The GitHub Action for committing files for the 80% use case.
A GitHub Action to detect changed files during a Workflow run and to commit and push them back to the GitHub repository. By default, the commit is made in the name of "GitHub Actions" and co-authored by the user that made the last commit.
If you want to learn more how this Action works under the hood, check out this article by Michael Heap.
Adding git-auto-commit to your Workflow only takes a couple lines of code.
contents
-permission of the default GITHUB_TOKEN to true
. (Required to push new commits to the repository)- uses: stefanzweifel/git-auto-commit-action@v5
Your Workflow should look similar to this example.
name: Format
on: push
jobs:
format-code:
runs-on: ubuntu-latest
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# added or changed files to the repository.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
# Other steps that change files in the repository go here
# …
# Commit all changed files back to the repository
- uses: stefanzweifel/git-auto-commit-action@v5
[!NOTE] The Action has to be used in a Job that runs on a UNIX-like system (e.g.
ubuntu-latest
).
The following is an extended example with all available options.
- uses: stefanzweifel/git-auto-commit-action@v5
with:
# Optional. Commit message for the created commit.
# Defaults to "Apply automatic changes"
commit_message: Automated Change
# Optional. Local and remote branch name where commit is going to be pushed
# to. Defaults to the current branch.
# You might need to set `create_branch: true` if the branch does not exist.
branch: feature-123
# Optional. Options used by `git-commit`.
# See https://git-scm.com/docs/git-commit#_options
commit_options: '--no-verify --signoff'
# Optional glob pattern of files which should be added to the commit
# Defaults to all (.)
# See the `pathspec`-documentation for git
# - https://git-scm.com/docs/git-add#Documentation/git-add.txt-ltpathspecgt82308203
# - https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefpathspecapathspec
file_pattern: '*.php src/*.js tests/*.js'
# Optional. Local file path to the repository.
# Defaults to the root of the repository.
repository: .
# Optional commit user and author settings
commit_user_name: My GitHub Actions Bot # defaults to "github-actions[bot]"
commit_user_email: my-github-actions-bot@example.org # defaults to "41898282+github-actions[bot]@users.noreply.github.com"
commit_author: Author <actions@github.com> # defaults to "username <username@users.noreply.github.com>", where "username" belongs to the author of the commit that triggered the run
# Optional. Tag name being created in the local repository and
# pushed to remote repository and defined branch.
tagging_message: 'v1.0.0'
# Optional. Option used by `git-status` to determine if the repository is
# dirty. See https://git-scm.com/docs/git-status#_options
status_options: '--untracked-files=no'
# Optional. Options used by `git-add`.
# See https://git-scm.com/docs/git-add#_options
add_options: '-u'
# Optional. Options used by `git-push`.
# See https://git-scm.com/docs/git-push#_options
push_options: '--force'
# Optional. Disable dirty check and always try to create a commit and push
skip_dirty_check: true
# Optional. Skip internal call to `git fetch`
skip_fetch: true
# Optional. Skip internal call to `git checkout`
skip_checkout: true
# Optional. Prevents the shell from expanding filenames.
# Details: https://www.gnu.org/software/bash/manual/html_node/Filename-Expansion.html
disable_globbing: true
# Optional. Create given branch name in local and remote repository.
create_branch: true
Please note that the Action depends on bash
. If you're using the Action in a job in combination with a custom Docker container, make sure that bash
is installed.
In this example, we're running php-cs-fixer
in a PHP project to fix the codestyle automatically, then commit possible changed files back to the repository.
Note that we explicitly specify ${{ github.head_ref }}
in the checkout Action.
This is required in order to work with the pull_request
event (or any other non-push
event).
name: php-cs-fixer
on:
pull_request:
push:
branches:
- main
jobs:
php-cs-fixer:
runs-on: ubuntu-latest
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Run php-cs-fixer
uses: docker://oskarstark/php-cs-fixer-ga
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Apply php-cs-fixer changes
Checkout action.yml
for a full list of supported inputs.
You can use these outputs to trigger other Actions in your Workflow run based on the result of git-auto-commit-action
.
changes_detected
: Returns either "true" or "false" if the repository was dirty and files have changed.commit_hash
: Returns the full hash of the commit if one was created.⚠️ When using outputs, the step needs to be given an id. See example below.
- uses: stefanzweifel/git-auto-commit-action@v5
id: auto-commit-action #mandatory for the output to show up in ${{ steps }}
with:
commit_message: Apply php-cs-fixer changes
- name: "Run if changes have been detected"
if: steps.auto-commit-action.outputs.changes_detected == 'true'
run: echo "Changes!"
- name: "Run if no changes have been detected"
if: steps.auto-commit-action.outputs.changes_detected == 'false'
run: echo "No Changes!"
The goal of this Action is to be "the Action for committing files for the 80% use case". Therefore, you might run into issues if your Workflow falls into the not supported 20% portion.
The following is a list of edge cases the Action knowingly does not support:
No git pull
when the repository is out of date with remote. The Action will not do a git pull
before doing the git push
. You are responsible for keeping the repository up to date in your Workflow runs.
No support for running the Action in build matrices. If your Workflow is using build matrices, and you want that each job commits and pushes files to the remote, you will run into the issue, that the repository in the workflow will become out of date. As the Action will not do a git pull
for you, you have to do that yourself.
No support for git rebase
or git merge
. There are many strategies on how to integrate remote upstream changes to a local repository. git-auto-commit
does not want to be responsible for doing that.
No support for detecting line break changes between CR (Carriage Return) and LF (Line Feed). This is a low level issue, you have to resolve differently in your project. Sorry.
If this Action doesn't work for your workflow, check out EndBug/add-and-commit.
You must use action/checkout@v2
or later versions to check out the repository.
In non-push
events, such as pull_request
, make sure to specify the ref
to check out:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
Do this to avoid checking out the repository in a detached state.
The resulting commit will not trigger another GitHub Actions Workflow run. This is due to limitations set by GitHub.
When you use the repository's GITHUB_TOKEN to perform tasks on behalf of the GitHub Actions app, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs.
You can change this by creating a new Personal Access Token (PAT),
storing the token as a secret in your repository and then passing the new token to the actions/checkout
Action step.
- uses: actions/checkout@v4
with:
token: ${{ secrets.PAT }}
If you create a personal access token (classic), apply the repo
and workflow
scopes.
If you create a fine-grained personal access token, apply the Contents
-permissions.
If you work in an organization and don't want to create a PAT from your personal account, we recommend using a robot account for the token.
If you're using a Personal Access Token (PAT) to push commits to GitHub repository, the resulting commit or push can trigger other GitHub Actions workflows. This can result in an infinite loop.
If you would like to prevent this, you can add skip-checks:true
to the commit message. See Skipping workflow runs for details.
Does your workflow change a file, but "git-auto-commit" does not detect the change? Check the .gitignore
that applies to the respective file. You might have accidentally marked the file to be ignored by git.
If your commit message should span multiple lines, you have to create a separate step to generate the string.
The example below can be used as a starting point to generate a multiline commit meesage. Learn more how multiline strings in GitHub Actions work in the GitHub documentation.
# Building a multiline commit message
# Adjust to your liking
- run: echo "Commit Message 1" >> commitmessage.txt
- run: echo "Commit Message 2" >> commitmessage.txt
- run: echo "Commit Message 3" >> commitmessage.txt
# Create a multiline string to be used by the git-auto-commit Action
- name: Set commit message
id: commit_message_step
run: |
echo 'commit_message<<EOF' >> $GITHUB_OUTPUT
cat commitmessage.txt >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
# Quick and dirty step to get rid of the temporary file holding the commit message
- run: rm -rf commitmessage.txt
- uses: stefanzweifel/git-auto-commit-action@v5
id: commit
with:
commit_message: ${{ steps.commit_message_step.outputs.commit_message }}
If you would like to sign your commits using a GPG key, you will need to use an additional action. You can use the crazy-max/ghaction-import-gpg action and follow its setup instructions.
As git-auto-commit by default does not use your username and email when creating a commit, you have to override these values in your workflow.
- name: "Import GPG key"
id: import-gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: "Commit and push changes"
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_author: "${{ steps.import-gpg.outputs.name }} <${{ steps.import-gpg.outputs.email }}>"
commit_user_name: ${{ steps.import-gpg.outputs.name }}
commit_user_email: ${{ steps.import-gpg.outputs.email }}
See discussion #334 for details.
By default, GitHub Actions doesn't run Workflows on forks from private repositories. To enable Actions for private repositories enable "Run workflows from pull requests" in your repository settings.
See this announcement from GitHub or the GitHub docs for details.
[!NOTE] This Action technically works with forks. However, please note that the combination of triggers and their options can cause issues. Please read the documentation on which triggers GitHub Actions support.\ Ensure your contributors enable "Allow edits by maintainers" when opening a pull request. (Learn more) \ \ If you use this Action in combination with a linter/fixer, it's easier if you run the Action on
push
on yourmain
-branch.[!WARNING] Due to limitations of GitHub, this Action currently can't push commits to a base repository, if the fork lives under an organisation. See github/community#6634 and this comment for details.
By default, this Action will not run on Pull Requests which have been opened by forks. (This is a limitation by GitHub, not by us.)
However, there are a couple of ways to use this Actions in Workflows that should be triggered by forked repositories.
[!CAUTION] The following section explains how you can use git-auto-commit in combination with the
pull_request_target
trigger.
Usingpull_request_target
in your workflows can lead to repository compromise as mentioned by GitHub's own security team. This means, that a bad actor could potentially leak/steal your GitHub Actions repository secrets.
Please be aware of this risk when usingpull_request_target
in your workflows.If your workflow runs code-fixing tools, consider running the workflow on your default branch by listening to the
push
event or use a third-party tool like autofix.ci.
We keep this documentation around, as many questions came in over the years, on how to use this action for public forks.
The workflow below runs whenever a commit is pushed to the main
-branch or when activity on a pull request happens, by listening to the pull_request_target
event.
If the workflow is triggered by the pull_request_target
-event, the workflow will run in the context of the base of the pull request, rather than in the context of the merge commit, as the pull_request
event does.
In other words, this will allow your workflow to be run in the repository where the pull request is opened to and will push changes back to the fork.
Check out the discussion in #211 for more information on this.
name: Format PHP
on:
push:
branches:
- main
pull_request_target:
jobs:
php-cs-fixer:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
# Checkout the fork/head-repository and push changes to the fork.
# If you skip this, the base repository will be checked out and changes
# will be committed to the base repository!
repository: ${{ github.event.pull_request.head.repo.full_name }}
# Checkout the branch made in the fork. Will automatically push changes
# back to this branch.
ref: ${{ github.head_ref }}
- name: Run php-cs-fixer
uses: docker://oskarstark/php-cs-fixer-ga
- uses: stefanzweifel/git-auto-commit-action@v5
For more information about running Actions on forks, see this announcement from GitHub.
--amend
and --no-edit
as commit optionsIf you would like to use this Action to create a commit using --amend
and --no-edit
you need to make some adjustments.
[!CAUTION] You should understand the implications of rewriting history if you amend a commit that has already been published. See rebasing.
First, you need to extract the previous commit message by using git log -1 --pretty=%s
.
Then you need to provide this last commit message to the Action through the commit_message
input option.
By default, the commit author is changed to username <username@users.noreply.github.com>
, where username
is the name of the user who triggered the workflow (The github.actor
context is used here). If you want to preserve the name and email of the original author, you must extract them from the last commit and provide them to the Action through the commit_author
input option.
Finally, you have to use push_options: '--force'
to overwrite the git history on the GitHub remote repository. (git-auto-commit will not do a git-rebase
for you!)
The steps in your workflow might look like this:
- uses: actions/checkout@4
with:
# Fetch the last 2 commits instead of just 1. (Fetching just 1 commit would overwrite the whole history)
fetch-depth: 2
# Other steps in your workflow to trigger a changed file
- name: Get last commit message
id: last-commit
run: |
echo "message=$(git log -1 --pretty=%s)" >> $GITHUB_OUTPUT
echo "author=$(git log -1 --pretty=\"%an <%ae>\")" >> $GITHUB_OUTPUT
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_author: ${{ steps.last-commit.outputs.author }}
commit_message: ${{ steps.last-commit.outputs.message }}
commit_options: '--amend --no-edit'
push_options: '--force'
skip_fetch: true
See discussion in #159 for details.
Make sure to checkout the correct branch.
If your Workflow can't push the commit to the repository because of authentication issues,
please update your Workflow configuration and usage of actions/checkout
.
Updating the token
value with a Personal Access Token should fix your issues.
.github/workflows/
The default GITHUB_TOKEN
issued by GitHub Action does not have permission to make changes to workflow files located in .github/workflows/
.
To fix this, please create a personal access token (PAT) and pass the token to the actions/checkout
-step in your workflow. (Similar to how to push to protected branches).
If a PAT does not work for you, you could also create a new GitHub app and use it's token in your workflows. See this comment in #87 for details.
See #322 for details and discussions around this topic.
If your repository uses protected branches you have to make some changes to your Workflow for the Action to work properly: You need a Personal Access Token and you either have to allow force pushes or the Personal Access Token needs to belong to an Administrator.
First, you have to create a new Personal Access Token (PAT),
store the token as a secret in your repository and pass the new token to the actions/checkout
Action step.
If you create a personal access token (classic), apply the repo
and workflow
scopes.
If you create a fine-grained personal access token, apply the Contents
-permissions.
- uses: actions/checkout@v4
with:
token: ${{ secrets.PAT }}
You can learn more about Personal Access Token in the GitHub documentation.
[!TIP] If you're working in an organisation, and you don't want to create the PAT from your personal account, we recommend using a bot-account for such tokens.
If you go the "force pushes" route, you have to enable force pushes to a protected branch (see documentation) and update your Workflow to use force push like this.
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Apply php-cs-fixer changes
push_options: --force
This is due to limitations set up by GitHub, commits made by this Action do not trigger new Workflow runs.
If you're using the Action with a custom file_pattern
and the Action throws a fatal error with the message "Pathspec 'file-pattern' did not match any files", the problem is probably that no file for the pattern exists in the repository.
file_pattern
is used both for git-status
and git-add
in this Action. git-add
will throw a fatal error, if for example, you use a file pattern like *.js *.ts
but no *.ts
files exist in your projects' repository.
See Issue #227 for details.
file_pattern
, changed files but seeing "Working tree clean. Nothing to commit." in the logsIf you're using a custom file_pattern
and the Action does not detect the changes made in your worfklow, you're probably running into a globbing issue.
Let's imagine you use file_pattern: '*.md'
to detect and commit changes to all Markdown files in your repository.
If your Workflow now only updates .md
-files in a subdirectory, but you have an untouched .md
-file in the root of the repository, the git-auto-commit Action will display "Working tree clean. Nothing to commit." in the Workflow log.
This is due to the fact, that the *.md
-glob is expanded before sending it to git-status
. git-status
will receive the filename of your untouched .md
-file in the root of the repository and won't detect any changes; and therefore the Action does nothing.
To fix this add disable_globbing: true
to your Workflow.
- uses: stefanzweifel/git-auto-commit-action@v5
with:
file_pattern: '*.md'
disable_globbing: true
See Issue #239 for details.
The Action has tests written in bats. Before you can run the test suite locally, you have to install the dependencies with npm
or yarn
.
npm install
yarn
You can run the test suite with npm
or yarn
.
npm run test
yarn test
We use SemVer for versioning. For the versions available, see the tags on this repository.
We also provide major version tags to make it easier to always use the latest release of a major version. For example, you can use stefanzweifel/git-auto-commit-action@v5
to always use the latest release of the current major version.
(More information about this here.)
This Action has been inspired and adapted from the auto-commit-Action of the Canadian Digital Service and this commit-Action by Eric Johnson.
This project is licensed under the MIT License - see the LICENSE file for details.