devopsinfra/action-commit-push

Sponsored OSS

By DevOps Infra

โ€ขUpdated 2 days ago

GitHub Action that will create a new commit and push it to the repository

Image
0

1M+

devopsinfra/action-commit-push repository overview

โ ๐Ÿš€ GitHub Action for committing changes to repository

Powerful GitHub Action for automatically committing and pushing changes back to your repository.

โ ๐Ÿ“ฆ Available on

โ โœจ Features

  • ๐Ÿ“ Custom commit messages: Add custom prefixes and messages to commits
  • ๐Ÿ” Commit signing: Sign generated commits with GPG or SSH keys
  • ๐ŸŒฟ Branch management: Create new branches automatically with optional timestamps
  • โฐ Timestamp support: Add timestamps to branch names for cron-based updates
  • ๐Ÿ”„ Integration-ready: Works seamlessly with other DevOps workflows
  • ๐Ÿ’ช Force push options: Support for --force and --force-with-lease when needed
  • ๐Ÿ”€ Pull request integration: Perfect companion for automated PR workflows
  • ๐ŸŽฏ Deterministic branch reset: Optionally reset target branches to a chosen base branch before committing
  • ๐Ÿงฉ Empty commit support: Optionally create empty commits for no-diff automation flows
  • ๐Ÿ›ก๏ธ Rebase conflict control: Choose strict failure or legacy best-effort behavior on rebase conflicts

Perfect for automation workflows and integrates seamlessly with devops-infra/action-pull-requestโ .

โ ๐Ÿ“Š Badges

GitHub repo GitHub last commit GitHub code size in bytes GitHub license โ 
DockerHub Docker version Image size Docker Pulls โ 

โ ๐Ÿท๏ธ Version Tags: vX, vX.Y, vX.Y.Z

This action supports three tag levels for flexible versioning:

  • vX: latest patch of the major version (e.g., v1).
  • vX.Y: latest patch of the minor version (e.g., v1.2).
  • vX.Y.Z: fixed to a specific release (e.g., v1.2.3).

โ ๐Ÿ“– API Reference

      - name: Run the Action
        uses: devops-infra/[email protected]
        with:
          github_token: "${{ secrets.GITHUB_TOKEN }}"
          add_timestamp: true
          amend: false
          commit_prefix: "[AUTO]"
          commit_message: "Automatic commit"
          user_name: ""
          user_email: ""
          signing_mode: ""
          signing_key: ""
          signing_passphrase: ""
          force: false
          force_with_lease: false
          no_edit: false
          organization_domain: github.com
          target_branch: update/version
โ ๐Ÿ”ง Input Parameters
Input VariableRequiredDefaultDescription
github_tokenYes""Personal Access Token for GitHub for pushing the code.
add_timestampNofalseWhether to add the timestamp to a new branch name. Uses format %Y-%m-%dT%H-%M-%SZ.
amendNofalseWhether to make an amendment to the previous commit (--amend). Can be combined with commit_message to change the commit message.
commit_prefixNo""Prefix added to commit message. Combines with commit_message.
commit_messageNo""Commit message to set. Combines with commit_prefix. Can be used with amend to change the commit message.
user_nameNo""Git user.name used for created commits. Defaults to ${{ github.actor }} when empty.
user_emailNo""Git user.email used for created commits. Defaults to ${{ github.actor }}@users.noreply.<organization_domain> when empty.
signing_modeNo""Commit signing mode. Supported values are gpg and ssh. Leave empty to disable signing.
signing_keyNo""Signing key material. For gpg, provide an ASCII-armored private key export. For ssh, provide a private key in OpenSSH or PEM format.
signing_passphraseNo""Optional passphrase for the signing key. Passphrase-protected GPG keys are supported. Encrypted SSH signing keys are rejected in the current runtime.
forceNofalseWhether to use force push (--force). Use only when you need to overwrite remote changes. Potentially dangerous.
force_with_leaseNofalseWhether to use force push with lease (--force-with-lease). Safer than force as it checks for remote changes. Set fetch-depth: 0 for actions/checkout.
base_branchNo""Base branch used to sync or reset target_branch. When empty, the action auto-detects main/master or origin HEAD.
reset_target_branchNofalseWhether to hard-reset target_branch to origin/base_branch before committing. Recommended for deterministic release branches.
allow_empty_commitNofalseWhether to create an empty commit when there are no file changes. Useful for workflows that must open a PR with no file diff.
fail_on_rebase_conflictNotrueWhether to fail the action if rebase onto base_branch conflicts. Set to false to keep legacy best-effort rebase behavior.
no_editNofalseWhether to not edit commit message when using amend (--no-edit).
organization_domainNogithub.comGitHub Enterprise domain name.
target_branchNocurrent branchName of a new branch to push the code into. Creates branch if not existing unless there are no changes and amend is false.
repository_pathNo.Relative path under ${{ github.workspace }} where the repository is checked out. Set this when actions/checkout uses path:.
โ ๐Ÿ“ค Output Parameters
OutputDescription
files_changedList of changed files, as returned by git diff --staged --name-status.
branch_nameName of the branch code was pushed into.

โ ๐Ÿ’ป Usage Examples

โ ๐Ÿ“ Basic Example

Commit and push changes to the currently checked out branch.

name: Run the Action
on:
  push
jobs:
  change-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Change something
        run: |
          find . -type f -name "*.md" -print0 | xargs -0 sed -i "s/foo/bar/g"

      - name: Commit and push changes
        uses: devops-infra/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          commit_message: "Replace foo with bar"
โ ๐Ÿ”€ Advanced Example

Commit and push changes to a new branch and create a pull request using devops-infra/action-pull-requestโ .

name: Push changes and create PR
on:
  push
jobs:
  change-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: Change something
        run: |
          find . -type f -name "*.md" -print0 | xargs -0 sed -i "s/foo/bar/g"

      - name: Commit and push changes
        uses: devops-infra/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          commit_prefix: "[AUTO-COMMIT] "
          commit_message: "Replace foo with bar"

      - name: Create pull request
        uses: devops-infra/action-pull-request@v1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          body: "**Automated pull request**<br><br>Replaced foo with bar"
          title: ${{ github.event.commits[0].message }}
โ ๐Ÿ’ช Force Push Example

When you need to amend the previous commit and force push (useful when adding automatic changes to manual commit).

name: Amend and force push
on:
  workflow_dispatch:
    inputs:
      new_commit_message:
        description: 'New commit message'
        required: true
        default: 'Updated commit message'

jobs:
  amend-commit:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository with full history
        uses: actions/checkout@v6
        with:
          fetch-depth: 0  # Required for force_with_lease
      - name: Make some changes
        run: |
          echo "Additional content" >> README.md

      - name: Amend and force push with lease
        uses: devops-infra/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          commit_message: ${{ github.event.inputs.new_commit_message }}
          amend: true
          force_with_lease: true  # Safer force push option
โ ๐Ÿ“ Custom checkout path example

Commit and push when actions/checkout uses a custom path.

name: Commit from custom checkout path
on:
  push
jobs:
  change-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository into custom path
        uses: actions/checkout@v6
        with:
          path: work/repo

      - name: Change something in checked out repository
        run: |
          echo "Updated" >> work/repo/README.md

      - name: Commit and push changes
        uses: devops-infra/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          repository_path: work/repo
          commit_message: "Update README"
โ ๐Ÿ‘ค Custom commit identity example

Override the git author/committer identity used by the action.

- name: Commit and push with custom identity
  uses: devops-infra/[email protected]
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    commit_message: "test(commit-push): custom identity"
    user_name: "Release Automation"
    user_email: "[email protected]"

When user_name and user_email are empty, the action defaults to:

  • user.name = ${{ github.actor }}
  • user.email = ${{ github.actor }}@users.noreply.<organization_domain>

โ ๐Ÿ” Commit Signing

This action can sign generated commits by configuring repository-local git signing settings at runtime.

  • signing_mode: gpg imports an ASCII-armored private OpenPGP key into an isolated temporary GNUPGHOME.
  • signing_mode: ssh uses an SSH private key file and git's SSH signing mode.
  • Temporary key material is written outside the repository and removed when the container exits.
  • Passphrase-protected GPG keys are supported through non-interactive loopback pinentry.
  • Encrypted SSH signing keys are currently rejected explicitly instead of falling back to interactive prompts.
โ ๐Ÿ” GPG signing example
- name: Commit and push signed changes
  uses: devops-infra/[email protected]
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    commit_message: "test(commit-push): signed with gpg"
    signing_mode: gpg
    signing_key: ${{ secrets.GPG_PRIVATE_KEY }}
    signing_passphrase: ${{ secrets.GPG_PASSPHRASE }}
โ ๐Ÿ” SSH signing example
- name: Commit and push SSH-signed changes
  uses: devops-infra/[email protected]
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    commit_message: "test(commit-push): signed with ssh"
    signing_mode: ssh
    signing_key: ${{ secrets.SSH_SIGNING_KEY }}
โ ๐Ÿฉบ Signing troubleshooting
  • Failed to import GPG signing key usually means the secret is not an ASCII-armored private key export.
  • Failed to read SSH signing key usually means the secret is not a valid private key.
  • Encrypted SSH signing keys are not supported in this runtime means the key must be provided without a passphrase.
  • If downstream verification fails, confirm your verifier trusts the matching public key and uses git's corresponding gpg.format.

โ ๐Ÿ“ Amend Options

When using amend: true, you have several options for handling the commit message:

  1. Change the commit message: Set commit_message to provide a new message

    - uses: devops-infra/[email protected]
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        commit_message: "Fixed typo in documentation"
        amend: true
        force_with_lease: true
    
  2. Keep existing message: Set no_edit: true to keep the original commit message

    - uses: devops-infra/[email protected]
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        amend: true
        no_edit: true
        force_with_lease: true
    
  3. Default behavior: If neither is set, uses "Files changed:" with file list (when files are modified)

๐Ÿ’ก Note: Amending works even without file changes - useful for just changing commit messages!

โ โš ๏ธ Force Push Options

This action provides two force push options for different scenarios:

  • Uses git push --force-with-lease
  • Safer option that checks if someone else has pushed changes to the remote branch
  • Prevents accidentally overwriting other people's work
  • Required: Set fetch-depth: 0 in your actions/checkout step
  • Use case: Amending commits, rebasing, or other history modifications
โ โšก force (Use with Caution)
  • Uses git push --force
  • Potentially dangerous as it will overwrite remote changes unconditionally
  • No safety checks - will overwrite any remote changes
  • Use case: Only when you're absolutely certain you want to overwrite remote changes

โš ๏ธ Important: Never use both options simultaneously. force_with_lease takes precedence if both are set to true.

โ ๐ŸŽฏ Use specific version

Pick the tag level based on your stability needs:

  • vX.Y.Z: exact immutable release (most predictable)
  • vX.Y: latest patch within one minor line
  • vX: latest patch within one major line
name: Run the Action
on:
  push:
    branches-ignore: master
jobs:
  action-commit-push:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - uses: devops-infra/[email protected]
        id: Pin patch version

      - uses: devops-infra/[email protected]
        id: Pin minor version

      - uses: devops-infra/action-commit-push@v1
        id: Pin major version

โ ๐Ÿค Contributing

Contributions are welcome! See CONTRIBUTINGโ . This project is licensed under the MIT License - see the LICENSEโ  file for details.

โ ๐Ÿ“„ License

This project is licensed under the MIT License - see the LICENSEโ  file for details.

โ ๐Ÿ’ฌ Support

If you have any questions or need help, please:

  • ๐Ÿ“ Create an issueโ 
  • ๐ŸŒŸ Star this repository if you find it useful!

โ ๐Ÿงช End-to-End Validation

Use the manual workflow .github/workflows/manual-e2e-validate.yml to validate this action against the centralized E2E repository.

  • mode=ref validates ref-oriented E2E paths against stable pinned action refs.
  • mode=image is wired but currently placeholder-only in the central E2E workflow for this action.

CI/CD automation also runs these E2E checks automatically:

  • Pull requests: E2E validation runs through reusable org workflows.
  • Release branch prepare: E2E validation runs against release candidate refs.
  • Release create: E2E validation runs against production release refs.

Example trigger inputs:

mode=ref
mode=image
image_tag=v1.2.3-test

โ Forking

To publish images from a fork, set these variables so Task uses your registry identities: DOCKER_USERNAME, DOCKER_ORG_NAME, GITHUB_USERNAME, GITHUB_ORG_NAME.

Two supported options (environment variables take precedence over .env):

# .env (local only, not committed)
DOCKER_USERNAME=your-dockerhub-user
DOCKER_ORG_NAME=your-dockerhub-org
GITHUB_USERNAME=your-github-user
GITHUB_ORG_NAME=your-github-org
# Shell override
DOCKER_USERNAME=your-dockerhub-user \
DOCKER_ORG_NAME=your-dockerhub-org \
GITHUB_USERNAME=your-github-user \
GITHUB_ORG_NAME=your-github-org \
task docker:build

Recommended setup:

  • Local development: use a .env file.
  • GitHub Actions: set repo variables for the four values above, and secrets for DOCKER_TOKEN and GITHUB_TOKEN.

Publish images without a release:

  • Run the (Manual) Release Create workflow with build_only: true to build and push images without tagging a release.

Tag summary

Content type

Image

Digest

sha256:e17a62fa8โ€ฆ

Size

22.3 MB

Last updated

2 days ago

docker pull devopsinfra/action-commit-push:latest-test

This week's pulls

Pulls:

4,250

Last week