stefanzweifel/git-auto-commit-action
Detect files changed during a workflow run, commit them, and push back to the repository.
What it does
stefanzweifel/git-auto-commit-action checks whether the working tree is dirty after your build steps and, if so, commits the matching files and pushes them back, typical for lint --fix, code formatters, or regenerated docs.
If nothing changed, the action is a no-op and exposes changes_detected: false instead of failing.
Usage
workflow (.yml)
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- run: npm run lint -- --fix
- uses: stefanzweifel/git-auto-commit-action@v7
with:
commit_message: 'chore: apply lint fixes'Inputs
| Input | Description | Default | Required |
|---|---|---|---|
commit_message | Commit message. | Apply automatic changes | No |
branch | Git branch name where changes should be pushed. Required if the action is used on the pull_request event. | ${{ github.head_ref }} | No |
file_pattern | File pattern used for git add and the dirty-check. Supports multiple space-separated patterns, e.g. src/*.js. | . | No |
commit_user_name | Name used for the commit user. | github-actions[bot] | No |
commit_user_email | Email address used for the commit user. | 41898282+github-actions[bot]@users.noreply.github.com | No |
create_branch | Create a new branch with the name of the branch input, locally and remotely, if it does not exist yet. | false | No |
push_options | Push options (eg. --force). | - | No |
Outputs
| Output | Description |
|---|---|
changes_detected | "true" if matching changes were detected and committed, "false" otherwise. |
commit_hash | Full hash of the created commit. Only set when a commit was actually made. |
Notes
On pull_request events, check out the PR head branch (ref: github.head_ref) so the action has a branch to push to instead of a detached HEAD.
Commits pushed with the default GITHUB_TOKEN do not trigger new workflow runs; use a GitHub App token (actions/create-github-app-token) if the pushed commit must re-run CI.
Common errors
- A push rejected with a 403 for
github-actions[bot]means the workflow token is read-only; setpermissions: contents: writeon the job or enable write permissions in the repository Actions settings. GH006: Protected branch update failedmeans the target branch's protection rules block direct pushes; push to a non-protected branch or exempt the bot/app from the rule.- The action reporting a detached HEAD on pull_request events means checkout used the merge ref; check out
github.head_refexplicitly.
Security and pinning
- Scope the job to
contents: writeonly, the action needs nothing else. Pin the action to a commit SHA. - Avoid running it on
pull_request_targetwith untrusted fork code checked out; that combination lets fork changes be committed with elevated credentials, which is why the action emits a warning on that event.
Alternatives and related
peter-evans/create-pull-requestCommit changes made during a workflow and open (or update) a pull request with them.
actions/github-scriptRun inline JavaScript with a preauthenticated GitHub API client, no separate action needed.
Frequently asked questions
Should I auto-commit to the branch or open a PR with the changes?
Auto-commit is fine for changes to the same PR branch (formatting fixes). For changes to protected branches or anything needing review, use peter-evans/create-pull-request to propose the diff instead.