{"id":19399885,"url":"https://github.com/pipe-cd/actions-gh-release","last_synced_at":"2026-02-15T21:01:49.399Z","repository":{"id":37886857,"uuid":"374526869","full_name":"pipe-cd/actions-gh-release","owner":"pipe-cd","description":"An action that enables operating GitHub release via pull request.","archived":false,"fork":false,"pushed_at":"2025-05-16T14:45:52.000Z","size":733,"stargazers_count":35,"open_issues_count":1,"forks_count":7,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-31T00:13:37.642Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pipe-cd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-06-07T03:48:59.000Z","updated_at":"2025-05-16T15:53:37.000Z","dependencies_parsed_at":"2025-10-11T09:15:45.440Z","dependency_job_id":"8b10d290-c79d-407c-8f73-404c09365307","html_url":"https://github.com/pipe-cd/actions-gh-release","commit_stats":{"total_commits":49,"total_committers":11,"mean_commits":4.454545454545454,"dds":0.4285714285714286,"last_synced_commit":"b95a9be7405d47907b0da252d0323e17304ba6c2"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/pipe-cd/actions-gh-release","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pipe-cd%2Factions-gh-release","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pipe-cd%2Factions-gh-release/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pipe-cd%2Factions-gh-release/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pipe-cd%2Factions-gh-release/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pipe-cd","download_url":"https://codeload.github.com/pipe-cd/actions-gh-release/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pipe-cd%2Factions-gh-release/sbom","scorecard":{"id":735073,"data":{"date":"2025-08-11","repo":{"name":"github.com/pipe-cd/actions-gh-release","commit":"02e1281e65b3ce16bd28e14a2755fafda6e1a6f4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":6,"reason":"Found 18/27 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:   1 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T15:31:21.510Z","repository_id":37886857,"created_at":"2025-08-22T15:31:21.510Z","updated_at":"2025-08-22T15:31:21.510Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29489322,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-15T19:29:10.908Z","status":"ssl_error","status_checked_at":"2026-02-15T19:29:10.419Z","response_time":118,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T11:12:04.452Z","updated_at":"2026-02-15T21:01:49.381Z","avatar_url":"https://github.com/pipe-cd.png","language":"Dockerfile","funding_links":[],"categories":["Dockerfile"],"sub_categories":[],"readme":"# actions-gh-release\n\nAn action that enables operating GitHub release via pull request. You send a pull request to update a RELEASE file then release note will be generated and commented in that pull request for reviewing. Once merged, a new GitHub release will be created with that release note.\n\n![](https://github.com/pipe-cd/actions-gh-release/blob/main/assets/changelog-comment.png)\n\n**NOTE**: The source code of this GitHub Action is placing under the tool directory of of [pipe-cd/pipecd](https://github.com/pipe-cd/pipecd/tree/master/tool) repository. If you want to make a pull request or raise an issue, please send it to [pipe-cd/pipecd](https://github.com/pipe-cd/pipecd) repository.\n\n## Usage\n\n- Adding a RELEASE file to the repository. You can also have multiple RELEASE files in case of monorepo style. Its content looks like this:\n\n``` yaml\ntag: v0.1.0                        # The tag number will be created. Required.\n\n# # Optional fields:\n#\n# name: string                     # The release name. Default is empty.\n# title: string                    # The release title. Default is \"Release ${tag}\".\n# targetCommitish: string          # The release commitish. Default is the merged commit.\n# releaseNote: string              # The release body. Default is the auto-generated release note.\n# prerelease: bool                 # True if this is a prerelease. Default is false.\n#\n#\n# # If specified, all matching commits will be excluded from release. Empty means excluding nothing.\n#\n# commitExclude:\n#   parentOfMergeCommit: bool      # True is whether the commit is the parent commit of the matching merge commit. Default is false.\n#   prefixes: []string             # Matches if commit's subject is prefixed by one of the given values. Default is emtpy.\n#   contains: []string             # Matches if commit's body is containing one of the given values. Default is emtpy.\n#\n#\n# # If specified, all matching commits will be included to release. Empty means including alls.\n#\n# commitInclude:\n#   parentOfMergeCommit: bool      # True is whether the commit is the parent commit of the matching merge commit. Default is false.\n#   prefixes: []string             # Matches if commit's subject is prefixed by one of the given values. Default is emtpy.\n#   contains: []string             # Matches if commit's body is containing one of the given values. Default is emtpy.\n#\n#\n# # List of categories and how to decide which category a commit should belong to.\n#\n# commitCategories:\n#   - title: string                # Category title.\n#     parentOfMergeCommit: bool    # True is whether the commit is the parent commit of the matching merge commit. Default is false.\n#     contains: []string           # Matches if commit's subject is prefixed by one of the given values. Default is emtpy.\n#     prefixes: []string           # Matches if commit's body is containing one of the given values. Default is emtpy.\n#\n#\n# # Config used while generating release note.\n#\n# releaseNoteGenerator:\n#   showAbbrevHash: bool           # Whether to include abbreviated hash value in release note. Default is false.\n#   showCommitter: bool            # Whether to include committer in release note. Default is true.\n#   useReleaseNoteBlock: bool      # Whether to use release note block instead of commit message. Default is false.\n#   usePullRequestMetadata: bool   # Whether to use pull request metadata instead of commit message when using merge-commit. If useReleaseNoteBlock is also true, release note block of pull request is used. Otherwise pull request title is used. If this option is set, showAbbrevHash and showCommitter is ignored. Default is false.\n#   usePullRequestLink: bool       # Whether to use the pull request links in the release note. Default is false.\n#   commitExclude:                 # Additional excludes applied while generating release note.\n#     parentOfMergeCommit: bool    # True is whether the commit is the parent commit of the matching merge commit. Default is false.\n#     prefixes: []string           # Matches if commit's subject is prefixed by one of the given values. Default is emtpy.\n#     contains: []string           # Matches if commit's body is containing one of the given values. Default is emtpy.\n#   commitInclude:                 # Additional includes applied while generating release note.\n#     parentOfMergeCommit: bool    # True is whether the commit is the parent commit of the matching merge commit. Default is false.\n#     prefixes: []string           # Matches if commit's subject is prefixed by one of the given values. Default is emtpy.\n#     contains: []string           # Matches if commit's body is containing one of the given values. Default is emtpy.\n```\n\n- Adding a new workflow (eg: `.github/workflows/gh-release.yaml`) with the content as below:\n\n```yaml\non:\n  push:\n    branches:    \n      - main\n    paths:\n      - '**/RELEASE'\n  pull_request:\n    types: [opened, synchronize]\n    branches:\n      - main\n    paths:\n      - '**/RELEASE'\n\njobs:\n  gh-release:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: write      # Required to create a GitHub release and tag, as GITHUB_TOKEN is read-only by default.\n      pull-requests: write # Required to comment the release note on the pull request.\n    steps:\n      - uses: actions/checkout@v3\n        with:\n          fetch-depth: 0\n      - uses: pipe-cd/actions-gh-release@v2.3.4\n        with:\n          release_file: '**/RELEASE'\n          token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n## Inputs\n\n| Name                  | Description                                                                       | Required | Default Value |\n|-----------------------|-----------------------------------------------------------------------------------|:--------:|:-------------:|\n| token                 | The GITHUB_TOKEN secret.                                                          |    yes   |               |\n| release_file          | The path to the RELEASE file or pattern to match one or multiple RELEASE files.   |    no    |    RELEASE    |\n| output_releases_file  | The path to output the list of releases formatted in JSON.                        |    no    |               |\n\n## Outputs\n\n| Name            | Description                                          |\n|-----------------|------------------------------------------------------|\n| releases        | The list of releases formatted in JSON.              |\n\n## RELEASE examples\n\n- Excluding merge pull request from release note\n\n``` yaml\ntag: v1.1.0\n\ncommitExclude:\n  prefixes:\n    - \"Merge pull request #\"\n```\n\n- Grouping commits by category in release note\n\n``` yaml\ntag: v1.1.0\n\ncommitCategories:\n  - title: \"Breaking Changes\"\n    contains:\n      - change-category/breaking-change\n  - title: \"New Features\"\n    contains:\n      - change-category/new-feature\n  - title: \"Notable Changes\"\n    contains:\n      - change-category/notable-change\n  - title: \"Internal Changes\"\n\nreleaseNoteGenerator:\n  showCommitter: true\n  useReleaseNoteBlock: true\n```\n\n- Multiple RELEASE files for mono-repo style\n\n``` yaml\ntag: foo-v0.1.0\nname: foo\n\ncommitInclude:\n  contains:\n    - \"application/foo\"\n\nreleaseNoteGenerator:\n  showAbbrevHash: true\n  showCommitter: true\n  useReleaseNoteBlock: true\n```\n\n- Multiple RELEASE files for mono-repo style (Include parent commits of the matching merge commit in `outoputs.release`)\n\n\n``` yaml\ntag: bar-v1.0.0\nname: bar\n\ncommitInclude:\n  parentOfMergeCommit: true\n  prefixes:\n    - \"bar:\"\n\nreleaseNoteGenerator:\n  showAbbrevHash: true\n  showCommitter: true\n  useReleaseNoteBlock: true\n  commitInclude:\n    prefixes:\n      - \"bar:\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpipe-cd%2Factions-gh-release","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpipe-cd%2Factions-gh-release","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpipe-cd%2Factions-gh-release/lists"}