{"id":20095947,"url":"https://github.com/pirafrank/github-commit-sign","last_synced_at":"2026-05-06T06:37:35.892Z","repository":{"id":224801290,"uuid":"764228466","full_name":"pirafrank/github-commit-sign","owner":"pirafrank","description":"A node module and CLI tool to perform multi-file signed commits on a GitHub repo through their GraphQL APIs. Good for CI/CD environments.","archived":false,"fork":false,"pushed_at":"2024-09-30T18:27:21.000Z","size":163,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"dev","last_synced_at":"2025-02-28T22:10:29.018Z","etag":null,"topics":["cd","ci","commits","continuous-integration","git","github","graphql"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@pirafrank/github-commit-sign","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pirafrank.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-27T17:53:24.000Z","updated_at":"2024-11-03T15:54:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"e4aa5129-d3f1-4abe-8189-9409488be396","html_url":"https://github.com/pirafrank/github-commit-sign","commit_stats":null,"previous_names":["pirafrank/github-graphql-client","pirafrank/github-commit-sign"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pirafrank%2Fgithub-commit-sign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pirafrank%2Fgithub-commit-sign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pirafrank%2Fgithub-commit-sign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pirafrank%2Fgithub-commit-sign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pirafrank","download_url":"https://codeload.github.com/pirafrank/github-commit-sign/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241535197,"owners_count":19978101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cd","ci","commits","continuous-integration","git","github","graphql"],"created_at":"2024-11-13T16:57:07.237Z","updated_at":"2025-10-30T21:12:14.530Z","avatar_url":"https://github.com/pirafrank.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Commit Sign\n\n[![GitHub release](https://img.shields.io/github/release/pirafrank/github-commit-sign.svg?style=flat-square)](https://github.com/pirafrank/github-commit-sign/releases/latest)\n[![GitHub marketplace](https://img.shields.io/badge/marketplace-github--commit--sign-blue?logo=github\u0026style=flat-square)](https://github.com/marketplace/actions/github-commit-sign)\n[![Docker pulls](https://img.shields.io/docker/pulls/pirafrank/github-commit-sign.svg?style=flat-square)](https://hub.docker.com/r/pirafrank/github-commit-sign)\n[![npm](https://img.shields.io/npm/v/@pirafrank/github-commit-sign.svg?style=flat-square)](https://www.npmjs.com/package/@pirafrank/github-commit-sign)\n\nA thin wrapper to perform signed commits to a GitHub repository through their GraphQL APIs. Useful to create signed commits in CI/CD environments.\n\n## Available as\n\n- [GitHub Action](https://github.com/marketplace/actions/github-commit-sign)\n- [Docker image](https://hub.docker.com/r/pirafrank/github-commit-sign)\n- [CLI tool](#cli-usage)\n- [npm module](https://www.npmjs.com/package/@pirafrank/github-commit-sign)\n\n## Why\n\n- Commit changes to a GitHub repository without cloning it locally\n- By using the GitHub GraphQL API, we can commit multiple changes at once\n- By using GitHub APIs, we can implicitly sign commits via web-flow signing, like vscode.dev does\n\n## Use cases\n\n- Automate the process of committing file additions, changes, or deletions to a GitHub repository without cloning it locally\n- Integrate with existing CI/CD pipelines perform signed commits on behalf of the pipeline, without hard-to-setup GPG config\n- Avoid storing private SSH keys in CI/CD environments (only the `GITHUB_TOKEN` is needed and can be easily saved as secret string passed as environment variable at pipeline runtime)\n- you name it...\n\nI have actually written this to get signed commits in GitHub Actions running [here](https://github.com/pirafrank/fpiracom).\n\n## ⚠️ Before you start\n\n### About `GITHUB_TOKEN`\n\nIn GitHub Actions the `GITHUB_TOKEN` is [automatically generated](https://docs.github.com/en/actions/security-guides/automatic-token-authentication) per each run and is available as an environment variable. For the commit action to work, the `GITHUB_TOKEN` must be set as environment variable and it must have *write* access to the repository you want to commit to.\n\nThe following applies, based on the context you are running the action in:\n\n- **GitHub Actions**: If the repository is the same where your workflow run, you can either:\n  - Configure it by adding the following to your workflow YAML file (restricted priviledges, recommended):\n\n  ```yaml\n  permissions:\n    contents: write\n  ```\n\n  - Set it up for all workflows in your repository (wider priviledges, not recommended): Go to *Repository Settings \u003e Actions \u003e General \u003e Workflow permissions*, and set `Read and write permissions`.\n\n- **GitHub Actions**: if you need to commit to other repositories, you may need to override the default `GITHUB_TOKEN` with a personal access token with the `repo` scope. Go to *Profile \u003e Settings \u003e Developer settings \u003e Personal access tokens \u003e Token (classic)*, and Generate new token (classic) with the full-control over `repo` scope.\n  - **Tip**: store the generated token in repository secrets!\n- **Docker image, npm module, or CLI**: when running outside of GitHub Actions, set an environment variable called `GITHUB_TOKEN` with the token value having full-control over `repo` scope.\n\n### Usage assumptions\n\n- Changed (or new) files must exist locally\n  - for practial reasons, those files must have the same file name and file path as the ones in the repository you are replacing with your commit (or the same file name and file path you want them to have in the repository)\n- Deleted files may not exist locally, and their path may just be provided as argument\n- GraphQL APIs are not meant to be used to push a lot of code! If that is your case, please consider using a local clone and `git`.\n\n## GitHub Action usage\n\nYou can use this module as a GitHub Action. It is a Docker-based action.\n\n### Print help\n\n```yaml\n    # Print help\n    - name: Print help\n      uses: pirafrank/github-commit-sign@v0\n      with:\n        args: \"--help\"\n```\n\n### Commit changes\n\nRequirements when running in a GitHub Actions workflow:\n\n- `GITHUB_TOKEN` must be set as environment variable and it must have write access to the repository you want to commit to. Read the *Before you start* section above for more details.\n- `--changed` and `--deleted` may have multiple file paths, as a single string with space-separated values, or by repeating the option per each file path. All file paths must be relative to the repository root.\n\n```yaml\n    # Commit changes...\n    - name: Commit changes\n      id: commit_changes\n      uses: pirafrank/github-commit-sign@v0\n      if: ${{ vars.RUN_COMMIT_CHANGES == 'true' }}\n      env:\n        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n      with:\n        args: \"commit --owner=${{ github.repository_owner }} --repo=${{ github.event.repository.name }} --branch=${{ github.ref_name }} --commitMessage='this is a webflow signed commit' --changed new.txt dummy/subdir/changed.txt --deleted dummy/delete_me.txt another_deleted.txt\"\n    # ...then use output details in another step\n    - name: Print git commit output\n      if: ${{ vars.RUN_COMMIT_CHANGES == 'true' }}\n      run: |\n        echo \"Run command: ${{ steps.commit_changes.outputs.command }}\"\n        echo \"Commit URL: ${{ steps.commit_changes.outputs.commitUrl }}\"\n\n```\n\n\u003e [!TIP]\n\u003e You may want to create string format list of added and changed files in a previous step in your workflow.\n\n### Other commands\n\nThe action accepts the same commands you can provide to the CLI. Pass them as a single string to the `args` input. Read below for more details.\n\n## Docker image\n\nYou can use this module as a Docker image. It is a multi-arch image, so it should run on any architecture.\n\nThe image is available on Docker Hub as `pirafrank/github-commit-sign`.\n\nThe image run the CLI instance of the program, thus accepting the same commands you can provide to the CLI. Pass them as you'd do with any other Docker image.\n\n## CLI usage\n\n### Requirements\n\n- Node.js (18.18+)\n- A GitHub token with the `repo` scope.\n  - The token must be set in the environment variable called `GITHUB_TOKEN`.\n\n### Installation\n\n```sh\nnpm install -g @pirafrank/github-commit-sign\n```\n\n### Usage examples\n\n```sh\nexport GITHUB_TOKEN='your_github_token_here'\nggh commit \\\n  --owner yourname \\\n  --repo some_repo_of_yours \\\n  --branch main \\\n  --added .gitignore \\\n  --commitMessage 'added .gitignore'\n```\n\n```sh\nexport GITHUB_TOKEN='your_github_token_here'\nggh commit \\\n  --owner yourname \\\n  --repo some_repo_of_yours \\\n  --branch main \\\n  --deleted .gitignore \\\n  --commitMessage 'remove .gitignore'\n```\n\nMulti-file commit is also possible:\n\n- `--changed` and `--deleted` may have multiple file paths, as a single string with space-separated values, or by repeating the option per each file path. All file paths must be relative to the repository root.\n\n```sh\nexport GITHUB_TOKEN='your_github_token_here'\nggh commit \\\n  --owner yourname \\\n  --repo some_repo_of_yours \\\n  --branch main \\\n  --changed 'some_dir/some_file.txt' 'some_other_dir/some_other_file.txt' \\\n  --deleted 'some_dir/delete_me.txt' \\\n  --deleted 'some_dir/subdir/delete_me_too.txt' \\\n  --commitMessage 'stuff'\n```\n\nUse `--help` for a full list of available commands and options.\n\n## `npm` module\n\nThe module exports the following functions:\n\n- `createCommitOnBranch`\n- `checkIfBranchExists`\n- `getShaOfParentCommit`\n\nBefore using any of them, you must call the `init` function with the `GITHUB_TOKEN` and the GitHub GraphQL URL as arguments.\n\n```js\ninit(\"your_github_token_here\", \"https://api.github.com/graphql\");\n```\n\nIf called without arguments, it will use the `GITHUB_TOKEN` and `GITHUB_GRAPHQL_URL` environment variables.\n\n```js\ninit();\n```\n\nPlease refer to `index.js` for the function signatures.\n\n## Tests\n\nCreate a `.env` file with your `repo`-scoped `GITHUB_TOKEN`, then run:\n\n```sh\nnpm test\n```\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpirafrank%2Fgithub-commit-sign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpirafrank%2Fgithub-commit-sign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpirafrank%2Fgithub-commit-sign/lists"}