Skip to content
/ commit-action Public

GitHub Action to push changes to remote branches by GitHub API. You can create verified commits using GitHub App.

License

MIT license
15 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

suzuki-shunsuke/commit-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

178 Commits
.github/workflows
.github/workflows
 
 
aqua
aqua
 
 
js
js
 
 
.node-version
.node-version
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yaml
action.yaml
 
 
renovate.json5
renovate.json5
 
 

Repository files navigation

commit-action

License | action.yaml

commit-action is a GitHub Action to push changes to remote branches by GitHub API. You can create verified commits using GitHub App.

image

Blog posts

Why Use commit-action?

Unlike similar actions, commit-action creates and pushes commits by GitHub API instead of Git commands. So you can create verified commits using GitHub Actions token ${{github.token}} or a GitHub App installation access token.

Commit signing is so important for security.

https://docs.github.com/en/authentication/managing-commit-signature-verification

To create verified commits using Git, a GPG key or SSH key is required. It's bothersome to manage GPG keys and SSH keys properly for automation, so it's awesome that commit-action can create verified commits without them.

GitHub Access Token

You can use the following things:

  • 👍 GitHub App Installation access token: We recommend this
  • 👎 GitHub Personal Access Token: This can't create verified commits
  • 👎 ${{secrets.GITHUB_TOKEN}}: This can't trigger new workflow runs.

https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.

Required permissions

contents:write is required. Furthermore, if you want to fix workflow files, workflows:write is also required.

How To Use

commit-action is so easy to use. All inputs are optional.

You only need to run commit-action after fixing code in workflows. Then it creates and pushes a commit to a remote branch.

name: Example
on:
  pull_request: {}
jobs:
  example:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false

      # Fix files
      # ...

      - name: Push changes to the remote branch
        uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7

commit-action fails if it pushes a commit to ${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}} in $GITHUB_REPOSITORY. If no change is pushed, commit-action does nothing and exits successfully.

branch, repository

By default, commit-action pushes a commit to ${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}} in $GITHUB_REPOSITORY, but you can change them.

- uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7
  with:
    branch: foo
    repository: suzuki-shunsuke/tfcmt

parent branch

If a new branch is created, the parent branch is the default branch by default. You can specify the paretn branch.

- uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7
  with:
    branch: foo-2
    parent_branch: foo

GitHub Access token

${{github.token}} is used by default, but we don't recommend it because ${{github.token}} doesn't trigger a new workflow run. We recommend GitHub App installation access tokens. You can create a GitHub App installation access token and pass it to commit-action yourself, but you can also pass a pair of GitHub App ID and private key. Then commit-action creates a GitHub App installation access token with minimum repositories and permissions.

- uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7
  with:
    app_id: ${{secrets.APP_ID}}
    app_private_key: ${{secrets.APP_PRIVATE_KEY}}

files

commit-action commits all created, updated, and deleted files by default, but you can also commit only specific files. And you can also change the commit message.

- uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7
  with:
    commit_message: "style: format code"
    files: |
      README.md
      package-lock.json

Fix workflow files

If you want to fix workflow files, the permission workflows:write is required. The input workflow changes the behaviour when workflow files are changed. The input is used if app_id and app_private_key are passed. The following values are available:

  1. allow (default) - Grant workflows:write permission when issuing an access token
  2. deny - Fail if workflow files are changed
  3. ignore - Ignore workflow files
- uses: suzuki-shunsuke/commit-action@cc96d3a3fd959d05e9b79ca395eb30b835aeba24 # v0.0.7
  with:
    workflow: ignore # allow (default), deny

Available versions

commit-action's main branch and feature branches don't work. Please see the document.

About

GitHub Action to push changes to remote branches by GitHub API. You can create verified commits using GitHub App.

Topics

oss github-actions

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 11

v0.0.10 Latest
Aug 8, 2025
+ 10 releases

Packages

No packages published

Contributors 3

Languages