{"id":17441178,"url":"https://github.com/tmigone/versionist","last_synced_at":"2025-09-14T04:30:49.555Z","repository":{"id":42974629,"uuid":"270882196","full_name":"tmigone/versionist","owner":"tmigone","description":"GitHub action that provides automatic Semver versioning and changelog generation.","archived":false,"fork":false,"pushed_at":"2022-03-25T12:26:49.000Z","size":61,"stargazers_count":5,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-26T03:03:08.909Z","etag":null,"topics":["balena","balena-versionist","github-actions","publishing","versionist"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tmigone.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-06-09T02:17:30.000Z","updated_at":"2024-10-14T03:55:00.000Z","dependencies_parsed_at":"2022-09-22T05:12:16.432Z","dependency_job_id":null,"html_url":"https://github.com/tmigone/versionist","commit_stats":null,"previous_names":[],"tags_count":32,"template":false,"template_full_name":"actions/hello-world-docker-action","purl":"pkg:github/tmigone/versionist","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmigone%2Fversionist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmigone%2Fversionist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmigone%2Fversionist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmigone%2Fversionist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tmigone","download_url":"https://codeload.github.com/tmigone/versionist/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tmigone%2Fversionist/sbom","scorecard":{"id":889897,"data":{"date":"2025-08-11","repo":{"name":"github.com/tmigone/versionist","commit":"4c2615856b9c7da75b3b359c2248de3b91c49816"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/deploy.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tmigone/versionist/deploy.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deploy.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/tmigone/versionist/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/tmigone/versionist/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/tmigone/versionist/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/tmigone/versionist/deploy.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/tmigone/versionist/deploy.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating tmigone/versionist:latest to tmigone/versionist:latest@sha256:b7fe7eccdb29a40ceb15d8c2fa157c0f29101676ca82545dd6d21ec03a8e8b84","Warn: containerImage not pinned by hash: Dockerfile.baseimage:1: pin your Docker image by updating balenalib/amd64-node:14 to balenalib/amd64-node:14@sha256:ef23e15b5a5da5c5d5f57763bcad14fa9a78490fee8f30f409a19dd17f5d9269","Warn: npmCommand not pinned by hash: Dockerfile.baseimage:6","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T11:23:49.389Z","repository_id":42974629,"created_at":"2025-08-24T11:23:49.389Z","updated_at":"2025-08-24T11:23:49.389Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275062946,"owners_count":25398887,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-14T02:00:10.474Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["balena","balena-versionist","github-actions","publishing","versionist"],"created_at":"2024-10-17T15:10:24.259Z","updated_at":"2025-09-14T04:30:49.319Z","avatar_url":"https://github.com/tmigone.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# versionist GitHub action\n![DockerHub](https://img.shields.io/docker/v/tmigone/versionist?sort=semver\u0026logo=docker\u0026logoColor=2496ED\u0026label=Docker+image\u0026color=2496ED\u0026link=https://hub.docker.com/repository/docker/tmigone/versionist)\n\nThis action uses a service account to provide automatic Semver versioning and changelog generation. Useful to handle versioning in continuous delivery workflows that use NPM or Docker deployments for example.\n \nThe following actions are taken sequentially:\n\n- Run `balena-versionist`. This will update `CHANGELOG.md`, `VERSION`, `package.json`, etc files accordingly.\n- Add a new commit to the working branch with the versioning changes\n- Create a release tag corresponding to the new version\n- Push changes and tags to master\n\nRead more about the opinionated versioning here:\n- [versionist](https://github.com/balena-io/versionist)\n- [balena-versionist](https://github.com/balena-io/balena-versionist)\n\n**Action's inputs and outputs**\n| Input / Output | Name | Description |\n| ------------- | ------------- | ------------- |\n| Input  | `branch` | **Not required** Name of the branch where versioning should be applied. Default: master. | \n| Input  | `github_email` | **Required** The service account's email address. | \n| Input  | `github_username` | **Required** The service account's username. | \n| Input  | `github_token` | **Required** A Personal Access Token for the GitHub service account. We recommend to set this using secrets, for example: `${{ secrets.GH_VERSIONIST_TOKEN }}`. | \n| Output  | `version` | The project's version after running versionist. |\n| Output  | `updated` | Returns `true` if the version was bumped by versionist, `false` otherwise. |\n\n## Example usage\n\n### GitHub Service account\nFirst you'll need to create a GitHub service account and grant it `Collaborator` access to the target repository. This can be any GitHub account though we recommend to use a dedicated one just for this task. You'll need to take note of the account's email address, username and create a GitHub [Personal Access Token](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token) with `repo` access.\n\n### Configuring the workflow\nNext, configure your workflow. Here is an example:\n\n```yaml\nname: Run versionist\non:\n  push:\n    branches:\n      - master\n\njobs:\n\n  versionist:\n    name: Run versionist\n    if: \"!contains(github.event.head_commit.author.name, 'versionist')\"   # Ignore push events made by the service account\n    runs-on: ubuntu-latest\n    outputs:                                              # (optional) Only if you want to use them in next jobs\n      version: ${{ steps.versionist.outputs.version }}    # version: project's version after running versionist\n      updated: ${{ steps.versionist.outputs.updated }}    # updated: true if the version has been updated\n    steps: \n    - name: Checkout project\n      uses: actions/checkout@v2\n      with:\n        fetch-depth: 0                                    # We need all commits and tags\n        persist-credentials: false                        # Next step needs to use service account's token\n    - name: Run versionist\n      id: versionist                                      # (optional) Only needed if using outputs\n      uses: tmigone/versionist@master\n      with:\n        # Provide your versionist service account details\n        github_email: 'tmigone.versionist@gmail.com'\n        github_username: 'versionist'\n        github_token: ${{ secrets.GH_VERSIONIST_TOKEN }}\n\n\n  # You can now use any other action to package and distribute your new release (NPM, docker, etc)\n  # If you set up the outputs you can use them here\n  output:\n    name: A job to echo versionist's outputs\n    needs: versionist\n    if: needs.versionist.outputs.updated == 'true'\n    runs-on: ubuntu-latest\n    steps:\n    - name: Echo version number\n      run: echo \"Version is ${{ needs.versionist.outputs.version }}\"\n    - name: Echo updated\n      run: echo \"Updated is ${{ needs.versionist.outputs.updated }}\"\n\n```\n\n### Tagging commits\n\nIf you want to trigger the workflow you only need to include a `Change-type: patch | minor | major` footer tag in a commit's comments. Note that at least one commit needs to contain the `Change-type` footer tag, otherwise the workflow will exit.\n\n A commit example:\n\n```\nfeature: Fixed a bug with xyz\n\nChange-type: patch\n```\n\n### Branch protection\n\nCurrently it's not possible to use versionist on branches that have branch protection enabled. It might be possible to do so if the repository is part of an organization and not a personal one, but I haven't tested it yet. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftmigone%2Fversionist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftmigone%2Fversionist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftmigone%2Fversionist/lists"}