humanhash 0.2.1

Deterministic, BIP39-encoded human-readable fingerprints of digests. Same hash always renders the same short, memorable, dash-separated word string.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

# humanhash · GitHub Action

Deterministic, BIP39-encoded human-readable fingerprint of a hash, digest, or UUID — as a GitHub Action.

```yaml
- uses: deepgram/humanhash/action@v0.2.0
  id: hh
  with:
    hash: ${{ github.sha }}
- run: echo "Build tag = ${{ steps.hh.outputs.humanhash }}"
# Build tag = obvious-dry-burst-debate
```

Same input always produces the same output. The action downloads a prebuilt binary from the matching `humanhash` GitHub Release, so consumer runners need no Rust toolchain.

## Inputs

| Name | Required | Default | Description |
|---|---|---|---|
| `hash` | yes | — | Hex string to fingerprint. Tolerates `0x` / `urn:uuid:` prefix, UUID dashes, and whitespace. |
| `words` | no | `4` | Word count (`1`..=`5`). 4 words ≈ 17.6 trillion fingerprints. |
| `separator` | no | `-` | String joining the words. |
| `version` | no | shipped version | Override the binary version (without leading `v`). Normally you want the default. |

## Outputs

| Name | Description |
|---|---|
| `humanhash` | The deterministic word fingerprint. |

## Examples

### Friendly name on every CI run

```yaml
- uses: deepgram/humanhash/action@v0.2.0
  id: hh
  with:
    hash: ${{ github.sha }}
- run: |
    echo "::notice::This run = ${{ steps.hh.outputs.humanhash }}"
```

### UUID-named release artifact

```yaml
- uses: deepgram/humanhash/action@v0.2.0
  id: hh
  with:
    hash: ${{ github.run_id }}-${{ github.sha }}
    words: 3
    separator: "_"
- run: tar czf "release-${{ steps.hh.outputs.humanhash }}.tar.gz" dist/
```

### PR comment with a memorable build name

```yaml
- uses: deepgram/humanhash/action@v0.2.0
  id: hh
  with:
    hash: ${{ github.event.pull_request.head.sha }}
- uses: peter-evans/create-or-update-comment@v4
  with:
    issue-number: ${{ github.event.pull_request.number }}
    body: |
      Preview deployed: **${{ steps.hh.outputs.humanhash }}** ·
      `${{ github.event.pull_request.head.sha }}`
```

## Pinning

Two equivalent ways to pin:

```yaml
uses: deepgram/humanhash/action@v0.2.0                       # standard semver
uses: deepgram/humanhash/action@correct-horse-battery-staple # humanhash of the release commit
```

Every release publishes both: a SemVer git tag (`v0.2.0`) **and** an extra annotated git tag whose name is the humanhash of the release commit's SHA. They point at the exact same commit.

The humanhash tag is a fingerprint, **not** a cryptographic anchor. The 44-bit fingerprint space (~17.6 trillion) makes accidental collisions astronomically unlikely but a determined attacker with non-trivial compute could grind out a colliding commit. Treat it as a memorability-and-integrity-signal hybrid, not as a substitute for signed tags or `commit-ish` SHAs. For the strictest supply-chain posture, pin to a full SHA: `uses: deepgram/humanhash/action@<full-sha>`.

## Supported runners

Prebuilt binaries are published for:

- `ubuntu-latest` (linux x64)
- `ubuntu-24.04-arm` and self-hosted linux arm64
- `macos-latest` (macOS arm64)
- `macos-13` (macOS Intel)
- `windows-latest` (windows x64)

## License

[Unlicense](../LICENSE).