default branch of the repository, rather than custom yaml config files which can be overridden as they are read in the branch where the workflow is triggered from.\n\n```yml\nwith:\n  repo-token: ${{ secrets.GITHUB_TOKEN }}\n  enable-prmerge-automation: true\n  enable-prcomment-automation: true\n  enable-prlabel-automation: true\n  enable-prreviewer-frontmatter: false\n  enable-welcomemessage: true\n  welcome-message: \"Thanks for opening an issue! Make sure you've followed CONTRIBUTING.md.\"\n  prmerge-requireallchecks: true\n  prmerge-requirereviewcount: 1\n  prmerge-method: 'merge'\n  prlabel-default: 'pr-onhold'\n  prlabel-ready: 'pr-ready'\n  prlabel-onhold: 'pr-onhold'\n  prlabel-reviewrequired: 'review-required'\n  prlabel-automerge: 'auto-merge'\n```\n\n## Suggested Label Colors\n\nLabels will be created during the assignment if they do not exist. The following are suggested labels and colors:\n\n| Label | Description | Color |\n| --- | --- | --- |\n| pr-onhold | Pull Request is not yet ready to process automatically or review | #b60205 (red) |\n| review-required | Pull Request or Issue requires review | #fbca04 (yellow) |\n| qualifies-auto-merge | Pull Request qualifies for automatic merge | #0e8a16 (green) |\n| pr-ready | Pull Request is ready to process or review | #0e8a16 (green) |\n\n## Troubleshooting\n\nIf you are having issues running the action enable the debug logs as some additional logging has been built into the Action.\n\n1. To enable runner diagnostic logging, set the following secret in the repository that contains the workflow: `ACTIONS_RUNNER_DEBUG` to `true`.\n1. To download runner diagnostic logs, download the log archive of the workflow run. The runner diagnostic logs are contained in the `runner-diagnostic-logs` folder. For more information on downloading logs, see [Downloading logs](https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#downloading-logs).\n\n[Enable debug logging](https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#enabling-debug-logging)\n\n## Known issues\n\n### PRs from Forked private repo [#24](https://github.com/Matticusau/pr-helper/issues/24)\n\nFrom [https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull-request-events-for-forked-repositories](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull-request-events-for-forked-repositories)\n\n\u003e Note: Workflows do not run on private base repositories when you open a pull request from a forked repository.\n\nTo work around this use the schedule event. This action supports the schedule event for Label, Review, and Merge features. Currently the Welcome message functionality is only supported for pull_request events.\n\nExample YAML for running the action every day at 1am.\n\n```yml\nname: PR Merge on Schedule\n\non:\n  schedule:\n    - cron: '* 1 * * *'\n\njobs:\n  prhelper_schedule:\n    runs-on: ubuntu-latest\n    steps:\n    - name: Run PR Helper on Schedule\n      id: runprhelperonschedule\n      uses: Matticusau/pr-helper@v1.2.4\n      with:\n        repo-token: ${{ secrets.GHACTION_PAT }}\n        enable-prmerge-automation: true\n        enable-prcomment-automation: false\n        enable-prlabel-automation: true\n        enable-prreviewer-frontmatter: true\n        enable-welcomemessage: false\n        prmerge-requireallchecks: true\n        prmerge-requirereviewcount: 1\n        prmerge-method: 'merge'\n        prmerge-deletebranch: 'true'\n        prmerge-deletebranch-config: ''\n        prmerge-pathcheck: true\n        prmerge-allowpaths: '{\"any\":[\"articles/**\"]}'\n        prreviewer-authorkey: 'author'\n        prreviewer-githubuserfromauthorfile: true\n        prreviewer-authorfilepath: '_data/authors.yaml'\n        prlabel-default: 'pr-onhold'\n        prlabel-ready: 'pr-ready'\n        prlabel-onhold: 'pr-onhold'\n        prlabel-reviewrequired: 'review-required'\n        prlabel-automerge: 'auto-merge'\n```\n\n### Multiple files and CODEOWNERS will block auto merge [#27](https://github.com/Matticusau/pr-helper/issues/27)\n\nWhen using the CODEOWNERS feature and multiple files with different CODEOWNERS are modified. Even though you meet the minimum number of reviewers if there is still pending reviews from CODEOWNERS for files with no review yet, then this will block the merge and may throw an error on the action workflow.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatticusau%2Fpr-helper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatticusau%2Fpr-helper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatticusau%2Fpr-helper/lists"}