{"id":16725261,"url":"https://github.com/unfor19/release-action","last_synced_at":"2026-04-16T07:31:40.114Z","repository":{"id":65162147,"uuid":"380520398","full_name":"unfor19/release-action","owner":"unfor19","description":"Build and Release in GitHub's ecosystem","archived":false,"fork":false,"pushed_at":"2021-07-09T08:39:17.000Z","size":192,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-20T05:55:31.816Z","etag":null,"topics":["action","actions","build","github","github-actions","go","golang","release-automation"],"latest_commit_sha":null,"homepage":"https://meirg.co.il","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/unfor19.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-26T14:22:56.000Z","updated_at":"2021-08-23T14:45:56.000Z","dependencies_parsed_at":"2023-01-04T12:39:05.656Z","dependency_job_id":null,"html_url":"https://github.com/unfor19/release-action","commit_stats":{"total_commits":218,"total_committers":1,"mean_commits":218.0,"dds":0.0,"last_synced_commit":"b146adb0432e23673982e9ac7e6522f464f18571"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/unfor19/release-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unfor19%2Frelease-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unfor19%2Frelease-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unfor19%2Frelease-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unfor19%2Frelease-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/unfor19","download_url":"https://codeload.github.com/unfor19/release-action/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/unfor19%2Frelease-action/sbom","scorecard":{"id":909573,"data":{"date":"2025-08-11","repo":{"name":"github.com/unfor19/release-action","commit":"b146adb0432e23673982e9ac7e6522f464f18571"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.6,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile.base:20","Warn: containerImage not pinned by hash: Dockerfile.base:41","Warn: containerImage not pinned by hash: golang/1.15/Dockerfile:1: pin your Docker image by updating ghcr.io/unfor19/release-action:golang-1.15 to ghcr.io/unfor19/release-action:golang-1.15@sha256:d843ed2c9bd8e2c061bae25a12513c4158a23513ef064eed09f18bcf71605bea","Warn: containerImage not pinned by hash: golang/1.16/Dockerfile:1: pin your Docker image by updating ghcr.io/unfor19/release-action:golang-1.16 to ghcr.io/unfor19/release-action:golang-1.16@sha256:fac7a2f2d2a783679885b8cdfd015028f7c262f8631f6a4f5b21a3928ce330f6","Warn: containerImage not pinned by hash: golang/1.17beta1/Dockerfile:1: pin your Docker image by updating ghcr.io/unfor19/release-action:golang-1.17beta1 to ghcr.io/unfor19/release-action:golang-1.17beta1@sha256:91e1ef20702f06bb088b47359b232abd6aadb67f086ab2efc4b60701d428a55d","Info:   0 out of   5 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"40 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0921 / GHSA-c72p-9xmj-rx3w","Warn: Project is vulnerable to: GO-2022-0938 / GHSA-c2h3-6mxw-7mvq","Warn: Project is vulnerable to: GO-2022-0360 / GHSA-5j5w-g665-5m35","Warn: Project is vulnerable to: GO-2022-0278 / GHSA-mvff-h3cj-wj9c","Warn: Project is vulnerable to: GO-2022-0344 / GHSA-crp2-qrr5-8pq7","Warn: Project is vulnerable to: GO-2024-2846 / GHSA-c9cp-9c75-9v8c","Warn: Project is vulnerable to: GO-2022-0482 / GHSA-5ffw-gxpp-mxpf","Warn: Project is vulnerable to: GO-2022-1147 / GHSA-2qjp-425j-52j9","Warn: Project is vulnerable to: GO-2023-1573 / GHSA-259w-8hf6-59c2","Warn: Project is vulnerable to: GO-2023-1574 / GHSA-hmfx-3pcx-653p","Warn: Project is vulnerable to: GO-2023-2412 / GHSA-7ww5-4wqc-m92c","Warn: Project is vulnerable to: GO-2025-3528 / GHSA-265r-hfxg-fhmg","Warn: Project is vulnerable to: GO-2024-2500 / GHSA-3fwx-pjgw-3558","Warn: Project is vulnerable to: GO-2024-2913 / GHSA-v994-f8vw-g7j4","Warn: Project is vulnerable to: GO-2024-2914 / GHSA-xmmx-7jpf-fx42","Warn: Project is vulnerable to: GO-2022-0390 / GHSA-2mm7-x5h6-5pvq","Warn: Project is vulnerable to: GO-2022-0985 / GHSA-rc4r-wh2q-q6c4","Warn: Project is vulnerable to: GO-2022-1107 / GHSA-vp35-85q5-9f25","Warn: Project is vulnerable to: GO-2023-1699 / GHSA-232p-vwff-86mp","Warn: Project is vulnerable to: GO-2023-1700 / GHSA-33pg-m6jh-5237","Warn: Project is vulnerable to: GO-2023-1701 / GHSA-6wrf-mxfj-pf5p","Warn: Project is vulnerable to: GHSA-jq35-85cj-fj4p","Warn: Project is vulnerable to: GHSA-mq39-4gv4-mvpx","Warn: Project is vulnerable to: GO-2024-3005 / GHSA-v23v-6jw2-98fq","Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2022-0288","Warn: Project is vulnerable to: GO-2022-0969 / GHSA-69cg-p879-7622","Warn: Project is vulnerable to: GO-2022-1144 / GHSA-xrjj-mj9h-534m","Warn: Project is vulnerable to: GO-2023-1571 / GHSA-vvpx-j8f3-3w6h","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0493 / GHSA-p782-xgp4-8hr8","Warn: Project is vulnerable to: GO-2024-2611 / GHSA-8r3f-844c-mc37","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T18:37:34.792Z","repository_id":65162147,"created_at":"2025-08-24T18:37:34.793Z","updated_at":"2025-08-24T18:37:34.793Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31876326,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"online","status_checked_at":"2026-04-16T02:00:06.042Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","actions","build","github","github-actions","go","golang","release-automation"],"created_at":"2024-10-12T22:48:33.920Z","updated_at":"2026-04-16T07:31:40.086Z","avatar_url":"https://github.com/unfor19.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# release-action\n\n[![Release-Test](https://github.com/unfor19/release-action-test/actions/workflows/go-release.yml/badge.svg)](https://github.com/unfor19/release-action-test/actions/workflows/go-release.yml)\n\nThis action is tested in [unfor19/release-action-test](https://github.com/unfor19/release-action-test)\n\n## Supported Languages\n\n- [Golang](https://golang.org/)\n- TODO: node\n- TODO: python\n- TODO: docker (tar.gz)\n- TODO: java\n- TODO: rust\n\n## Example Workflow\n\nThis workflow can build any Golang application, tested on [golang-example](https://github.com/unfor19/release-action-test/tree/master/golang), [terraform](https://github.com/hashicorp/terraform) and [gin-tonic](https://github.com/gin-gonic/gin).\n\n```yaml\nname: Release-Test\n\non:\n  push:\n    branches:\n      - master # creates a pre-release\n  release:\n    types:\n      - released # does not include pre-release\n  workflow_dispatch:\n    inputs:\n      branch:\n        description: \"Branch to set as prerelease\"\n        required: false\n        default: \"master\"\n\njobs:\n  test:\n    name: Test\n    runs-on: ubuntu-20.04\n    steps:\n      - uses: actions/checkout@master\n      - name: Cache Go Build\n        id: cache-go-build\n        uses: actions/cache@v2\n        with:\n          path: |\n            .cache-go-build\n          key: ${{ runner.os }}-go-build-test-${{ hashFiles('**/go.sum') }}-app-v2\n          restore-keys: |\n            ${{ runner.os }}-go-build-test-${{ hashFiles('**/go.sum') }}-app-v2\n      - name: Cache Go Modules\n        id: cache-go-modules\n        uses: actions/cache@v2\n        with:\n          path: |\n            .cache-modules\n          key: ${{ runner.os }}-go-modules-test-${{ hashFiles('**/go.sum') }}-app-v2\n          restore-keys: |\n            ${{ runner.os }}-go-modules-test-${{ hashFiles('**/go.sum') }}-app-v2\n      - name: Get Dependencies\n        if: steps.cache-go-modules.outputs.cache-hit != 'true'\n        uses: unfor19/release-action/golang/1.16@master\n        with:\n          action: dependencies\n          src-dir: golang\n          project-name: app\n      - name: Go Test\n        uses: unfor19/release-action/golang/1.16@master\n        with:\n          action: test\n          src-dir: golang\n          project-name: app\n      - name: Upload Test Results As Artifact\n        uses: actions/upload-artifact@v2\n        if: always()\n        with:\n          name: test_report\n          path: test_report.html\n  release:\n    name: Release\n    runs-on: ubuntu-20.04\n    needs:\n      - test\n    strategy:\n      matrix:\n        include:\n          - GOARCH: \"amd64\"\n            GOOS: \"linux\"\n          - GOARCH: \"386\"\n            GOOS: \"linux\"\n          - GOARCH: \"arm64\"\n            GOOS: \"linux\"\n          - GOARCH: \"amd64\"\n            GOOS: \"darwin\"\n          - GOARCH: \"amd64\"\n            GOOS: \"windows\"\n    env:\n      GOOS: ${{ matrix.GOOS }}\n      GOARCH: ${{ matrix.GOARCH }}\n    steps:\n      - uses: actions/checkout@master\n      - name: Cache Go Build\n        id: cache-go-build\n        uses: actions/cache@v2\n        with:\n          path: |\n            .cache-go-build\n          key: ${{ runner.os }}-go-build-${{ matrix.GOOS }}-${{ matrix.GOARCH }}-${{ hashFiles('**/go.sum') }}-app-v2\n          restore-keys: |\n            ${{ runner.os }}-go-build-${{ matrix.GOOS }}-${{ matrix.GOARCH }}-${{ hashFiles('**/go.sum') }}-app-v2\n      - name: Cache Go Modules\n        id: cache-go-modules\n        uses: actions/cache@v2\n        with:\n          path: |\n            .cache-modules\n          key: ${{ runner.os }}-go-modules-${{ matrix.GOOS }}-${{ matrix.GOARCH }}-${{ hashFiles('**/go.sum') }}-app-v2\n          restore-keys: |\n            ${{ runner.os }}-go-modules-${{ matrix.GOOS }}-${{ matrix.GOARCH }}-${{ hashFiles('**/go.sum') }}-app-v2\n      - name: Get Dependencies\n        if: steps.cache-go-modules.outputs.cache-hit != 'true'\n        uses: unfor19/release-action/golang/1.16@master\n        with:\n          action: dependencies\n          src-dir: golang\n          project-name: app\n      - name: Go Build\n        uses: unfor19/release-action/golang/1.16@master\n        with:\n          action: build\n          src-dir: golang\n          project-name: app\n      - name: Release\n        uses: unfor19/release-action/golang/1.16@master\n        with:\n          action: release\n          src-dir: golang\n          project-name: app\n          gh-token: ${{ secrets.GH_TOKEN }}\n```\n\n## Actions\n\nExpand to see a full description and behavior of each action.\n\n\u003cdetails\u003e\n\n\u003csummary\u003eExpand/Collapse\u003c/summary\u003e\n\n### Dependencies\n\n#### Input\n\n```yaml\nwith:\n  action: dependencies\n```\n\n#### Description\n\nDownloads and installs dependencies. Supports using the official [cache](https://github.com/actions/cache). This step is skipped if there's a cache hit.\n\n### Build\n\n#### Input\n\n```yaml\nwith:\n  action: build\n  build-script-path: \"\"\n```\n\n#### Description\n\nBuilds the artifacts. Supports using the official [cache](https://github.com/actions/cache). The caching mechanism decreases the build time significantly (tested in Golang).\n\n#### Behavior\n\nAttempts to find `build-script-path`, if the file exists it will be executed. If the file does not exist, this action will use a default build process.\n\nAn example for a build script in Golang\n\n```bash\n#!/bin/bash\ncd ./golang || exit 1\n\nif [[ \"$GOOS\" = \"windows\" ]]; then\n    _EXT=\".exe\"\nfi\n\ngo build -o \"app${_EXT}\"\n```\n\n#### Test\n\n#### Input\n\n```yaml\nwith:\n  action: test\n```\n\n#### Description\n\nExecutes tests\n\n#### Behavior\n\nFor Golang, this action runs `go test ./... -v`.\n\n#### Release\n\n#### Input\n\n```yaml\nwith:\n  action: release\n  gh-token: ${{ secrets.GH_TOKEN }}\n```\n\n#### Description\n\nAutomatically upload release assets upon `git push` event. Also updates a newly created release by uploading assets to the release.\n\n#### Behavior\n\n - On Release `released` - created a new release\n    1. Checks if release has assets, if not continue\n    2. Uploads build artifacts as release assets, including md5 checksum `.txt` per asset\n - On Push to `master` - pushed to main branch\n    1. Checks latest published release, for example `1.0.0rc1`\n    2. Saves the value of the bumped latest current release, for example `1.0.0rc2`\n    3. Checks if the bumped release version exists as a pre-release, if not creates a pre-release, for example `1.0.0rc2`\n    4. Checks if artifacts exist in the pre-release, if yes delete them. The deletion process runs per job, so linux-amd64 will delete its exsiting artifacts, same goes for the job darwin-amd64, and so on.\n    5. Uploads artifacts as assets to the pre-release, for example `app_1.0.0rc2_linux_amd64`, `app_0.0.3rc2_linux_amd64_sha256.txt`, `app_1.0.0rc2_darwin_amd64`, `app_1.0.0rc2_darwin_amd64_sha256.txt`, etc.\n    6. Syncs release tag with the current commit, so the source code files `.zip` and `.tgz` match the release's commit SHA.\u003cbr\u003e\n       **Known Caveat**: Release timestamp is not updated when pushing artifacts\n\n\u003c/details\u003e\n\n## Authors\n\nCreated and maintained by [Meir Gabay](https://github.com/unfor19)\n\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](https://github.com/unfor19/release-action/blob/master/LICENSE) file for details","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funfor19%2Frelease-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Funfor19%2Frelease-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Funfor19%2Frelease-action/lists"}