{"id":13530473,"url":"https://github.com/skx/github-action-publish-binaries","last_synced_at":"2025-09-02T00:32:38.210Z","repository":{"id":35236227,"uuid":"172322732","full_name":"skx/github-action-publish-binaries","owner":"skx","description":"Publish binaries when new releases are made.","archived":true,"fork":false,"pushed_at":"2022-05-10T18:30:04.000Z","size":31,"stargazers_count":139,"open_issues_count":5,"forks_count":18,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-06-30T21:02:41.386Z","etag":null,"topics":["binaries","github","github-action","release"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"skx","custom":"https://steve.fi/donate/"}},"created_at":"2019-02-24T10:12:31.000Z","updated_at":"2024-12-22T17:24:25.000Z","dependencies_parsed_at":"2023-01-05T13:22:15.192Z","dependency_job_id":null,"html_url":"https://github.com/skx/github-action-publish-binaries","commit_stats":{"total_commits":42,"total_committers":8,"mean_commits":5.25,"dds":0.2857142857142857,"last_synced_commit":"44887b225ceca96efd8a912d39c09ad70312af31"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/skx/github-action-publish-binaries","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Fgithub-action-publish-binaries","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Fgithub-action-publish-binaries/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Fgithub-action-publish-binaries/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Fgithub-action-publish-binaries/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skx","download_url":"https://codeload.github.com/skx/github-action-publish-binaries/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skx%2Fgithub-action-publish-binaries/sbom","scorecard":{"id":830365,"data":{"date":"2025-08-11","repo":{"name":"github.com/skx/github-action-publish-binaries","commit":"44887b225ceca96efd8a912d39c09ad70312af31"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.6,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":2,"reason":"Found 7/30 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"project is archived","details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating debian:bullseye to debian:bullseye@sha256:8ec25a9073e8cc89a184a6256e219828196d75203375a8ad4f0977f3011f2115","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T17:37:26.398Z","repository_id":35236227,"created_at":"2025-08-23T17:37:26.398Z","updated_at":"2025-08-23T17:37:26.398Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273213766,"owners_count":25065058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-01T02:00:09.058Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binaries","github","github-action","release"],"created_at":"2024-08-01T07:00:50.374Z","updated_at":"2025-09-02T00:32:37.951Z","avatar_url":"https://github.com/skx.png","language":"Shell","readme":"# GitHub Action for Uploading Release Artifacts\n\nThis repository contains a simple GitHub Action implementation which allows you to attach binaries to a new (github) release of your repository.\n\n* [GitHub Action for Uploading Release Artifacts](#github-action-for-uploading-release-artifacts)\n  * [Enabling the action](#enabling-the-action)\n  * [Sample Configuration](#sample-configuration)\n  * [Advanced Configuration](#advanced-configuration)\n  * [GITHUB_TOKEN](#github_token)\n\n\n## Enabling the action\n\nThere are two steps required to use this action:\n\n* Enable the action inside your repository.\n  * This will mean creating a file `.github/workflows/release.yml` which is where the action is invoked.\n  * You'll specify a pattern to describe which binary-artifacts are uploaded.\n* Ensure your binary artifacts are generated.\n  * Ideally you should do this in your workflow using another action.\n\n\n## Sample Configuration\n\nThe following configuration file uses _this_ action, along with the [github-action-build](https://github.com/skx/github-action-build) action to generate the artifacts for a project, then attach them to a release.\n\n```yml\non:\n  release:\n    types: [created]\nname: Handle Release\njobs:\n  generate:\n    name: Create release-artifacts\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout the repository\n        uses: actions/checkout@master\n      - name: Generate the artifacts\n        uses: skx/github-action-build@master\n      - name: Upload the artifacts\n        uses: skx/github-action-publish-binaries@master\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n        with:\n          args: 'example-*'\n```\n\nThis is the preferred approach because it uses a pair of distinct actions, each having one job:\n\n* [skx/github-action-build](https://github.com/skx/github-action-build/)\n  * Generates the build artifacts.\n  * i.e. Compiles your binaries.\n* [skx/github-action-publish-binaries](https://github.com/skx/github-action-publish-binaries)\n  * Uploads the previously-generated the build artifacts.\n\n\n## Advanced Configuration\n\nThis action is primarily intended to be invoked upon a release-event, which means that Github itself will create a new release, and the action will upload the specified artifacts to that release.\n\nHowever it might be that you wish to **create** a new release within an action, then modify it by populating the content and adding artifacts.   This is possible, because we allow you to specify the ID of the release to which your artifacts should be associated.\n\nYou'll want to configure it using something like this:\n\n```yml\n  upload_artifacts:\n    name: Upload Artifacts\n    needs: [create_release]\n    runs-on: ubuntu-latest\n    steps:\n      - name: Upload the artifacts\n        uses: skx/github-action-publish-binaries@release-1.3\n        env:\n          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n        with:\n          releaseId: ${{ needs.create_release.outputs.id }}\n          args: '*.bin'\n```\n\nHere we're explicitly passing the `releaseId` variable, such that the specified release ID will be used.\n\n\n\n## `GITHUB_TOKEN`\n\nYour workflow configuration file, named `.github/workflows/release.yml`, will contain a reference to `secrets.GITHUB_TOKEN`, however you do __not__ need to generate that as it is automatically created. You will however need to update your repository settings under `Actions -\u003e General` to give the `GITHUB_TOKEN` write access to upload binaries to the release, without write access you will get a `403` response error.\n\n\u003cimg width=\"894\" alt=\"image\" src=\"https://user-images.githubusercontent.com/19007109/167677568-7c4c942f-b7a3-49af-9470-99605927b123.png\"\u003e\n\nYou _can_ inject secrets into workflows, defining them in the project settings, and referring to them by name, but the `GITHUB_TOKEN` value is special and it is handled transparently, requiring no manual setup.\n","funding_links":["https://github.com/sponsors/skx","https://steve.fi/donate/"],"categories":["Community Resources"],"sub_categories":["Utility"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskx%2Fgithub-action-publish-binaries","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskx%2Fgithub-action-publish-binaries","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskx%2Fgithub-action-publish-binaries/lists"}