Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@octokit/action
Advanced tools
GitHub API client for GitHub Actions
Browsers |
|
---|---|
Node |
Install with
|
You can pass secret.GITHUB_TOKEN
or any of your own secrets to a Node.js script. For example
name: My Node Action
on:
- pull_request
jobs:
my-action:
runs-on: ubuntu-latest
steps:
# Check out code using git
- uses: actions/checkout@v2
# Install Node 12
- uses: actions/setup-node@v1
with:
version: 12
- run: npm install @octokit/action
# Node.js script can be anywhere. A good convention is to put local GitHub Actions
# into the `.github/actions` folder
- run: node .github/actions/my-script.js
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Setting GITHUB_TOKEN
on either with:
or env:
will work.
// .github/actions/my-script.js
const { Octokit } = require("@octokit/action");
const octokit = new Octokit();
// `octokit` is now authenticated using GITHUB_TOKEN
const { Octokit } = require("@octokit/action");
const octokit = new Octokit();
const [owner, repo] = process.env.GITHUB_REPOSITORY.split("/");
// See https://developer.github.com/v3/issues/#create-an-issue
const { data } = await octokit.request("POST /repos/{owner}/{repo}/issues", {
owner,
repo,
title: "My test issue",
});
console.log("Issue created: %s", data.html_url);
You can also use octokit.issues.create({ owner, repo, title })
. See the REST endpoint methods plugin for a list of all available methods.
const { Octokit } = require("@octokit/action");
const octokit = new Octokit();
const eventPayload = require(process.env.GITHUB_EVENT_PATH);
const repositoryId = eventPayload.repository.node_id;
const response = await octokit.graphql(
`
mutation($repositoryId:ID!, $title:String!) {
createIssue(input:{repositoryId: $repositoryId, title: $title}) {
issue {
number
}
}
}
`,
{
repositoryId,
title: "My test issue",
}
);
@octokit/action
is build upon @octokit/core
. Refer to its README for the full API documentation.
Types for endpoint method parameters and responses are exported as RestEndpointMethodTypes
. They keys are the same as the endpoint methods. Here is an example to retrieve the parameter and response types for octokit.checks.create()
import { RestEndpointMethodTypes } from `@octokit/action`;
type ChecksCreateParams =
RestEndpointMethodTypes["checks"]["create"]["parameters"];
type ChecksCreateResponse =
RestEndpointMethodTypes["checks"]["create"]["response"];
@octokit/action
is simply a @octokit/core
constructor, pre-authenticate using `@octokit/auth-action.
The source code is … simple: src/index.ts
.
FAQs
GitHub API client for GitHub Actions
We found that @octokit/action demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.