gh-pages-action is a GitHub Action to publish GitHub Pages. You can create verified commits using GitHub App.
Unlike similar actions, gh-pages-action creates and pushes commits by GitHub API instead of Git commands.
So you can create verified commits using GitHub Actions token ${{github.token}} or a GitHub App installation access token.
Commit signing is so important for security.
https://docs.github.com/en/authentication/managing-commit-signature-verification
To create verified commits using Git, a GPG key or SSH key is required. It's bothersome to manage GPG keys and SSH keys properly for automation, so it's awesome that gh-pages-action can create verified commits without them.
You can use the following things:
${{secrets.GITHUB_TOKEN}}: This can't trigger new workflow runs.- GitHub App Installation access token
- 👎 GitHub Personal Access Token: This can't create verified commits
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
contents:write is required.
name: Example
on:
pull_request: {}
jobs:
example:
runs-on: ubuntu-24.04
permissions:
contents: write # To create commits
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
# Build GitHub Pages
# ...
- name: Push changes to the remote branch
uses: suzuki-shunsuke/gh-pages-action@6229a3f8d89389da5c234aab3b37ba51a7fee3f6 # v0.0.1
with:
publish_dir: build
destination_dir: docs${{github.token}} is used by default.
You can also pass a GitHub access token or a pair of GitHub App ID and private key.
- uses: suzuki-shunsuke/gh-pages-action@6229a3f8d89389da5c234aab3b37ba51a7fee3f6 # v0.0.1
with:
app_id: ${{secrets.APP_ID}}
app_private_key: ${{secrets.APP_PRIVATE_KEY}}