create-or-update-comment | A GitHub action to create or update an issue or pull request comment | Continous Integration library

by peter-evans TypeScript Version: v3.0.2 License: MIT

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | create-or-update-comment Summary

create-or-update-comment is a TypeScript library typically used in Devops, Continous Integration applications. create-or-update-comment has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

A GitHub action to create or update an issue or pull request comment. This action was created to help facilitate a GitHub Actions "ChatOps" solution in conjunction with slash-command-dispatch action.

Support

Quality

Security

License

Reuse

Support

create-or-update-comment has a low active ecosystem.

It has 435 star(s) with 82 fork(s). There are 7 watchers for this library.

There were 1 major release(s) in the last 12 months.

There are 2 open issues and 47 have been closed. On average issues are closed in 10 days. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of create-or-update-comment is v3.0.2

Quality

create-or-update-comment has 0 bugs and 0 code smells.

Security

create-or-update-comment has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

create-or-update-comment code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

create-or-update-comment is licensed under the MIT License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

create-or-update-comment releases are available to install and integrate.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed create-or-update-comment and discovered the below as its top functions. This is intended to give you an instant insight into create-or-update-comment implemented functionality, and help decide if they suit your requirements.

Fetches remote resource
Parses an IP address .
Run generation function .
Create a wrapper for fetching requests
Consume a Body .
Parse request parameter
Get node request options .
Gets all values in a context .
The state machine class
Parse response body .

Get all kandi verified functions for this library.

create-or-update-comment Key Features

No Key Features are available at this moment for create-or-update-comment.

create-or-update-comment Examples and Code Snippets

No Code Snippets are available at this moment for create-or-update-comment.

Community Discussions

Trending Discussions on create-or-update-comment

How does "unpublishing" a GitHub Action from the Marketplace works? Is it possible? Are published versions safe?

QUESTION

How does "unpublishing" a GitHub Action from the Marketplace works? Is it possible? Are published versions safe?

Asked 2020-Dec-18 at 13:34

I couldn't find much about whether "unpublishing" a GitHub Action from the Marketplace is possible, as of Dec, 2020.

There is a lot of doc regarding "how to publish", but couldn't find anything about unpublishing.

Am I using a bad keyword? Am I understand how publishing work correctly? I had assumed published actions are different from public actions available on GitHub directly, but I'm not so sure anymore.

Also, I read https://julienrenaux.fr/2019/12/20/github-actions-security-risk/, which basically states there is a huge security issue by blindly using something like peter-evans/create-or-update-comment@v1 without using a specific hash. But I haven't seen use of hashes anywhere so far.

Here is an example of code that we actually use in our company, in our GitHub Action:

...

ANSWER

Answered 2020-Dec-18 at 13:34

So, there were 2 questions at hand:

What is the role of the GitHub Actions Marketplace?
How to unpublish an action published in GitHub Actions Marketplace?

About 1), unlike what I assumed, the role of the Marketplace is limited to indexing GitHub Actions, so that they're easier to find. It's very different from NPM, which is to secure the published packages so that no one can temper with them.

Because Actions are referenced using their GitHub path, an author can destroy their own action any time. Deleting their repository or marking it private are actions that will break all existing integrations right away.

Short story: Forking and referencing actions you use using their hash/SHA is the only way to build resilient actions that won't break your CI when someone changes their branch/tag, or delete/hide their GitHub repository.
Long story: See https://github.com/UnlyEd/next-right-now/discussions/223

About 2), by "unpublishing" an Action from the Marketplace, what you really do is "deindex" it, that's all. You don't destroy anything nor break any workflow, you only remove it from the marketplace, and it won't be shown anymore.

You can do so by editing your releases (on GitHub) and uncheck the "Publish this action to the GitHub Marketplace".

See https://docs.github.com/en/free-pro-team@latest/actions/creating-actions/publishing-actions-in-github-marketplace#removing-an-action-from-github-marketplace

Source https://stackoverflow.com/questions/65319710

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install create-or-update-comment

You can download it from GitHub.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: