diff --git a/.github/workflows/actions_release.yml b/.github/workflows/actions_release.yml new file mode 100644 index 0000000..b2c7eb2 --- /dev/null +++ b/.github/workflows/actions_release.yml @@ -0,0 +1,22 @@ +name: Release GitHub Actions + +on: + workflow_dispatch: + inputs: + tag: + description: "Tag for the release" + required: true + +permissions: + contents: read + +jobs: + release: + permissions: + actions: read + id-token: write + contents: write + + uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1 + with: + tag: "${{ github.event.inputs.tag }}" \ No newline at end of file diff --git a/.github/workflows/auto_cherry_pick.yml b/.github/workflows/auto_cherry_pick.yml new file mode 100644 index 0000000..e3cdb0d --- /dev/null +++ b/.github/workflows/auto_cherry_pick.yml @@ -0,0 +1,23 @@ +name: Auto Cherry-Pick from Upstream + +on: + workflow_dispatch: + inputs: + base_branch: + description: "Base branch to create the PR against" + required: true + default: "main" + +permissions: + contents: write + pull-requests: write + packages: read + issues: write + +jobs: + cherry-pick: + uses: step-security/reusable-workflows/.github/workflows/auto_cherry_pick.yaml@v1 + with: + original-owner: "planetscale" + repo-name: "ghcommit-action" + base_branch: ${{ inputs.base_branch }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..efefada --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,15 @@ +name: ci + +on: + push: + branches: + - '**' + +jobs: + test: + runs-on: ubuntu-latest + if: github.event_name == 'push' && !contains(toJson(github.event.commits), '[ci skip]') && !contains(toJson(github.event.commits), '[skip ci]') + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - run: make lint + - run: make test diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..6e91af9 --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,55 @@ +name: Publish docker image + +on: + workflow_dispatch: + inputs: + release_tag: + description: 'Tag to release' + required: true + type: string + +permissions: + contents: read + packages: write + +jobs: + build: + runs-on: ubuntu-latest + if: startsWith(github.event.inputs.release_tag, 'v') + steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@v5 + - name: Validate tag format + run: | + TAG=${{ github.event.inputs.release_tag }} + if ! echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then + echo "❌ Invalid tag format: $TAG" + exit 1 + fi + echo "✅ Valid semver tag: $TAG" + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up QEMU for ARM builds + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: | + ghcr.io/${{ github.repository }}:${{ github.event.inputs.release_tag }} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..11d886b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +Attic/ +HACK.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..403c9c6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,17 @@ +FROM golang:1.25-alpine3.22 + +ARG GHCOMMIT_VERSION=v0.1.75 + +# hadolint ignore=DL3018 +RUN apk add --no-cache bash git-crypt curl git + +# Download and build ghcommit from source +RUN git clone --depth 1 --branch "${GHCOMMIT_VERSION}" https://github.com/planetscale/ghcommit.git /ghcommit +WORKDIR /ghcommit +RUN go mod download +RUN CGO_ENABLED=0 go build -o /usr/bin/ghcommit . + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh /usr/bin/ghcommit + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2011fc4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,203 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 PlanetScale, Inc. + Copyright 2025 Step Security. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..5116630 --- /dev/null +++ b/Makefile @@ -0,0 +1,13 @@ +lint: + @docker compose run --rm lint + +test: + @docker compose run --rm tests + @echo "run 'make clean' to stop and remove test containers" + +clean: + @docker compose down + +.DEFAULT_GOAL: test + +.PHONY: lint test clean \ No newline at end of file diff --git a/README.md b/README.md index 95ca7dd..83950e0 100644 --- a/README.md +++ b/README.md @@ -1 +1,68 @@ -# ghcommit-action \ No newline at end of file +# ghcommit-action + +A GitHub Action to detect changed files during a Workflow run and to commit and +push them back to the GitHub repository using the [`ghcommit`](https://github.com/planetscale/ghcommit) utility. + +The advantage of using `ghcommit` is that the commits will be signed by GitHub's +GPG key and show as **Verified**. This is important for repositories that require +signed commits. + +## Usage + +The plugin is currently implemented as a Docker style plugin. It must be run on +a Linux host, eg: `ubuntu-latest`. + +```yaml +name: fmt + +on: + # NOTE: Need to run on a PR so that the ${{ github.head_ref }} (branch) is non-null + pull_request: + types: + - opened + - synchronize + - reopened + +jobs: + fmt-code: + runs-on: ubuntu-latest + + permissions: + # Give the default GITHUB_TOKEN write permission to commit and push the + # added or changed files to the repository. + contents: write + + steps: + - uses: actions/checkout@v5 + # Include the pull request ref in the checkout action to prevent merge commit + # https://github.com/actions/checkout?tab=readme-ov-file#checkout-pull-request-head-commit-instead-of-merge-commit + with: + ref: ${{ github.event.pull_request.head.sha }} + + # Run steps that make changes to the local repo here. + + # Commit all changed files back to the repository + - uses: step-security/ghcommit-action@v0 + with: + commit_message: "🤖 fmt" + repo: ${{ github.repository }} + branch: ${{ github.head_ref || github.ref_name }} + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} +``` + +Example showing all options: + +```yaml + - uses: step-security/ghcommit-action@v0 + with: + commit_message: "🤖 fmt" + repo: ${{ github.repository }} + branch: ${{ github.head_ref || github.ref_name }} + empty: true + file_pattern: '*.txt *.md *.json *.hcl' + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} +``` + +See [`action.yaml`](./action.yaml) for current list of supported inputs. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..77568b2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +Please report security vulnerabilities to security@stepsecurity.io diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..c45f72f --- /dev/null +++ b/action.yaml @@ -0,0 +1,42 @@ +name: "Commit git changes" +description: "Commit git changes directly to GitHub using the GraphQL API" +author: "step-security" + +branding: + color: "orange" + icon: "git-commit" + +inputs: + commit_message: + description: The commit message to use. + required: true + repo: + description: The name of the repo to commit to in "owner/repo" format. + required: true + branch: + description: The name of the branch to commit to. + required: true + empty: + description: Allow making an empty commit if there are no changes. + required: false + default: "false" + file_pattern: + description: File pattern used for `git add`. For example `src/*.js` + required: false + default: "." + +outputs: + commit-url: + description: The URL of the created commit. + commit-hash: + description: The hash of the created commit. + +runs: + using: "docker" + image: "Dockerfile" + args: + - ${{ inputs.commit_message }} + - ${{ inputs.repo }} + - ${{ inputs.branch }} + - ${{ inputs.empty }} + - ${{ inputs.file_pattern }} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bd74059 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,14 @@ +services: + lint: + image: koalaman/shellcheck-alpine:v0.10.0@sha256:5921d946dac740cbeec2fb1c898747b6105e585130cc7f0602eec9a10f7ddb63 + volumes: + - ".:/plugin:ro" + entrypoint: sh + command: + - -c + - 'shellcheck ./plugin/*.sh' + + tests: + image: buildkite/plugin-tester:v4.2.0@sha256:21067012f59af6b8316cceb95850e89a542b50338c72d209a68bbebb33aff8c3 + volumes: + - ".:/plugin:ro" diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..30c367e --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,106 @@ +#!/usr/bin/env bash + +set -euo pipefail +[[ -n "${DEBUG:-}" ]] && set -x + +# validate subscription status +API_URL="https://agent.api.stepsecurity.io/v1/github/$GITHUB_REPOSITORY/actions/subscription" + +# Set a timeout for the curl command (3 seconds) +RESPONSE=$(curl --max-time 3 -s -w "%{http_code}" "$API_URL" -o /dev/null) || true +CURL_EXIT_CODE=$? + +# Decide based on curl exit code and HTTP status +if [ $CURL_EXIT_CODE -ne 0 ]; then + echo "Timeout or API not reachable. Continuing to next step." +elif [ "$RESPONSE" = "200" ]; then + : +elif [ "$RESPONSE" = "403" ]; then + echo "Subscription is not valid. Reach out to support@stepsecurity.io" + exit 1 +else + echo "Timeout or API not reachable. Continuing to next step." +fi + +COMMIT_MESSAGE="${1:?Missing commit_message input}" +REPO="${2:?Missing repo input}" +BRANCH="${3:?Missing branch input}" +EMPTY="${4:-false}" +read -r -a FILE_PATTERNS <<<"${5:?Missing file_pattern input}" + +git config --global --add safe.directory "$GITHUB_WORKSPACE" + +adds=() +deletes=() + +while IFS= read -r -d $'\0' line; do + [[ -n "${DEBUG:-}" ]] && echo "line: '$line'" + + # Extract the status in the tree and status in the index (first two characters) + index_status="${line:0:1}" + tree_status="${line:1:1}" + + # Renamed files have status code 'R' and two filenames separated by NUL. We need to read + # an additional chunk (up to the next NUL) to get the new filename. + if [[ "$index_status" == "R" || "$tree_status" == "R" ]]; then + IFS= read -r -d $'\0' old_filename + new_filename="${line:3}" + + echo "Renamed file detected:" + echo "Old Filename: $old_filename" + echo "New Filename: $new_filename" + echo "-----------------------------" + adds+=("$new_filename") + deletes+=("$old_filename") + continue + fi + + # Extract the filename by removing the first three characters (two statuses and a whitespace) + filename="${line:3}" + echo "Filename: $filename" + + # Print the parsed information, useful for debugging + echo "Index Status: $index_status" + echo "Tree Status: $tree_status" + echo "Filename: $filename" + echo "-----------------------------" + # https://git-scm.com/docs/git-status + + # handle adds (A), modifications (M), and type changes (T): + [[ "$tree_status" =~ A|M|T || "$index_status" =~ A|M|T ]] && adds+=("$filename") + + # handle deletes (D): + [[ "$tree_status" =~ D || "$index_status" =~ D ]] && deletes+=("$filename") + +done < <(git status -s --porcelain=v1 -z -- "${FILE_PATTERNS[@]}") + +if [[ "${#adds[@]}" -eq 0 && "${#deletes[@]}" -eq 0 && "$EMPTY" == "false" ]]; then + echo "No changes detected, exiting" + exit 0 +fi + +ghcommit_args=() +ghcommit_args+=(-b "$BRANCH") +ghcommit_args+=(-r "$REPO") +ghcommit_args+=(-m "$COMMIT_MESSAGE") + +if [[ "$EMPTY" =~ ^(true|1|yes)$ ]]; then + ghcommit_args+=(--empty) +fi + +ghcommit_args+=("${adds[@]/#/--add=}") +ghcommit_args+=("${deletes[@]/#/--delete=}") + +[[ -n "${DEBUG:-}" ]] && echo "ghcommit args: '${ghcommit_args[*]}'" + +output=$(ghcommit "${ghcommit_args[@]}" 2>&1) || { + # Show the output on error. This is needed since the exit immediately flag is set. + echo "$output" 1>&2; + exit 1 +} +echo "$output" + +commit_url=$(echo "$output" | grep "Success. New commit:" | awk '{print $NF}') +commit_hash=$(echo "$commit_url" | awk -F '/' '{print $NF}') +echo "commit-url=$commit_url" >> "$GITHUB_OUTPUT" +echo "commit-hash=$commit_hash" >> "$GITHUB_OUTPUT" diff --git a/tests/entrypoint.bats b/tests/entrypoint.bats new file mode 100644 index 0000000..4f5e9ff --- /dev/null +++ b/tests/entrypoint.bats @@ -0,0 +1,79 @@ +#!/usr/bin/env bats + +load "${BATS_PLUGIN_PATH}/load.bash" + +# uncomment to debug these stubs: +# export GIT_STUB_DEBUG=/dev/tty +# export GHCOMMIT_STUB_DEBUG=/dev/tty + +setup() { + export GITHUB_WORKSPACE=/tmp + export GITHUB_REPOSITORY=step-security/ghcommit-action + #export DEBUG=1 +} + +@test "parses git status output and generates correct flags for ghcommit" { + local commit_message='msg' + local repo='org/repo' + local branch='main' + local empty='false' + local file_pattern='.' + + export GITHUB_OUTPUT="$BATS_TEST_TMPDIR/github-output" + + # NOTE: we are passing our hand-crafted fixture through `tr` to convert newlines to nulls since + # we run `git status -z` which uses null terminators. The newlines are meant to make the file easier + # to modify and prevent cat from removing the leading space on lines/entries since that is a part + # of the git status output. + stub git \ + "config --global --add safe.directory $GITHUB_WORKSPACE : echo stubbed" \ + "status -s --porcelain=v1 -z -- . : cat ./tests/fixtures/git-status.out-1 | tr '\n' '\0'" + + stub ghcommit \ + '-b main -r org/repo -m msg --add=README.md --add=foo.txt --add=new.file --delete=old.file --delete=\""a path with spaces oh joy/file.txt\"" : echo Success. New commit: https://localhost/foo' + + run ./entrypoint.sh "$commit_message" "$repo" "$branch" "$empty" "$file_pattern" + assert_success + assert_output --partial "Success" + assert_file_exist "$GITHUB_OUTPUT" + assert_file_contains "$GITHUB_OUTPUT" "commit-url=https://localhost/foo" +} + +@test "no changes" { + local commit_message='msg' + local repo='org/repo' + local branch='main' + local empty='false' + local file_pattern='.' + + stub git \ + "config --global --add safe.directory $GITHUB_WORKSPACE : echo stubbed" \ + "status -s --porcelain=v1 -z -- . : echo" + + run ./entrypoint.sh "$commit_message" "$repo" "$branch" "$empty" "$file_pattern" + assert_success + assert_output --partial "No changes detected" +} + +@test "no changes with --empty flag creates empty commit" { + local commit_message='msg' + local repo='org/repo' + local branch='main' + local empty='true' + local file_pattern='.' + + export GITHUB_OUTPUT="$BATS_TEST_TMPDIR/github-output" + + stub git \ + "config --global --add safe.directory $GITHUB_WORKSPACE : echo stubbed" \ + "status -s --porcelain=v1 -z -- . : echo" + + stub ghcommit \ + '-b main -r org/repo -m msg --empty : echo Success. New commit: https://localhost/foo' + + run ./entrypoint.sh "$commit_message" "$repo" "$branch" "$empty" "$file_pattern" + assert_success + assert_output --partial "Success" + assert_file_exist "$GITHUB_OUTPUT" + assert_file_contains "$GITHUB_OUTPUT" "commit-url=https://localhost/foo" +} diff --git a/tests/fixtures/git-status.out-1 b/tests/fixtures/git-status.out-1 new file mode 100644 index 0000000..36fd3bb Binary files /dev/null and b/tests/fixtures/git-status.out-1 differ