Add alternative actions

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/ISSUE_TEMPLATE/config.yml

@@ -5,4 +5,4 @@ contact_links:
     about: If you can't get something to work the way you expect, open a question in our discussion forums.
   - name: Feature Request
     url: https://github.com/stefanzweifel/git-auto-commit-action/discussions/new?category=ideas
-    about: 'Suggest any ideas you have using our discussion forums.'
+    about: "Suggest any ideas you have using our discussion forums."

.github/SECURITY.md

@@ -0,0 +1,3 @@
+# Security Policy
+
+If you discover any security related issues, please email stefan@stefanzweifel.dev instead of using the issue tracker.

.github/workflows/git-auto-commit.yml

@@ -16,7 +16,7 @@ jobs:
       contents: write
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         ref: ${{ github.head_ref }}
 

.github/workflows/linter.yml

@@ -9,7 +9,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Lint Code Base
         uses: github/super-linter@v7

.github/workflows/tests.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
 
     - name: Install testing dependencies
       run: yarn install

.github/workflows/update-changelog.yaml

@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: master
 

CHANGELOG.md

@@ -5,10 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [Unreleased](https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...HEAD)
+## [Unreleased](https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.1.0...HEAD)
 
 > TBD
 
+## [v7.1.0](https://github.com/stefanzweifel/git-auto-commit-action/compare/v7.0.0...v7.1.0) - 2025-12-17
+
+### Added
+
+- Add skip_push input option ([#401](https://github.com/stefanzweifel/git-auto-commit-action/pull/401)) [@kvanzuijlen](https://github.com/@kvanzuijlen)
+
+### Changes
+
+- docs: fix typo in README.md ([#400](https://github.com/stefanzweifel/git-auto-commit-action/pull/400)) [@GideonBear](https://github.com/@GideonBear)
+
+### Dependency Updates
+
+- Bump actions/checkout from 5 to 6 ([#399](https://github.com/stefanzweifel/git-auto-commit-action/pull/399)) [@[dependabot[bot]](https://github.com/apps/dependabot)](https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot))
+- Bump bats from 1.12.0 to 1.13.0 ([#398](https://github.com/stefanzweifel/git-auto-commit-action/pull/398)) [@[dependabot[bot]](https://github.com/apps/dependabot)](https://github.com/@[dependabot[bot]](https://github.com/apps/dependabot))
+
 ## [v7.0.0](https://github.com/stefanzweifel/git-auto-commit-action/compare/v6.0.1...v7.0.0) - 2025-10-12
 
 ### Added

README.md

@@ -11,6 +11,11 @@ By default, the commit is made in the name of "GitHub Actions" and co-authored b
 
 If you want to learn more how this Action works under the hood, check out [this article](https://michaelheap.com/git-auto-commit/) by Michael Heap.
 
+If your use case is not covered by git-auto-commit, you might want to check out the following alternative Actions:
+
+- [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action)
+- [EndBug/add-and-commit](https://github.com/EndBug/add-and-commit)
+
 ## Usage
 
 Adding git-auto-commit to your Workflow only takes a couple lines of code.
@@ -42,6 +47,8 @@ jobs:
       - uses: actions/checkout@v5
         with:
           ref: ${{ github.head_ref }}
+          # Value already defaults to true, but `persist-credentials` is required to push new commits to the repository.
+          persist-credentials: true
 
       # Other steps that change files in the repository go here
       # …
@@ -116,6 +123,9 @@ The following is an extended example with all available options.
     # Optional. Skip internal call to `git checkout`
     skip_checkout: true
     
+    # Optional. Skip internal call to `git push`
+    skip_push: true
+
     # Optional. Prevents the shell from expanding filenames. 
     # Details: https://www.gnu.org/software/bash/manual/html_node/Filename-Expansion.html
     disable_globbing: true
@@ -216,7 +226,7 @@ If this Action doesn't work for your workflow, check out [EndBug/add-and-commit]
 
 ### Checkout the correct branch
 
-You must use `action/checkout@v2` or later versions to check out the repository.
+You must use `actions/checkout@v2` or later versions to check out the repository.
 In non-`push` events, such as `pull_request`, make sure to specify the `ref` to check out:
 
 ```yaml
@@ -441,7 +451,9 @@ Make sure to [checkout the correct branch](#checkout-the-correct-branch).
 If your Workflow can't push the commit to the repository because of authentication issues,
 please update your Workflow configuration and usage of [`actions/checkout`](https://github.com/actions/checkout#usage).
 
-Updating the `token` value with a Personal Access Token should fix your issues.
+Please note that `persist-credentials` in `actions/checkout` must be set to `true` to push new commits to the repository.
+
+If you still can't push the commit, and you're using branch protection rules or similar features, updating the `token` value with a Personal Access Token should fix your issues.
 
 ### git-auto-commit fails to push commit that creates or updates files in `.github/workflows/`
 

action.yml

@@ -68,6 +68,10 @@ inputs:
     description: Skip the call to git-checkout.
     required: false
     default: false
+  skip_push:
+    description: Skip the call to git-push.
+    required: false
+    default: false
   disable_globbing:
     description: Stop the shell from expanding filenames (https://www.gnu.org/software/bash/manual/html_node/Filename-Expansion.html)
     default: false

entrypoint.sh

@@ -191,6 +191,10 @@ _tag_commit() {
 }
 
 _push_to_github() {
+    if "$INPUT_SKIP_PUSH"; then
+        _log "debug" "git-push will not be executed.";
+        return
+    fi
 
     echo "INPUT_BRANCH value: $INPUT_BRANCH";
 

package-lock.json

@@ -5,15 +5,15 @@
   "packages": {
     "": {
       "devDependencies": {
-        "bats": "^1.12.0",
+        "bats": "^1.13.0",
         "bats-assert": "ztombol/bats-assert",
         "bats-support": "ztombol/bats-support"
       }
     },
     "node_modules/bats": {
-      "version": "1.12.0",
-      "resolved": "https://registry.npmjs.org/bats/-/bats-1.12.0.tgz",
-      "integrity": "sha512-1HTv2n+fjn3bmY9SNDgmzS6bjoKtVlSK2pIHON5aSA2xaqGkZFoCCWP46/G6jm9zZ7MCi84mD+3Byw4t3KGwBg==",
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/bats/-/bats-1.13.0.tgz",
+      "integrity": "sha512-giSYKGTOcPZyJDbfbTtzAedLcNWdjCLbXYU3/MwPnjyvDXzu6Dgw8d2M+8jHhZXSmsCMSQqCp+YBsJ603UO4vQ==",
       "dev": true,
       "license": "MIT",
       "bin": {

package.json

@@ -1,6 +1,6 @@
 {
   "devDependencies": {
-    "bats": "^1.12.0",
+    "bats": "^1.13.0",
     "bats-assert": "ztombol/bats-assert",
     "bats-support": "ztombol/bats-support"
   },

tests/git-auto-commit.bats

@@ -38,6 +38,7 @@ setup() {
     export INPUT_SKIP_DIRTY_CHECK=false
     export INPUT_SKIP_FETCH=false
     export INPUT_SKIP_CHECKOUT=false
+    export INPUT_SKIP_PUSH=false
     export INPUT_DISABLE_GLOBBING=false
     export INPUT_CREATE_BRANCH=false
     export INPUT_INTERNAL_GIT_BINARY=git
@@ -352,6 +353,24 @@ cat_github_output() {
     assert_equal $current_sha $remote_sha
 }
 
+@test "If SKIP_PUSH is true git-push will not be called" {
+    touch "${FAKE_LOCAL_REPOSITORY}"/new-file-{1,2,3}.txt
+
+    INPUT_SKIP_PUSH=true
+
+    run git_auto_commit
+
+    assert_success
+
+    assert_line "::debug::git-push will not be executed."
+
+    # Assert that the sha values are not equal on local and remote
+    current_sha="$(git rev-parse --verify --short ${FAKE_DEFAULT_BRANCH})"
+    remote_sha="$(git rev-parse --verify --short origin/${FAKE_DEFAULT_BRANCH})"
+
+    refute [assert_equal $current_sha $remote_sha]
+}
+
 @test "It can checkout a different branch" {
     # Create foo-branch and then immediately switch back to ${FAKE_DEFAULT_BRANCH}
     git checkout -b foo