{"id":45460344,"url":"https://github.com/urmzd/embed-src","last_synced_at":"2026-04-06T16:04:12.052Z","repository":{"id":64462948,"uuid":"570707272","full_name":"urmzd/embed-src","owner":"urmzd","description":"A GitHub Action that automatically syncs code snippets in markdown files with source code, keeping documentation fresh during CI/CD and reducing manual update overhead.","archived":false,"fork":false,"pushed_at":"2026-04-02T13:57:42.000Z","size":480,"stargazers_count":1,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-03T04:53:32.689Z","etag":null,"topics":["automation","ci-cd","code-embedding","developer-tools","docker","documentation","embed","github-actions","markdown","semver"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/urmzd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2022-11-25T22:07:46.000Z","updated_at":"2026-04-02T13:57:48.000Z","dependencies_parsed_at":"2023-01-05T03:32:36.042Z","dependency_job_id":"c1552b29-662c-4d20-9ea4-ace43125e090","html_url":"https://github.com/urmzd/embed-src","commit_stats":{"total_commits":18,"total_committers":2,"mean_commits":9.0,"dds":"0.11111111111111116","last_synced_commit":"14ccfff7c181772efb8544a4e6b8150adbec119f"},"previous_names":["urmzd/embed-it","urmzd/embed-md"],"tags_count":38,"template":false,"template_full_name":null,"purl":"pkg:github/urmzd/embed-src","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urmzd%2Fembed-src","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urmzd%2Fembed-src/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urmzd%2Fembed-src/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urmzd%2Fembed-src/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/urmzd","download_url":"https://codeload.github.com/urmzd/embed-src/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/urmzd%2Fembed-src/sbom","scorecard":{"id":912048,"data":{"date":"2025-08-11","repo":{"name":"github.com/urmzd/embed-md","commit":"e66e12ae72e200abb74d83b6d8f0ceacab768ec6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/cd.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/urmzd/embed-md/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/urmzd/embed-md/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/urmzd/embed-md/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/urmzd/embed-md/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/urmzd/embed-md/ci.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:latest to node:latest@sha256:d2b6b5aedb5b729f68ee1129e0f5a5d4713d93f82448249e82241876d8e8d86e","Warn: npmCommand not pinned by hash: Dockerfile:3","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   2 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T19:34:17.427Z","repository_id":64462948,"created_at":"2025-08-24T19:34:17.428Z","updated_at":"2025-08-24T19:34:17.428Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31479006,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T14:34:32.243Z","status":"ssl_error","status_checked_at":"2026-04-06T14:34:31.723Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","ci-cd","code-embedding","developer-tools","docker","documentation","embed","github-actions","markdown","semver"],"created_at":"2026-02-22T07:23:03.840Z","updated_at":"2026-04-06T16:04:12.002Z","avatar_url":"https://github.com/urmzd.png","language":"Rust","readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003eembed-src\u003c/h1\u003e\n  \u003cp align=\"center\"\u003e\n    Embed source files into any text file using comment markers.\n    \u003cbr /\u003e\u003cbr /\u003e\n    \u003ca href=\"https://github.com/urmzd/embed-src/releases\"\u003eDownload\u003c/a\u003e\n    \u0026middot;\n    \u003ca href=\"https://github.com/urmzd/embed-src/issues\"\u003eReport Bug\u003c/a\u003e\n    \u0026middot;\n    \u003ca href=\"https://github.com/urmzd/embed-src/blob/main/action.yml\"\u003eGitHub Action\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/urmzd/embed-src/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/urmzd/embed-src/actions/workflows/ci.yml/badge.svg\" alt=\"CI\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://crates.io/crates/embed-src\"\u003e\u003cimg src=\"https://img.shields.io/crates/v/embed-src\" alt=\"crates.io\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Showcase\n\n\u003ctable align=\"center\"\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eBefore\u003c/strong\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eAfter\u003c/strong\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cimg src=\"showcase/before.png\" alt=\"README with empty embed-src markers\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cimg src=\"showcase/showcase.png\" alt=\"Running embed-src and the result\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n## Syntax\n\nPlace opening and closing markers in your file using whatever comment style is appropriate:\n\n**Markdown / HTML:**\n```markdown\n\u003c!-- embed-src src=\"path/to/config.yml\" --\u003e\n\u003c!-- /embed-src --\u003e\n```\n\n**Rust / JS / Go / C:**\n```rust\n// embed-src src=\"path/to/utils.py\"\n// /embed-src\n```\n\n**Python / Shell / YAML:**\n```python\n# embed-src src=\"path/to/setup.sh\"\n# /embed-src\n```\n\n**CSS:**\n```css\n/* embed-src src=\"path/to/theme.css\" */\n/* /embed-src */\n```\n\n**SQL / Lua:**\n```sql\n-- embed-src src=\"path/to/schema.sql\"\n-- /embed-src\n```\n\nWhen the tool runs, the content between the markers is replaced with the referenced file's contents.\n\n### Raw vs Fenced Insertion\n\nBy default, content is inserted **raw** (no wrapping). This works for any file type.\n\nTo wrap content in markdown code fences, use the `fence` attribute:\n\n| Attribute | Behavior |\n|-----------|----------|\n| *(none)* | Raw insertion |\n| `fence` | Code fence with auto-detected language |\n| `fence=\"auto\"` | Code fence with auto-detected language |\n| `fence=\"python\"` | Code fence with explicit language tag |\n\n**Example with fencing:**\n\n````markdown\n\u003c!-- embed-src src=\"path/to/config.yml\" fence=\"auto\" --\u003e\n```yaml\nserver:\n  host: localhost\n  port: 8080\n```\n\u003c!-- /embed-src --\u003e\n````\n\n- Paths are relative to the host file's directory.\n- The code fence language is inferred from the file extension when using `fence` or `fence=\"auto\"`.\n- Re-running is idempotent -- existing content between markers is replaced.\n\n## Features\n\n- **Any File Type**: Embed into markdown, YAML, Python, Rust, or any file with comments.\n- **Raw or Fenced**: Insert raw content by default, or wrap in code fences with `fence`.\n- **Custom Commit Options**: Personalize commit messages, author details, and push behavior.\n- **Dry-Run Mode**: Test embedding without creating commits.\n- **Seamless Integration**: Drop into any GitHub Actions workflow.\n\n## Installation\n\n### Script (macOS / Linux)\n\n```sh\ncurl -fsSL https://raw.githubusercontent.com/urmzd/embed-src/main/install.sh | sh\n```\n\nInstalls the latest release to `$HOME/.local/bin` and adds it to your shell's `PATH`.\n\n**Options (environment variables):**\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `EMBED_SRC_VERSION` | Version to install (e.g. `v3.1.1`) | latest |\n| `EMBED_SRC_INSTALL_DIR` | Installation directory | `$HOME/.local/bin` |\n\n**Example — pin a version:**\n```sh\nEMBED_SRC_VERSION=v3.1.1 curl -fsSL https://raw.githubusercontent.com/urmzd/embed-src/main/install.sh | sh\n```\n\n### Manual\n\nDownload a pre-built binary for your platform from the [releases page](https://github.com/urmzd/embed-src/releases/latest) and place it somewhere on your `PATH`.\n\n\u003e **Windows** — the script installer is not supported; use the manual download above.\n\n## Local Usage\n\nThe `embed-src` binary can also be used directly:\n\n```bash\n# Process files in place\nembed-src README.md docs/*.md\n\n# Check if files are up-to-date (CI mode)\nembed-src --verify README.md\n\n# Preview changes without writing\nembed-src --dry-run README.md\n```\n\n## Inputs\n\n| Name | Description | Required | Default |\n|------|-------------|----------|---------|\n| `files` | Space-separated list of files to process. | No | `README.md` |\n| `commit-message` | Commit message for the embedded changes. | No | `chore: embed source files` |\n| `commit-name` | Git committer name. | No | `github-actions[bot]` |\n| `commit-email` | Git committer email. | No | `github-actions[bot]@users.noreply.github.com` |\n| `commit-push` | Whether to push after committing. | No | `true` |\n| `commit-dry` | Skip the commit (dry-run mode). | No | `false` |\n| `github-token` | GitHub token for downloading the binary. | No | `${{ github.token }}` |\n\n## Usage\n\n### Basic\n\n\u003c!-- embed-src src=\"example.yml\" fence=\"auto\" --\u003e\n```yaml\nname: \"Example\"\n\non: [push]\n\njobs:\n  embed:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: write\n    steps:\n      - name: \"Checkout repo\"\n        uses: actions/checkout@v4\n      - name: \"Embed code into files\"\n        uses: urmzd/embed-src@v3\n        with:\n          files: \"README.md\"\n```\n\u003c!-- /embed-src --\u003e\n\n### Multiple Files\n\n```yaml\n- uses: urmzd/embed-src@v3\n  with:\n    files: \"README.md docs/API.md docs/GUIDE.md\"\n```\n\n### Dry Run (No Commit)\n\nUseful for CI validation -- embed the files and check for drift without committing:\n\n```yaml\n- uses: urmzd/embed-src@v3\n  with:\n    commit-dry: \"true\"\n    commit-push: \"false\"\n```\n\n## Troubleshooting\n\n**Action fails with \"nothing to commit\"**\nThis means no changes were needed. Ensure your files contain valid `embed-src` markers with `src=\"...\"` and corresponding `/embed-src` closing markers.\n\n**Permission denied on push**\nThe action needs `contents: write` permission. Add this to your job:\n```yaml\npermissions:\n  contents: write\n```\n\n**Files not being embedded**\nVerify the file paths in `files` are relative to the repository root and that the referenced source files exist.\n\n## Agent Skill\n\nThis project ships an [Agent Skill](https://github.com/vercel-labs/skills) for use with Claude Code, Cursor, and other compatible agents.\n\nAvailable as portable agent skills in [`skills/`](skills/).\n\nOnce installed, use `/embed-src` to embed source files into documents using comment markers.\n\n## Internal Use\n\nWe use Embed Src in our own CI/CD pipelines, ensuring our documentation is always synchronized with the latest code.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Furmzd%2Fembed-src","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Furmzd%2Fembed-src","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Furmzd%2Fembed-src/lists"}