feat: create signed commit action (#1)

Author: andrelin

.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[{*.yml,*.yaml}]
+indent_size = 2

.github/renovate.json

@@ -0,0 +1,4 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["github>statens-pensjonskasse/renovate-presets:weekly-grouped-non-major"]
+}

.github/workflows/build-and-release.yaml

@@ -0,0 +1,18 @@
+name: Build & Release
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  build-and-publish:
+    uses: statens-pensjonskasse/public-actions-library/.github/workflows/build-action-node.yaml@558b9ead422abd24faaa3d54b1735b3f14a67fc5 #v0.2.5
+    permissions:
+      contents: write
+      packages: write
+    secrets: inherit
+    with:
+      node-version: '24'

.gitignore

@@ -0,0 +1,4 @@
+node_modules/
+lib/
+.idea
+

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025 Statens Pensjonskasse (SPK)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

@@ -1,2 +1,114 @@
-# gha-create-signed-commit
-gha-create-signed-commit eies og forvaltes av team-appark
+# Create Signed Commit Action
+
+Creates a signed commit using the GitHub API without pushing it, allowing batch commit operations.
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+## Table of Contents
+
+- [Quick Start](#quick-start)
+- [Inputs](#inputs)
+- [Outputs](#outputs)
+- [Multiple Commits Example](#multiple-commits-example)
+- [Notes](#notes)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Quick Start
+
+```yaml
+# Commit all changed files on current branch
+- uses: statens-pensjonskasse/github-actions-library/actions/versioning/create-signed-commit@COMMIT_SHA # vX.X.X
+  with:
+    token: ${{ secrets.GITHUB_TOKEN }}
+    message: 'Update files'
+
+# Commit specific paths (files, folders, wildcards)
+- uses: statens-pensjonskasse/github-actions-library/actions/versioning/create-signed-commit@COMMIT_SHA # vX.X.X
+  with:
+    token: ${{ secrets.GITHUB_TOKEN }}
+    message: 'Update config'
+    paths: |
+      config/
+      README.md
+      actions/*/dist
+
+# Commit and push immediately
+- uses: statens-pensjonskasse/github-actions-library/actions/versioning/create-signed-commit@COMMIT_SHA # vX.X.X
+  with:
+    token: ${{ secrets.GITHUB_TOKEN }}
+    message: 'Update and push'
+    push: true
+
+# Create commit from specific parent
+- uses: statens-pensjonskasse/github-actions-library/actions/versioning/create-signed-commit@COMMIT_SHA # vX.X.X
+  with:
+    token: ${{ secrets.GITHUB_TOKEN }}
+    message: 'Cherry-pick changes'
+    parent-commit: 'abc123def456'
+```
+
+## Inputs
+
+| Name | Required | Default | Description |
+| ------ | ---------- | ------- | ------------- |
+| `token` | Yes | | GitHub token with write permissions |
+| `message` | Yes | | Commit message |
+| `branch` | No | Current branch | Branch to commit to |
+| `paths` | No | All changes | Paths to commit (files, folders, wildcards; newline-separated) |
+| `repository` | No | Current repo | Repository in `owner/repo` format |
+| `working-directory` | No | `.` | Working directory |
+| `fail-on-no-changes` | No | `true` | Fail if no changes detected |
+| `fetch-commit` | No | `true` | Fetch the created commit locally |
+| `push` | No | `false` | Push the commit to the remote branch after creation |
+| `parent-commit` | No | Current branch HEAD | SHA of the parent commit (must be a valid 40-character Git SHA-1 hash) |
+
+## Outputs
+
+- `commit-sha` - SHA of the created commit
+- `tree-sha` - SHA of the created tree
+
+## Multiple Commits Example
+
+Create multiple commits and push them together:
+
+```yaml
+- name: Create release commit
+  id: release_commit
+  uses: statens-pensjonskasse/github-actions-library/actions/versioning/create-signed-commit@COMMIT_SHA # vX.X.X
+  with:
+    token: ${{ secrets.GITHUB_TOKEN }}
+    branch: main
+    message: 'chore: release version 1.0.0'
+    paths: pom.xml
+
+- name: Create snapshot commit
+  id: snapshot_commit
+  uses: statens-pensjonskasse/github-actions-library/actions/versioning/create-signed-commit@COMMIT_SHA # vX.X.X
+  with:
+    token: ${{ secrets.GITHUB_TOKEN }}
+    branch: main
+    message: 'chore: update to snapshot version'
+    paths: pom.xml
+
+- name: Push both commits
+  uses: actions/github-script@v7 # 60a0d83039c74a4aee543508d2ffcb1c3799cdea
+  with:
+    script: |
+      // Pushing the last commit SHA pushes all commits in the chain
+      await github.rest.git.updateRef({
+        owner: context.repo.owner,
+        repo: context.repo.repo,
+        ref: 'heads/main',
+        sha: '${{ steps.snapshot_commit.outputs.commit-sha }}',
+        force: false
+      });
+```
+
+## Notes
+
+- Commits are automatically signed by GitHub
+- Commits are chained - pushing the last commit SHA pushes all parent commits
+- Use `force: false` to prevent accidental overwrites
+- Token needs `contents: write` permission
+- Branch protection rules apply

action.yml

@@ -0,0 +1,50 @@
+name: 'Create Signed Commit'
+description: 'Create a signed commit using the GitHub API without pushing it'
+
+inputs:
+  working-directory:
+    description: 'Working directory for git operations'
+    required: false
+    default: '.'
+  token:
+    description: 'GitHub token with permissions to access the repository'
+    required: true
+  message:
+    description: 'The commit message'
+    required: true
+  repository:
+    description: 'The repository in format owner/repo'
+    required: false
+    default: ${{ github.repository }}
+  branch:
+    description: 'The branch to create the commit on'
+    required: false
+    default: ${{ github.ref_name }}
+  fail-on-no-changes:
+    description: 'Fail if there are no changes to commit'
+    required: false
+    default: 'true'
+  paths:
+    description: 'Newline-separated list of file and/or folder paths to commit. If not specified, commits all changed files.'
+    required: false
+  fetch-commit:
+    description: 'Fetch the created commit locally after creation'
+    required: false
+    default: 'true'
+  push:
+    description: 'Push the commit to the remote branch after creation'
+    required: false
+    default: 'false'
+  parent-commit:
+    description: 'SHA of the parent commit. If not specified, uses the current HEAD of the branch'
+    required: false
+
+outputs:
+  commit-sha:
+    description: 'The SHA of the created commit'
+  tree-sha:
+    description: 'The SHA of the created tree'
+
+runs:
+  using: 'node24'
+  main: 'dist/index.js'

biome.json

@@ -0,0 +1,34 @@
+{
+    "$schema": "https://biomejs.dev/schemas/2.3.10/schema.json",
+    "extends": ["@statens-pensjonskasse/biome/config"],
+    "linter": {
+        "enabled": true,
+        "rules": {
+            "recommended": true
+        }
+    },
+    "formatter": {
+        "enabled": true,
+        "useEditorconfig": true,
+        "formatWithErrors": false,
+        "indentStyle": "space",
+        "indentWidth": 4,
+        "lineEnding": "lf",
+        "lineWidth": 120,
+        "attributePosition": "auto",
+        "bracketSpacing": true
+    },
+    "javascript": {
+        "formatter": {
+            "jsxQuoteStyle": "double",
+            "quoteProperties": "asNeeded",
+            "trailingCommas": "all",
+            "semicolons": "always",
+            "arrowParentheses": "always",
+            "bracketSameLine": false,
+            "quoteStyle": "single",
+            "attributePosition": "auto",
+            "bracketSpacing": true
+        }
+    }
+}

dist/blob-creator.d.ts

@@ -0,0 +1,23 @@
+import type * as github from '@actions/github';
+import type { FileChange } from './types';
+type Octokit = ReturnType<typeof github.getOctokit>;
+/**
+ * Tree item for GitHub API
+ */
+interface TreeItem {
+    path: string;
+    mode: '100644' | '100755';
+    type: 'blob';
+    sha: string;
+}
+/**
+ * Create blobs in batches to avoid overwhelming the API
+ * @param files Array of file changes to create blobs for
+ * @param octokit GitHub API client
+ * @param owner Repository owner
+ * @param repo Repository name
+ * @param batchSize Number of blobs to create concurrently (default: 10)
+ * @returns Array of tree items
+ */
+export declare function createBlobsInBatches(files: FileChange[], octokit: Octokit, owner: string, repo: string, batchSize?: number): Promise<TreeItem[]>;
+export {};

dist/commit-creator.d.ts

@@ -0,0 +1,7 @@
+import type { ActionInputs, CommitResult } from './types';
+/**
+ * Create a signed commit using the GitHub API
+ * @param inputs The action inputs
+ * @returns The commit and tree SHA
+ */
+export declare function createSignedCommit(inputs: ActionInputs): Promise<CommitResult>;