{"id":16777391,"url":"https://github.com/otakup0pe/avakas","last_synced_at":"2026-03-13T00:05:37.879Z","repository":{"id":34811464,"uuid":"38797717","full_name":"otakup0pe/avakas","owner":"otakup0pe","description":"Tooling to assist with Semantic Version Manipulation and Representation","archived":false,"fork":false,"pushed_at":"2026-02-24T22:57:17.000Z","size":320,"stargazers_count":3,"open_issues_count":19,"forks_count":5,"subscribers_count":1,"default_branch":"mainline","last_synced_at":"2026-03-11T07:53:14.467Z","etag":null,"topics":["opinion","rituals","semver","truth"],"latest_commit_sha":null,"homepage":"http://ohno.computer/post/144362045508/a-codified-opinion-on-semantic-versioning","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/otakup0pe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-07-09T04:47:57.000Z","updated_at":"2026-02-24T22:57:20.000Z","dependencies_parsed_at":"2024-10-27T11:53:44.869Z","dependency_job_id":"5635df9c-b734-461e-be0c-66d82beccea1","html_url":"https://github.com/otakup0pe/avakas","commit_stats":{"total_commits":229,"total_committers":9,"mean_commits":"25.444444444444443","dds":0.6593886462882096,"last_synced_commit":"3e71f2d96c6eab1e129e3e06e255bcc7761f6799"},"previous_names":[],"tags_count":53,"template":false,"template_full_name":null,"purl":"pkg:github/otakup0pe/avakas","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otakup0pe%2Favakas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otakup0pe%2Favakas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otakup0pe%2Favakas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otakup0pe%2Favakas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/otakup0pe","download_url":"https://codeload.github.com/otakup0pe/avakas/tar.gz/refs/heads/mainline","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/otakup0pe%2Favakas/sbom","scorecard":{"id":714108,"data":{"date":"2025-08-11","repo":{"name":"github.com/otakup0pe/avakas","commit":"01a5c5ceee44194f0dc5366ff99ac0f8dac28c6d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/19 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/build.yml/mainline?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/build.yml/mainline?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/build.yml/mainline?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/build.yml/mainline?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/build.yml/mainline?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/release.yml/mainline?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/release.yml/mainline?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/release.yml/mainline?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/otakup0pe/avakas/release.yml/mainline?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.12-alpine to python:3.12-alpine@sha256:02a73ead8397e904cea6d17e18516f1df3590e05dc8823bd5b1c7f849227d272","Warn: pipCommand not pinned by hash: Dockerfile:16-18","Warn: pipCommand not pinned by hash: Dockerfile:16-18","Warn: pipCommand not pinned by hash: Dockerfile:16-18","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'mainline'","Info: 'force pushes' disabled on branch 'mainline'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'mainline'","Warn: 'stale review dismissal' is disabled on branch 'mainline'","Warn: branch 'mainline' does not require approvers","Warn: codeowners review is not required on branch 'mainline'","Warn: 'last push approval' is disabled on branch 'mainline'","Warn: 'up-to-date branches' is disabled on branch 'mainline'","Info: status check found to merge onto on branch 'mainline'","Info: PRs are required in order to make changes on branch 'mainline'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build.yml:13"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2024-4 / GHSA-2mqj-m65w-jghx","Warn: Project is vulnerable to: PYSEC-2023-165 / GHSA-cwvm-v4w8-q58c","Warn: Project is vulnerable to: PYSEC-2022-42992 / GHSA-hcpj-qp55-gfph","Warn: Project is vulnerable to: PYSEC-2023-137 / GHSA-pr76-5cm5-w9cj","Warn: Project is vulnerable to: PYSEC-2023-161 / GHSA-wfm5-v35h-vwf4","Warn: Project is vulnerable to: PYSEC-2013-22 / GHSA-27x4-j476-jp5f","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 21 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T09:01:41.824Z","repository_id":34811464,"created_at":"2025-08-22T09:01:41.824Z","updated_at":"2025-08-22T09:01:41.824Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30450875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T21:31:01.033Z","status":"ssl_error","status_checked_at":"2026-03-12T21:30:43.161Z","response_time":114,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["opinion","rituals","semver","truth"],"created_at":"2024-10-13T07:24:35.519Z","updated_at":"2026-03-13T00:05:37.870Z","avatar_url":"https://github.com/otakup0pe.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"avakas\n======\n\n[![PyPI](https://img.shields.io/pypi/v/avakas.svg)](https://pypi.python.org/pypi/avakas)[![Maintenance](https://img.shields.io/maintenance/yes/2026.svg)]()\n\n\n# Overview\n\nThis script provides a simple interface around viewing and\nmanipulating project version metadata. It may be used to either bump,\nset, or view the version information for the project in a given\ndirectory. It is written with [semantic\nversioning](http://semver.org/) in mind.\n\nIt currently does it's best to determine whether the given directory\ncontains a NodeJS, or Ansible project before just settling on keeping\nthe version in a file named `version`. If a NodeJS project is\ndiscovered then the `package.json` will be edited. If an Ansible\nproject is discovered then no files will be modified but the tags will\nstill be handled.\n\nThe avakas tool makes a few assumptions\n\n* There is only one logical project in each directory.\n* The directory is somewhere in a git repository. You can have\n  multiple projects per repository by using the `--tag-prefix` option.\n* For the protection of the user the git workspace must not be dirty.\n\nThe avakas tool supports the following types of version files\n\n* NodeJS `package.json`\n* Ansible `meta/main.yml`\n* Plain ol' `version` file\n\n\n# Operations\n\n## show\n\nThis mode will return the current version for a given project. The\nfollowing will show the current Public API version. This operation\nsupports an additional `--build` argument, which will cause it to\nextend the version set in source control with build-time metadata. It\nalso supports the `--pre-build` argument, which does the same thing on\ntop of the prerelease field, because all kinds of package management\nsystems do not actually support the build semantic version component.\n\nIt is possible to override this default `pre-build` behavior. The\n`--pre-build-date` option will include the current date (down to the\nsecond) as a string. The `--pre-build-prefix=foo` option will include\na string prefix. It is possible to include both pre-build _and_ build\ninformation, but only if you specify a prefix or include the date in\nprebuild.\n\n```shell\n$ avakas show $HOME/projects/hal9000\n```\n\n## set\n\nThis mode will set an explicit version. Note that the string must be a\nvalid semantic version.\n\n```shell\n$ avakas set $HOME/projects/hal9000 2.0.0\n```\n\n## bump\n\nThis mode will automatically update the version based on the input\nprovided. It has four modes of operation.\n\n* `major` will update the major (left) version component.\n* `minor` will update the minor (middle) version component.\n* `patch` will update the patch (right) version component.\n* `pre` will update the prerelease (to the right, separated by a `-`)\n* `auto` will attempt to determine which component to adjust\n\n### Autobump\n\nWhen the `auto` option is selected, the system will use hints in the\ngit log since the last version bump to determine if the version should\nbe changed. These hints can be specified at any point in the commit\nmessage. The hints are specified, prefixed by `bump:`. For example,\nthe following commit message would result in a minor version bump if\nit is subsequently \"autobumped\".\n\n```shell\n$ avakas show .\n0.0.1\n$ git commit -am \"hello this is a release\\nbump:minor\"\n$ avakas bump . auto\nVersion updated from 0.0.1 to 0.1.0\n```\n\nAvakas can also rely on a default bump version to ensure every\ninvocation of Avakas generates a bump build. If a bump hint is not\ndetected within the commit history, the defined defualt-bump level\nwill be used. This is useful for CI/CD systems.\n\n```shell\n$ avakas bump . auto --default-bump patch\n```\n\n\n# Arguments\n\n## --tag-prefix\n\nA prefix to use with the version. Generally used for non-semantic\nversion compliant v1.0 style version strings.\n\n## --branch\n\nThe authoritative mainline branch of your project. This is also used\nto compare for prereleases.\n\n## --remote\n\nThe git remote origin to push changes to.\n\n## --filename\n\nThe filename to use for generating a version file.\n\n## --flavor\n\nFlavor of project (Presently: legacy|ansible|nodejs).\n\n## --build-meta\n\nWhether to apply semantic version compliant build metadata to the version. (Example: `1.0.0+4c5fa2.1`)\n\n## --skip-dirty\n\nSkip checking if local repo is dirty.\n\n## --skip-commit-changes\n\nSkip committing generated version files.\n\n## --with-hooks\n\nRun git hooks during operations.\n\n## --dry-run\n\nWill not push to git.\n\n## --prerelease\n\nWill attempt to generate a prerelease version. (Example: `1.0.0-1`)\n\n## --prerelease-date\n\nWill attach the data to the prerelease identifiers. (Example: `1.0.0-1.20201220`)\n\n## --prerelease-prefix\n\nWill use a prefix for the prerelease. (Example: `1.0.0-alpha.1`)\n\n\n# Docker\n\nYou can use `avakas` as a Docker container as well. It supports either static\nSSH keys or the SSH Agent. It seems like the SSH agent only works on Linux\nthough. The Docker entrypoint should setup your SSH environment on the `set` and\n`bump` `avakas` actions.\n\nYou can map a folder to `/etc/avakas` for static SSH or Git environment\nconfiguration. If the file `avakasrc` is present in `/etc/avakas` it will be\nsourced prior to running `avakas`. A common use case here is to export the\n`GIT_AUTHOR_NAME` and `GIT_AUTHOR_EMAIL` environment variables.\n\nIn all cases, you will want to map a source project into a folder and point\n`avakas` at it. The following example (running on Linux with SSH Agent\nforwarding) would bump the patch portion of the version in the current\ndirectory.\n\n```\n$ docker run -t -v $(pwd):/app -v $SSH_AUTH_SOCK:/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent otakup0pe/avakas bump /app patch\n```\n\nThe next example (running on OSX) would set the version explicitly in the\ncurrent directory. Note how we need to setup a working folder to map\n`/etc/avakas` against.\n\n```\n$ mkdir -p /tmp/ssh-avakas-working\n$ cp ~/.ssh/id_rsa /tmp/ssh-avakas-working\n$ docker run  -v $(pwd):/app -v /tmp/ssh-avakas-working:/etc/avakas otakup0pe/avakas set /app 0.0.1\n```\n\n# Development\n\n## Local Testing\n\n`make test_in_containers` will run all integration tests against all supported\nminor versions of Python. It does not currently run any style or lint tests, and\nthe coverage report it generates points to an absolute path on the container\n(`/src/`) and is therefore not terribly useful, but it does run all of the\nintegration tests (the other tests and output are planned to be added).\n\n`make test` will work to run tests against whatever version of Python\nis `python3` on your host. It also runs style and lint checks, and\ngenerates a coverage report from the integration tests.\n\n# License\n\n[MIT](https://github.com/otakup0pe/avakas/blob/mainline/LICENSE)\n\n# Author(s)\n\nThe avakas tool was created by [Jonathan Freedman](http://jonathanfreedman.bio/)\nand has seen several collaborators along the way.\n\n* [Tyler Jachetta](https://github.com/tyler-jachetta)\n* [Michael Juarez](https://github.com/mjuarez)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fotakup0pe%2Favakas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fotakup0pe%2Favakas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fotakup0pe%2Favakas/lists"}