Skip to content

Releases: vig-os/commit-action

v0.2.0

24 Mar 14:12
@c-vigo c-vigo
Immutable release. Only release title and notes can be modified.
v0.2.0
This tag was signed with the committer’s verified signature.
c-vigo Carlos Vigo
SSH Key Fingerprint: hYyNbKU/0AYqau9PS9I0tQzjkp1tAEO6qJIfWz01YCQ
Verified
Learn about vigilant mode.
1bc0043
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.0 Latest
Latest

Added

  • Bounded retry with exponential backoff for transient GitHub API failures (404, 5xx, 429, and 403 when the error message indicates rate limit or abuse), configurable via MAX_ATTEMPTS and CommitOptions (maxAttempts, logger, optional baseDelayMs / maxDelayMs); new retry module helpers isTransientError, classifyError, calculateDelay, and withRetry (issue #20).
  • Efficient multi-file commits via GitHub createTree inline content for text files (blobs created server-side), createBlob only for binary files (NUL detected in the first 8 KiB), and chained createTree requests in chunks of TREE_ENTRY_CHUNK_SIZE (100) entries for very large change sets and payload limits (issue #19).

Changed

  • README Action example uses a tagged release (@v0.1.5) instead of @main for reproducibility; unreleased behavior remains documented in the same section.
  • Exported helpers for library use: isBinaryFile, getFileMode, and TREE_ENTRY_CHUNK_SIZE from commit.ts.
  • Binary blob creation is now sequential instead of concurrent to avoid secondary rate-limit bursts.

Fixed

  • withRetry could surface undefined when maxAttempts was non-positive or non-finite; values are now normalized to at least one attempt.
  • HTTP-like error detection for retries now requires status to be a number (avoids misclassifying odd error shapes).
  • Non-UTF-8 text fallback in createTree delegates to createBlob() so blob behavior stays consistent.
  • isBinaryFile false positives when readSync returns fewer bytes than requested (zero-filled buffer tail).
  • Silent data corruption for non-UTF-8 text files by validating with TextDecoder({ fatal: true }) and falling back to createBlob.
Assets 3
Loading

v0.1.5

13 Mar 09:31
@c-vigo c-vigo
Immutable release. Only release title and notes can be modified.
v0.1.5
This tag was signed with the committer’s verified signature.
c-vigo Carlos Vigo
SSH Key Fingerprint: hYyNbKU/0AYqau9PS9I0tQzjkp1tAEO6qJIfWz01YCQ
Verified
Learn about vigilant mode.
c0024cb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.5

Fixed

  • Excluded .git metadata paths during FILE_PATHS directory expansion to prevent malformed Git tree paths (issue #15).
Loading

v0.1.4

11 Mar 17:44
@c-vigo c-vigo
Immutable release. Only release title and notes can be modified.
v0.1.4
This tag was signed with the committer’s verified signature.
c-vigo Carlos Vigo
SSH Key Fingerprint: hYyNbKU/0AYqau9PS9I0tQzjkp1tAEO6qJIfWz01YCQ
Verified
Learn about vigilant mode.
e7dc876
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.4

Added

  • Added ALLOW_EMPTY environment variable support to allow creating signed empty commits when no file changes are detected
  • Added unit test coverage for empty commit behavior in commitViaAPI() and commit-runner flow handling

Changed

  • Updated npm dependency overrides to force patched minimatch versions across transitive dependency trees.
  • Updated commitViaAPI() to support empty commits by reusing the parent tree SHA when ALLOW_EMPTY=true
  • Updated runner behavior to preserve default no-op behavior when no files are detected, unless ALLOW_EMPTY=true
  • Updated README usage examples and environment variable documentation for ALLOW_EMPTY
  • Replaced process.exit(0) with early return in runner for improved testability

Fixed

  • Fixed missing ALLOW_EMPTY in commit-runner environment variable documentation

Security

  • Fixed minimatch ReDoS vulnerabilities (CVE-2026-27903 / GHSA-7r86-cg39-jmmj) by pinning safe transitive versions via npm overrides.
Loading

Commit Action v0.1.3 - Patch Release

28 Jan 08:14
@c-vigo c-vigo
Immutable release. Only release title and notes can be modified.
v0.1.3
b70c2d8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Commit Action v0.1.3 - Patch Release
Marketplace
Marketplace

Commit Action v0.1.3 - Feature + Security Update

Release Date: January 28, 2026

Overview

This release improves branch targeting reliability (especially on protected branches / rulesets), adds branch normalization, ships new regression tests, and includes a security dependency fix.

What's New

Branch Targeting Improvements (New Feature)

  • Added TARGET_BRANCH environment variable: A new preferred environment variable that allows you to explicitly specify the target branch (e.g., refs/heads/main), avoiding conflicts with GitHub Actions' built-in GITHUB_REF variable
  • Branch normalization: Added comprehensive branch reference normalization that handles various Git reference formats (refs/heads/, refs/tags/, plain branch names)
  • Exported branch resolution functions: Made normalizeBranch() and resolveBranch() available as exported functions for better testability and reusability

What's Fixed

Testing & Reliability

  • Fixed Jest ESM module resolution: Added manual mock for @actions/github to resolve ESM module resolution issues in unit tests
  • Added comprehensive test coverage: Created dedicated test suite (commit-runner.test.ts) with 17 new test cases covering branch normalization and resolution logic
  • Fixed bundling compatibility: Downgraded @actions/github from v9.0.0 to v6.0.1 to ensure compatibility with ncc bundler (v9.0.0 is ESM-only and incompatible with CommonJS bundlers)

Security

  • Fixed undici vulnerability: Added npm package overrides to force @actions/http-client@3.0.2 and undici@6.23.0, resolving moderate severity vulnerability (CVE affecting undici <6.23.0)

Documentation Improvements

  • Enhanced README: Added TARGET_BRANCH documentation with usage examples and explanation of branch resolution priority
  • Updated CHANGELOG: Documented all changes in the Unreleased section

Installation

As a GitHub Action

- name: Commit and push changes via API
  uses: vig-os/commit-action@v0.1.3
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    GITHUB_REPOSITORY: ${{ github.repository }}
    TARGET_BRANCH: refs/heads/main  # Preferred: avoids conflicts
    COMMIT_MESSAGE: "chore: update files"
    FILE_PATHS: "docs,README.md"

Upgrade from v0.1.1

Simply update the version reference in your workflow files:

- uses: vig-os/commit-action@v0.1.1
+ uses: vig-os/commit-action@v0.1.3

Breaking Changes

None. This release is fully backward compatible. Existing workflows using GITHUB_REF will continue to work exactly as before. TARGET_BRANCH is an additive feature that provides better reliability.

Migration Guide

No migration required. This release is fully backward compatible with v0.1.1.

Optional: If you've experienced issues where commits went to the wrong branch (e.g., workflow runs on dev but you want to commit to main), you can now use TARGET_BRANCH:

env:
  TARGET_BRANCH: refs/heads/main  # Explicitly target main branch

Technical Details

  • Runtime: Node.js 20
  • Language: TypeScript 5.3+
  • License: MIT
  • Dependencies:
    • @actions/core@^1.10.1
    • @actions/github@^6.0.1 (downgraded from v9.0.0 for bundler compatibility)
  • Security: All npm audit vulnerabilities resolved

Full Changelog

See CHANGELOG.md for detailed changes.

Links

Full Changelog: v0.1.1...v0.1.3

Loading

v0.1.1

19 Dec 07:57
@c-vigo c-vigo
Immutable release. Only release title and notes can be modified.
v0.1.1
bc656af
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.1
Marketplace
Marketplace

Commit Action v0.1.1 - Patch Release

Release Date: December 19, 2025

Overview

This patch release fixes a critical issue that prevented the action from executing properly and includes documentation improvements for better usability.

What's Fixed

Critical Bug Fix

  • Fixed action execution - Resolved issue preventing the action from running by properly bundling code and updating .gitignore to exclude the dist directory. The bundled distribution files are now included in the repository, ensuring the action can execute when used as a GitHub Action.

Documentation Improvements

  • Enhanced README - Added repository and organization links for better visibility and discoverability
  • Updated usage examples - Updated README usage example to reference the specific action version (vig-os/commit-action@v0.1.1)
  • Improved pull request template - Updated testing instructions to use npm test instead of Makefile commands for consistency with JavaScript projects
  • Streamlined testing checklist - Removed outdated test options (image tests, integration tests, registry tests) from pull request template

Installation

As a GitHub Action

Update your workflow to use the new version:

- name: Commit and push changes via API
  uses: vig-os/commit-action@v0.1.1
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    GITHUB_REPOSITORY: ${{ github.repository }}
    GITHUB_REF: refs/heads/main
    COMMIT_MESSAGE: "chore: update files"
    FILE_PATHS: "docs,README.md"

Upgrade from v0.1.0

Simply update the version reference in your workflow files:

- uses: vig-os/commit-action@v0.1.0
+ uses: vig-os/commit-action@v0.1.1

Breaking Changes

None. This is a patch release with bug fixes and documentation improvements only.

Migration Guide

No migration required. This release is fully backward compatible with v0.1.0. Simply update the version tag in your workflows to benefit from the bug fix.

Full Changelog

See CHANGELOG.md for detailed changes.

Links

Technical Details

  • Runtime: Node.js 20
  • Language: TypeScript 5.3+
  • License: MIT
  • Dependencies: @actions/core, @actions/github

Full Changelog: v0.1.0...v0.1.1

Loading

v1.0.0

19 Dec 07:09
@c-vigo c-vigo
Immutable release. Only release title and notes can be modified.
v0.1.0
9d06bac
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0
Marketplace
Marketplace

Commit Action v0.1.0 - Initial Release

Release Date: December 19, 2025

Overview

Initial release of Commit Action, a GitHub Action that enables automated commits via the GitHub API. This action creates automatically signed commits and can bypass repository rulesets and branch protection rules, making it perfect for CI/CD pipelines and automated workflows.

What's New

Core Features

  • Automatically Signed Commits - All commits created via GitHub API are automatically signed by GitHub, eliminating the need for GPG key setup
  • Ruleset Bypass - Uses GitHub API instead of traditional git push, allowing commits to bypass branch protection rules and repository rulesets
  • Modular Design - Use as a GitHub Action, CLI tool, or import as a TypeScript module
  • Type-Safe - Built with TypeScript for full type safety and excellent developer experience
  • Well Tested - Comprehensive unit test coverage with Jest

Key Capabilities

  • Flexible File Input - Support for individual files, directories, or automatic detection from git status
  • Directory Expansion - Automatically expands directory paths to individual files
  • File Permissions - Preserves executable permissions for scripts and binaries
  • Base64 Encoding - Binary-safe file content transfer
  • Environment Configuration - Simple setup via environment variables

Installation

As a GitHub Action

Add this to your workflow:

- name: Commit and push changes via API
  uses: vig-os/commit-action@v0.1.0
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    GITHUB_REPOSITORY: ${{ github.repository }}
    GITHUB_REF: refs/heads/main
    COMMIT_MESSAGE: "chore: update files"
    FILE_PATHS: "docs,README.md"

As a CLI Tool

npm install -g commit-action
npm run commit

As a Module

import { commitViaAPI } from 'commit-action';

const result = await commitViaAPI({
  token: 'your-token',
  owner: 'owner',
  repo: 'repo',
  branch: 'main',
  message: 'chore: update files',
  filePaths: ['file1.txt', 'file2.txt'],
});

Configuration

Required Environment Variables

  • GITHUB_TOKEN or GH_TOKEN - GitHub token (app token or personal access token)

Optional Environment Variables

  • GITHUB_REPOSITORY - Repository in format "owner/repo" (defaults to workflow context)
  • GITHUB_REF - Branch reference (e.g., "refs/heads/main", defaults to workflow context)
  • COMMIT_MESSAGE - Commit message (defaults to "chore: update files")
  • FILE_PATHS - Comma-separated list of file paths or directories (auto-detects from git status if not provided)
  • BASE_SHA - Optional base commit SHA (defaults to branch HEAD)

Use Cases

  • Automated Documentation Updates - Commit generated docs in CI/CD pipelines
  • Bot Commits - Allow bots to commit without bypassing branch protection
  • Synchronization Scripts - Keep repositories in sync automatically
  • Generated Content - Commit auto-generated reports, configs, or artifacts
  • Release Automation - Automate version bumps and changelog updates

Documentation

Links

Technical Details

  • Runtime: Node.js 20
  • Language: TypeScript 5.3+
  • License: MIT
  • Dependencies: @actions/core, @actions/github

Changelog

See CHANGELOG.md for detailed changes.

Contributing

Contributions are welcome! Please read our contributing guidelines and submit pull requests.

New Contributors

  • @c-vigo made their first contribution in #1

Full Changelog: initial...v0.1.0

Contributors

c-vigo
Loading