{"id":13496370,"url":"https://github.com/softprops/action-gh-release","last_synced_at":"2026-03-15T04:16:48.944Z","repository":{"id":38412752,"uuid":"204253808","full_name":"softprops/action-gh-release","owner":"softprops","description":"📦 :octocat: GitHub Action for creating GitHub Releases","archived":false,"fork":false,"pushed_at":"2025-09-07T04:37:17.000Z","size":4161,"stargazers_count":5043,"open_issues_count":186,"forks_count":548,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-09-07T06:18:38.452Z","etag":null,"topics":["github-actions","github-releases"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/softprops.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"ko_fi":"softprops"}},"created_at":"2019-08-25T06:10:05.000Z","updated_at":"2025-09-07T04:36:47.000Z","dependencies_parsed_at":"2024-01-10T23:02:13.350Z","dependency_job_id":"4ccb1dbc-cbc8-4860-a180-faf9de114a10","html_url":"https://github.com/softprops/action-gh-release","commit_stats":{"total_commits":325,"total_committers":55,"mean_commits":5.909090909090909,"dds":0.4061538461538462,"last_synced_commit":"e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8"},"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/softprops/action-gh-release","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softprops%2Faction-gh-release","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softprops%2Faction-gh-release/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softprops%2Faction-gh-release/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softprops%2Faction-gh-release/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/softprops","download_url":"https://codeload.github.com/softprops/action-gh-release/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softprops%2Faction-gh-release/sbom","scorecard":{"id":836136,"data":{"date":"2025-08-11","repo":{"name":"github.com/softprops/action-gh-release","commit":"f82d31e53e61a962573dd0c5fcd6b446ca78871f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":3,"reason":"Found 6/17 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info: 2 out of 2 GitHub-owned GitHubAction dependencies pinned","Info: 1 out of 1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T19:06:42.135Z","repository_id":38412752,"created_at":"2025-08-23T19:06:42.135Z","updated_at":"2025-08-23T19:06:42.135Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274088026,"owners_count":25220254,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-actions","github-releases"],"created_at":"2024-07-31T19:01:46.970Z","updated_at":"2026-03-15T04:16:48.939Z","avatar_url":"https://github.com/softprops.png","language":"TypeScript","readme":"\u003cdiv align=\"center\"\u003e\n 📦 :octocat:\n\u003c/div\u003e\n\u003ch1 align=\"center\"\u003e\n action gh-release\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n A GitHub Action for creating GitHub Releases on Linux, Windows, and macOS virtual environments\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"demo.png\"/\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://github.com/softprops/action-gh-release/actions\"\u003e\n\t\t\u003cimg src=\"https://github.com/softprops/action-gh-release/workflows/Main/badge.svg\"/\u003e\n\t\u003c/a\u003e\n\u003c/div\u003e\n\n\u003cbr /\u003e\n\n- [🤸 Usage](#-usage)\n - [🚥 Limit releases to pushes to tags](#-limit-releases-to-pushes-to-tags)\n - [⬆️ Uploading release assets](#️-uploading-release-assets)\n - [📝 External release notes](#-external-release-notes)\n - [💅 Customizing](#-customizing)\n - [inputs](#inputs)\n - [outputs](#outputs)\n - [environment variables](#environment-variables)\n - [Permissions](#permissions)\n\n## 🤸 Usage\n\n### 🚥 Limit releases to pushes to tags\n\nTypically usage of this action involves adding a step to a build that\nis gated pushes to git tags. You may find `step.if` field helpful in accomplishing this\nas it maximizes the reuse value of your workflow for non-tag pushes.\n\nBelow is a simple example of `step.if` tag gating\n\n```yaml\nname: Main\n\non: push\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Release\n uses: softprops/action-gh-release@v2\n if: github.ref_type == 'tag'\n```\n\nYou can also use push config tag filter\n\n```yaml\nname: Main\n\non:\n push:\n tags:\n - \"v*.*.*\"\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Release\n uses: softprops/action-gh-release@v2\n```\n\n### ⬆️ Uploading release assets\n\nYou can configure a number of options for your\nGitHub release and all are optional.\n\nA common case for GitHub releases is to upload your binary after its been validated and packaged.\nUse the `with.files` input to declare a newline-delimited list of glob expressions matching the files\nyou wish to upload to GitHub releases. If you'd like you can just list the files by name directly.\nIf a tag already has a GitHub release, the existing release will be updated with the release assets.\n\nBelow is an example of uploading a single asset named `Release.txt`\n\n```yaml\nname: Main\n\non: push\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Build\n run: echo ${{ github.sha }} \u003e Release.txt\n - name: Test\n run: cat Release.txt\n - name: Release\n uses: softprops/action-gh-release@v2\n if: github.ref_type == 'tag'\n with:\n files: Release.txt\n```\n\nBelow is an example of uploading more than one asset with a GitHub release\n\n```yaml\nname: Main\n\non: push\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Build\n run: echo ${{ github.sha }} \u003e Release.txt\n - name: Test\n run: cat Release.txt\n - name: Release\n uses: softprops/action-gh-release@v2\n if: github.ref_type == 'tag'\n with:\n files: |\n Release.txt\n LICENSE\n```\n\n\u003e **⚠️ Note:** Notice the `|` in the yaml syntax above ☝️. That lets you effectively declare a multi-line yaml string. You can learn more about multi-line yaml syntax [here](https://yaml-multiline.info)\n\n\u003e **⚠️ Note for Windows:** Paths must use `/` as a separator, not `\\`, as `\\` is used to escape characters with special meaning in the pattern; for example, instead of specifying `D:\\Foo.txt`, you must specify `D:/Foo.txt`. If you're using PowerShell, you can do this with `$Path = $Path -replace '\\\\','/'`\n\n### 📝 External release notes\n\nMany systems exist that can help generate release notes for you. This action supports\nloading release notes from a path in your repository's build to allow for the flexibility\nof using any changelog generator for your releases, including a human 👩‍💻\n\n```yaml\nname: Main\n\non: push\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n - name: Generate Changelog\n run: echo \"# Good things have arrived\" \u003e ${{ github.workspace }}-CHANGELOG.txt\n - name: Release\n uses: softprops/action-gh-release@v2\n if: github.ref_type == 'tag'\n with:\n body_path: ${{ github.workspace }}-CHANGELOG.txt\n repository: my_gh_org/my_gh_repo\n # note you'll typically need to create a personal access token\n # with permissions to create releases in the other repo\n token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}\n```\n\n### 💅 Customizing\n\n#### inputs\n\nThe following are optional as `step.with` keys\n\n| Name | Type | Description |\n| -------------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `body` | String | Text communicating notable changes in this release |\n| `body_path` | String | Path to load text communicating notable changes in this release |\n| `draft` | Boolean | Indicator of whether or not this release is a draft |\n| `prerelease` | Boolean | Indicator of whether or not is a prerelease |\n| `preserve_order` | Boolean | Indicator of whether order of files should be preserved when uploading assets |\n| `files` | String | Newline-delimited globs of paths to assets to upload for release |\n| `overwrite_files` | Boolean | Indicator of whether files should be overwritten when they already exist. Defaults to true |\n| `name` | String | Name of the release. defaults to tag name |\n| `tag_name` | String | Name of a tag. defaults to `github.ref_name` |\n| `fail_on_unmatched_files` | Boolean | Indicator of whether to fail if any of the `files` globs match nothing |\n| `repository` | String | Name of a target repository in `\u003cowner\u003e/\u003crepo\u003e` format. Defaults to GITHUB_REPOSITORY env variable |\n| `target_commitish` | String | Commitish value that determines where the Git tag is created from. Can be any branch or commit SHA. Defaults to repository default branch. |\n| `token` | String | Secret GitHub Personal Access Token. Defaults to `${{ github.token }}` |\n| `discussion_category_name` | String | If specified, a discussion of the specified category is created and linked to the release. The value must be a category that already exists in the repository. For more information, see [\"Managing categories for discussions in your repository.\"](https://docs.github.com/en/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository) |\n| `generate_release_notes` | Boolean | Whether to automatically generate the name and body for this release. If name is specified, the specified name will be used; otherwise, a name will be automatically generated. If body is specified, the body will be pre-pended to the automatically generated notes. See the [GitHub docs for this feature](https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes) for more information |\n| `append_body` | Boolean | Append to existing body instead of overwriting it |\n| `make_latest` | String | Specifies whether this release should be set as the latest release for the repository. Drafts and prereleases cannot be set as latest. Can be `true`, `false`, or `legacy`. Uses GitHub api defaults if not provided |\n\n💡 When providing a `body` and `body_path` at the same time, `body_path` will be\nattempted first, then falling back on `body` if the path can not be read from.\n\n💡 When the release info keys (such as `name`, `body`, `draft`, `prerelease`, etc.)\nare not explicitly set and there is already an existing release for the tag, the\nrelease will retain its original info.\n\n#### outputs\n\nThe following outputs can be accessed via `${{ steps.\u003cstep-id\u003e.outputs }}` from this action\n\n| Name | Type | Description |\n| ------------ | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `url` | String | Github.com URL for the release |\n| `id` | String | Release ID |\n| `upload_url` | String | URL for uploading assets to the release |\n| `assets` | String | JSON array containing information about each uploaded asset, in the format given [here](https://docs.github.com/en/rest/releases/assets#get-a-release-asset) (minus the `uploader` field) |\n\nAs an example, you can use `${{ fromJSON(steps.\u003cstep-id\u003e.outputs.assets)[0].browser_download_url }}` to get the download URL of the first asset.\n\n#### environment variables\n\nThe following `step.env` keys are allowed as a fallback but deprecated in favor of using inputs.\n\n| Name | Description |\n| ------------------- | ------------------------------------------------------------------------------------------ |\n| `GITHUB_TOKEN` | GITHUB_TOKEN as provided by `secrets` |\n| `GITHUB_REPOSITORY` | Name of a target repository in `\u003cowner\u003e/\u003crepo\u003e` format. defaults to the current repository |\n\n\u003e **⚠️ Note:** This action was previously implemented as a Docker container, limiting its use to GitHub Actions Linux virtual environments only. With recent releases, we now support cross platform usage. You'll need to remove the `docker://` prefix in these versions\n\n### Permissions\n\nThis Action requires the following permissions on the GitHub integration token:\n\n```yaml\npermissions:\n contents: write\n```\n\nWhen used with `discussion_category_name`, additional permission is needed:\n\n```yaml\npermissions:\n contents: write\n discussions: write\n```\n\n[GitHub token permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) can be set for an individual job, workflow, or for Actions as a whole.\n\nNote that if you intend to run workflows on the release event (`on: { release: { types: [published] } }`), you need to use\na personal access token for this action, as the [default `secrets.GITHUB_TOKEN` does not trigger another workflow](https://github.com/actions/create-release/issues/71).\n\nDoug Tangren (softprops) 2019\n","funding_links":["https://ko-fi.com/softprops"],"categories":["TypeScript","Community Resources","others","github-actions","二、核心官方Action(工作流必备)"],"sub_categories":["GitHub Tools and Management","2. GitHub 自动化工具"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftprops%2Faction-gh-release","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoftprops%2Faction-gh-release","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftprops%2Faction-gh-release/lists"}