{"id":26909887,"url":"https://github.com/stack-spot/runtime-manager-action","last_synced_at":"2026-01-30T01:01:17.606Z","repository":{"id":198293394,"uuid":"692077330","full_name":"stack-spot/runtime-manager-action","owner":"stack-spot","description":"StackSpot Action to manage Self Hosted runs","archived":false,"fork":false,"pushed_at":"2026-01-26T11:42:46.000Z","size":161,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-01-27T01:11:28.090Z","etag":null,"topics":["all-os-supported","cloud-runtime","code","github-actions","maintain","self-hosted","stackspot"],"latest_commit_sha":null,"homepage":"https://www.stackspot.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stack-spot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-15T14:04:17.000Z","updated_at":"2025-07-02T12:04:13.000Z","dependencies_parsed_at":"2023-10-05T07:13:17.430Z","dependency_job_id":"82f7d704-2b4c-4031-bc02-cef7cdc8f6ae","html_url":"https://github.com/stack-spot/runtime-manager-action","commit_stats":null,"previous_names":["stack-spot/runtime-manager-action"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/stack-spot/runtime-manager-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-spot%2Fruntime-manager-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-spot%2Fruntime-manager-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-spot%2Fruntime-manager-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-spot%2Fruntime-manager-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stack-spot","download_url":"https://codeload.github.com/stack-spot/runtime-manager-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stack-spot%2Fruntime-manager-action/sbom","scorecard":{"id":845291,"data":{"date":"2025-01-13","repo":{"name":"github.com/stack-spot/runtime-manager-action","commit":"94ccd35d135f3eaa2eb4f61b77732d0a40b78c37"},"scorecard":{"version":"v5.0.0-132-g43d5832d","commit":"43d5832d25ccc597a9b94926b6ad43da25204085"},"score":4.6,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 4/8 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/action-test-macos.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stack-spot/runtime-manager-action/action-test-macos.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/action-test-ubuntu.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stack-spot/runtime-manager-action/action-test-ubuntu.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/action-test-windows.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/stack-spot/runtime-manager-action/action-test-windows.yaml/main?enable=pin","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/action-test-macos.yaml:1","Warn: no topLevel permission defined: .github/workflows/action-test-ubuntu.yaml:1","Warn: no topLevel permission defined: .github/workflows/action-test-windows.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/stack-spot/.github/SECURITY.md:1","Info: Found linked content: github.com/stack-spot/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/stack-spot/.github/SECURITY.md:1","Info: Found text in security policy: github.com/stack-spot/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/43d5832d25ccc597a9b94926b6ad43da25204085/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T21:16:33.697Z","repository_id":198293394,"created_at":"2025-08-23T21:16:33.697Z","updated_at":"2025-08-23T21:16:33.697Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28892889,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T21:06:44.224Z","status":"ssl_error","status_checked_at":"2026-01-29T21:06:42.160Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["all-os-supported","cloud-runtime","code","github-actions","maintain","self-hosted","stackspot"],"created_at":"2025-04-01T13:29:53.459Z","updated_at":"2026-01-30T01:01:17.591Z","avatar_url":"https://github.com/stack-spot.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# runtime-manager-action\n\n[![Action test Ubuntu](https://github.com/stack-spot/runtime-manager-action/actions/workflows/action-test-ubuntu.yaml/badge.svg)](https://github.com/stack-spot/runtime-manager-action/actions/workflows/action-test-ubuntu.yaml) [![Action test MacOS](https://github.com/stack-spot/runtime-manager-action/actions/workflows/action-test-macos.yaml/badge.svg)](https://github.com/stack-spot/runtime-manager-action/actions/workflows/action-test-macos.yaml) [![Action test Windows](https://github.com/stack-spot/runtime-manager-action/actions/workflows/action-test-windows.yaml/badge.svg)](https://github.com/stack-spot/runtime-manager-action/actions/workflows/action-test-windows.yaml)\n\nGitHub action to authenticate and consume StackSpot Runtime API.\n\n_**Note**: This action is supported on all runners operating systems (`ubuntu`, `macos`, `windows`)_\n\n## 📚 Usage\n\n### Requirements\n\nTo get the account keys (`CLIENT_ID`, `CLIENT_KEY` and `CLIENT_REALM`), please login using a **ADMIN** user on the [StackSpot Portal](https://stackspot.com), and generate new keys at [https://stackspot.com/en/settings/access-token](https://stackspot.com/en/settings/access-token).\n\n### Use Case\n\n```yaml\n    steps:\n      - uses: stack-spot/runtime-manager-action@v2.1\n        id: run\n        with:\n          CLIENT_ID: ${{ secrets.CLIENT_ID }}\n          CLIENT_KEY: ${{ secrets.CLIENT_KEY }}\n          CLIENT_REALM: ${{ secrets.CLIENT_REALM }}\n          WORKSPACE: my_workspace\n          ENVIRONMENT: my_environment\n          VERSION_TAG: my_tag\n          SKIP_DEPLOY: false\n          TF_STATE_BUCKET_NAME: my_bucket\n          TF_STATE_REGION: region\n          IAC_BUCKET_NAME: my_bucket\n          IAC_REGION: region\n          VERBOSE: true # not mandatory\n          BRANCH: main # not mandatory\n          OPEN_API_PATH: swagger.yaml # not mandatory\n          DYNAMIC_INPUTS: --key1 value1 --key2 value2\n          WORKDIR: ./my-folder # not mandatory\n\n      - name: Check Run Tasks Data\n        run: echo \"Tasks = ${{ steps.run.outputs.tasks }}\"\n        shell: bash\n```\n\n* * *\n\n## ▶️ Action Inputs\n\nField | Mandatory | Default Value | Observation\n------------ | ------------  | ------------- | -------------\n**CLIENT_ID** | YES | N/A | [StackSpot](https://stackspot.com/en/settings/access-token) Client ID.\n**CLIENT_KEY** | YES | N/A |[StackSpot](https://stackspot.com/en/settings/access-token) Client KEY.\n**CLIENT_REALM** | YES | N/A |[StackSpot](https://stackspot.com/en/settings/access-token) Client Realm.\n**WORKSPACE** | YES | N/A | StackSpot Workspace where the project has been registered.\n**ENVIRONMENT** | YES | N/A | StackSpot Environment where the project will be deployed.\n**VERSION_TAG** | YES | N/A | Deploy version tag\n**SKIP_DEPLOY** | NO | false | If set as `true`, checks if manifesto had any changes, in case it had no changes, it will set deploy as `SKIPPED` and will not apply infra plugins in the cloud.\n**TF_STATE_BUCKET_NAME** | YES | N/A | AWS S3 Bucket name where the generated tfstate files will be stored.\n**TF_STATE_REGION** | YES | N/A | AWS region where the TF State will be stored (e.g: `us-east-1`).\n**IAC_BUCKET_NAME** | YES | N/A | AWS S3 Bucket name where the generated IaC files will be stored.\n**IAC_REGION** | YES | N/A | AWS region where the IaC will be stored (e.g: `us-east-1`).\n**VERBOSE** | NO | `false` | Whether to show extra logs during execution. (e.g: `true`).\n**BRANCH** | NO | `true` | Whether or not to checkout automatically on repository (e.g: `false`).\n**OPEN_API_PATH** | NO | N/A | Path to OpenAI / Swagger file within the repository (e.g: `path/to/file.yml`)\n**DYNAMIC_INPUTS** | NO | N/A | Dynamic inputs used with Jinja on IAC, informed as `--key1 value1 --key2 value2`\n**WORKDIR** | NO | ./ | Path to the directory where the `.stk` is located.\n\n* * *\n\n### More information on some inputs\n\n\u003cdetails\u003e\n\n\u003csummary\u003e BRANCH \u003c/summary\u003e\n\nWhen the input `BRANCH` is used, within the IAC step of the tasks, the repository will be cloned within the `terraform.zip` with the following structure, in case repository files are necessary within terraform.\n\n_**Note**: the contents of the branch input don't really matter, the branch cloned will be the branch used to dispatch the workflow as long as it is not empty_\n\n```\n├── main.tf\n├── outputs.tf\n├── repodir\n│   ├── .git/\n│   ├── .stk/\n│   │   └── stk.yaml\n│   ├── src/\n│   ├── tests/\n│   └── ... {repository-files}\n└── variables.tf\n└── ... {templates-deploy}\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\n\u003csummary\u003e DYNAMIC_INPUTS \u003c/summary\u003e\n\nWhen the input `DYNAMIC_INPUTS` is used, the flags passes in these inputs will be added to every plugin applied as their input, and could be used by Jinja engine to modify the IaC file created\n\n**e.g:**\n\n`DYNAMIC_INPUTS = --app_repository=\"https://github.com/stack-spot/runtime-manager-action\"`\n\n\n_main.tf_\n```jinja\n{% if app_repository is defined %}\n    resource_source  = {{ app_repository }}\n{% else %}\n    resource_source  = \"default\"\n{% endif %}\n```\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n\n\u003csummary\u003e WORKDIR \u003c/summary\u003e\n\nWhen the input `WORKDIR` is used, it should point to the path where a `.stk` folder is located and that it should be used as the source of the new deployment. This is specially useful if you contain multiple Stackspot infras within a single repository.\n\n**e.g:**\n`WORKDIR=\"./ecr-infra\"` will deploy the *stk.yaml* within that folder, but if you want to deploy the *application*, you should use `WORKDIR=\"./application\"`\n\n**Repository structure**\n```\n├── .git/\n├── ecr-infra/\n│   ├── .stk/\n│   │   └── stk.yaml\n├── application/\n│   ├── .stk/\n│   │   └── stk.yaml\n│   ├── src/\n│   ├── tests/\n│   └── ...\n└── README.MD\n```\n\n\n\u003c/details\u003e\n\n## License\n\n[Apache License 2.0](https://github.com/stack-spot/runtime-manager-action/blob/main/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstack-spot%2Fruntime-manager-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstack-spot%2Fruntime-manager-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstack-spot%2Fruntime-manager-action/lists"}