Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
@ssfbank/push-to-repo
Advanced tools
Readme
Commit changes back to the repo from a GitLab CI job.
Uses GitLab API and by default fails quietly (if the pushed file is for example unchanged). Easy to use and flexible to configure.
GL_PRIVATE_TOKEN
to your GitLab repo CI/CD variables with a valid GitLab access token as its value.npx push-to-repo -h
All options except the filename are optional(or --all-commit if run in all commit mode). Note that by default the script does not set author details to the commit which means that it will use the credentials of the user who created the access token. This means that the commits will show up in that users commit history etc. If you want to avoid this, set author name and email explicitly.
Usage: push-to-repo -f <file> [options]
Options:
-f, --file-name <filename> the file to push
-a, --all-commit Push all modified or deleted changes or new files.
-b, --branch <branch> the branch to push (default: "CI_COMMIT_BRANCH")
-m, --message <message> commit message (default: "Update <filename> [skip ci]")
-u, --base-url <url> GitLab API base URL (default: "https://gitlab.com/api/v4")
-n, --author-name Author name
-e, --author-email Author e-mail
--fail-on-error fail the job on error
-d, --debug debug (verbose) mode
-V, --version output the version number
-h, --help display help for command
This mode of commit replaces the -f flag and lets you push all easily handled changes(modified or deleted) to existing files. New files are also added. Renames and chmods are not though.
The foremost practical use case for this is the common npm package release pattern where you increment the version of package.json, commit it, then publish it to NPM, all done in CI.
Remember that this cli only pushes through the gitlab API, so your current working tree remains unchanged. Gitlab jobs will by default swallow these changes and when the next job in the pipeline starts these are gone as it continues on the same commit. One way of handling this is for any later jobs in the pipeline to be triggered by the commit message.
This goes for the regular --file-name flag as well.
This tool is intended to be used inside GitLab CI but you can test or use it locally by setting the following GitLab CI env variables: CI_PROJECT_ID
, CI_PROJECT_DIR
, and CI_COMMIT_BRANCH
.
All contributions are welcome! Please follow the code of conduct when interacting with others. This project lives on GitLab.
Follow @Uninen on Twitter.
FAQs
Commit changes back to the repo from a GitLab CI job.
The npm package @ssfbank/push-to-repo receives a total of 73 weekly downloads. As such, @ssfbank/push-to-repo popularity was classified as not popular.
We found that @ssfbank/push-to-repo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.