npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@pirafrank/github-commit-sign

v0.1.4

Published

Simple GitHub client to make signed commits via their GraphQL APIs

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

pirafrankpirafrank

Keywords

gitgithubgraphqlclientcommitsignedsign

Readme

GitHub Commit Sign

A thin wrapper to perform signed commits to a GitHub repository through their GraphQL APIs. Useful to create signed commits in CI/CD environments.

Offered as node module and CLI tool.

Why

  • Commit changes to a GitHub repository without cloning it locally
  • By using the GitHub GraphQL API, we can commit multiple changes at once
  • By using GitHub APIs, we can implicitly sign commits via web-flow signing, like vscode.dev does

Use cases

  • Automate the process of committing file additions, changes, or deletions to a GitHub repository without cloning it locally
  • Integrate with existing CI/CD pipelines perform signed commits on behalf of the pipeline, without hard-to-setup GPG config
  • Avoid storing private SSH keys in CI/CD environments (only the GITHUB_TOKEN is needed and can be easily saved as secret string passed as environment variable at pipeline runtime)
  • you name it...

I have actually written this to get signed commits in GitHub Actions running here.

⚠️ Before you start

  • GITHUB_TOKEN must be set as environment variable. It must have write access to the repository you want to commit to
  • Changed (or new) files must exist locally
    • for practial reasons, those files must have the same file name and file path as the ones in the repository you are replacing with your commit (or the same file name and file path you want them to have in the repository)
  • Deleted files may not exist locally, and their path may just be provided as argument
  • GraphQL APIs are not meant to be used to push a lot of code! If that is your case, please consider using a local clone and git.

Requirements

  • Node.js (18+)
  • A GitHub token with the repo scope.
    • The token must be set in the environment variable called GITHUB_TOKEN.

Note: in GitHub Actions the GITHUB_TOKEN is automatically generated per each run and is available as an environment variable. More info here.

Installation

npm install

CLI

Usage examples

export GITHUB_TOKEN='your_github_token_here'
node github.js commit \
  --owner yourname \
  --repo some_repo_of_yours \
  --branch main \
  --added .gitignore \
  --commitMessage 'added .gitignore'
export GITHUB_TOKEN='your_github_token_here'
node github.js commit \
  --owner yourname \
  --repo some_repo_of_yours \
  --branch main \
  --deleted .gitignore \
  --commitMessage 'remove .gitignore'

Multi-file commit is also possible:

  • --changed and --deleted may have multiple file paths, as a single string with space-separated values, or by repeating the option per each file path. All file paths must be relative to the repository root.
export GITHUB_TOKEN='your_github_token_here'
node github.js commit \
  --owner yourname \
  --repo some_repo_of_yours \
  --branch main \
  --changed 'some_dir/some_file.txt' 'some_other_dir/some_other_file.txt' \
  --deleted 'some_dir/delete_me.txt' \
  --deleted 'some_dir/subdir/delete_me_too.txt' \
  --commitMessage 'stuff'

Use --help for a full list of available commands and options.

npm module

The module exports the following functions:

  • createCommitOnBranch
  • checkIfBranchExists
  • getShaOfParentCommit

Before using any of them, you must call the init function with the GITHUB_TOKEN and the GitHub GraphQL URL as arguments.

init("your_github_token_here", "https://api.github.com/graphql");

If called without arguments, it will use the GITHUB_TOKEN and GITHUB_GRAPHQL_URL environment variables.

init();

Please refer to index.js for the function signatures.

GitHub Action usage

You can use this module as a GitHub Action. It is a Docker-based action.

Print help

    # Print help
    - name: Print help
      uses: pirafrank/github-commit-sign@v0
      with:
        args: "--help"

Commit changes

Requirements when running in a GitHub Actions workflow:

  • --changed and --deleted may have multiple file paths, as a single string with space-separated values, or by repeating the option per each file path. All file paths must be relative to the repository root.
  • GITHUB_TOKEN must be set in the environment variables with write access to the repository. Go to Repository Settings > Actions > General > Workflow permissions, and set Read and write permissions.

To commit to other repositories, you may need to override the default GITHUB_TOKEN with a personal access token with the repo scope. Go to Profile > Settings > Developer settings > Personal access tokens > Token (classic), and Generate new token (classic) with the full-control over repo scope. Tip: store the generated token in repository secrets.

    # Commit changes...
    - name: Commit changes
      id: commit_changes
      uses: pirafrank/github-commit-sign@v0
      if: ${{ vars.RUN_COMMIT_CHANGES == 'true' }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        args: "commit --owner=${{ github.repository_owner }} --repo=${{ github.event.repository.name }} --branch=${{ github.ref_name }} --commitMessage='this is a webflow signed commit' --changed new.txt dummy/subdir/changed.txt --deleted dummy/delete_me.txt another_deleted.txt"
    # ...then use output details in another step
    - name: Print git commit output
      if: ${{ vars.RUN_COMMIT_CHANGES == 'true' }}
      run: |
        echo "Run command: ${{ steps.commit_changes.outputs.command }}"
        echo "Commit URL: ${{ steps.commit_changes.outputs.commitUrl }}"

Tip: you may create the strings with the list of added and changed files from a previous step in your workflow.

Other commands

The action accepts the same commands you can provied to the CLI. Pass them as a single string to the args input.

Tests

Create a .env file with your repo-scoped GITHUB_TOKEN, then run:

npm test

License

MIT