Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Grants the specified apps push access for this branch. Only GitHub Apps that are installed on the repository and that have been granted write access to the repository contents can be added as authorized actors on a protected branch.
This endpoint triggers notifications. Creating content too quickly using this endpoint may result in secondary rate limiting. For more information, see "Rate limits for the API" and "Best practices for using the REST API." Adding an outside collaborator may be restricted by enterprise administrators. For more information, see "Enforcing repository management policies in your enterprise." For more information on permission levels, see "Repository permission levels for an organization". There are restrictions on which permissions can be granted to organization members when an organization base role is in place. In this case, the permission being given must be equal to or higher than the org base permission. Otherwise, the request will fail with: Cannot assign {member} permission of {role name} Note that, if you choose not to pass any parameters, you’ll need to set Content-Length to zero when calling out to this endpoint. For more information, see "HTTP method." The invitee will receive a notification that they have been invited to the repository, which they must accept or decline. They may do this via the notifications page, the email they receive, or by using the API. Updating an existing collaborator’s permission level The endpoint can also be used to change the permissions of an existing collaborator without first removing and re-adding the collaborator. To change the permissions, use the same endpoint and pass a different permission parameter. The response will be a 204, with no other indication that the permission level changed. Rate limits You are limited to sending 50 invitations to a repository per 24 hour period. Note there is no limit if you are inviting organization members to an organization repository.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Grants the specified teams push access for this branch. You can also give push access to child teams.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Grants the specified people push access for this branch. | Type | Description | | —–– | —————————————————————————————————————————– | | array | Usernames for people who can have push access. Note: The list of users, apps, and teams in total is limited to 100 items. |
Shows whether automated security fixes are enabled, disabled or paused for a repository. The authenticated user must have admin read access to the repository. For more information, see "Configuring automated security fixes".
For organization-owned repositories, the list of collaborators includes outside collaborators, organization members that are direct collaborators, organization members with access through team memberships, organization members with access through default organization permissions, and organization owners. Team members will include the members of child teams. The authenticated user must have push access to the repository to use this endpoint. OAuth app tokens and personal access tokens (classic) need the read:org and repo scopes to use this endpoint.
Shows whether dependency alerts are enabled or disabled for a repository. The authenticated user must have admin read access to the repository. For more information, see "About security alerts for vulnerable dependencies".
Deprecated: Use repos.compareCommitsWithBasehead() (GET /repos/{owner}/{repo}/compare/{basehead}) instead. Both :base and :head must be branch names in :repo. To compare branches across other repositories in the same network as :repo, use the format <USERNAME>:branch. The response from the API is equivalent to running the git log base..head command; however, commits are returned in chronological order. Pass the appropriate media type to fetch diff and patch formats. The response also includes details on the files that were changed between the two commits. This includes the status of the change (for example, if a file was added, removed, modified, or renamed), and details of the change itself. For example, files with a renamed status have a previous_filename field showing the previous filename of the file, and files with a modified status have a patch field showing the changes made to the file. Working with large comparisons To process a response with a large number of commits, you can use (per_page or page) to paginate the results. When using paging, the list of changed files is only returned with page 1, but includes all changed files for the entire comparison. For more information on working with pagination, see "Traversing with pagination." When calling this API without any paging parameters (per_page or page), the returned list is limited to 250 commits and the last commit in the list is the most recent of the entire comparison. When a paging parameter is specified, the first commit in the returned list of each page is the earliest. Signature verification object The response will include a verification object that describes the result of verifying the commit’s signature. The following fields are included in the verification object: | Name | Type | Description | | –– | –– | ———– | | verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. | | reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. | | signature | string | The signature that was extracted from the commit. | | payload | string | The value that was signed. | These are the possible values for reason in the verification object: | Value | Description | | —– | ———– | | expired_key | The key that made the signature is expired. | | not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. | | gpgverify_error | There was an error communicating with the signature verification service. | | gpgverify_unavailable | The signature verification service is currently unavailable. | | unsigned | The object does not include a signature. | | unknown_signature_type | A non-PGP signature was found in the commit. | | no_user | No user was associated with the committer email address in the commit. | | unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on her/his account. | | bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. | | unknown_key | The key that made the signature has not been registered with any user’s account. | | malformed_signature | There was an error parsing the signature. | | invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. | | valid | None of the above errors applied, so the signature is considered to be verified. |
Compares two commits against one another. You can compare refs (branches or tags) and commit SHAs in the same repository, or you can compare refs and commit SHAs that exist in different repositories within the same repository network, including fork branches. For more information about how to view a repository’s network, see "Understanding connections between repositories." This endpoint is equivalent to running the git log BASE..HEAD command, but it returns commits in a different order. The git log BASE..HEAD command returns commits in reverse chronological order, whereas the API returns commits in chronological order. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github.diff: Returns the diff of the commit. - application/vnd.github.patch: Returns the patch of the commit. Diffs with binary data will have no patch property. The API response includes details about the files that were changed between the two commits. This includes the status of the change (if a file was added, removed, modified, or renamed), and details of the change itself. For example, files with a renamed status have a previous_filename field showing the previous filename of the file, and files with a modified status have a patch field showing the changes made to the file. When calling this endpoint without any paging parameter (per_page or page), the returned list is limited to 250 commits, and the last commit in the list is the most recent of the entire comparison. Working with large comparisons To process a response with a large number of commits, use a query parameter (per_page or page) to paginate the results. When using pagination: - The list of changed files is only shown on the first page of results, but it includes all changed files for the entire comparison. - The results are returned in chronological order, but the last commit in the returned list may not be the most recent one in the entire set if there are more pages of results. For more information on working with pagination, see "Using pagination in the REST API." Signature verification object The response will include a verification object that describes the result of verifying the commit’s signature. The verification object includes the following fields: | Name | Type | Description | | –– | –– | ———– | | verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. | | reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. | | signature | string | The signature that was extracted from the commit. | | payload | string | The value that was signed. | These are the possible values for reason in the verification object: | Value | Description | | —– | ———– | | expired_key | The key that made the signature is expired. | | not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. | | gpgverify_error | There was an error communicating with the signature verification service. | | gpgverify_unavailable | The signature verification service is currently unavailable. | | unsigned | The object does not include a signature. | | unknown_signature_type | A non-PGP signature was found in the commit. | | no_user | No user was associated with the committer email address in the commit. | | unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. | | bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. | | unknown_key | The key that made the signature has not been registered with any user’s account. | | malformed_signature | There was an error parsing the signature. | | invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. | | valid | None of the above errors applied, so the signature is considered to be verified. |
Create a comment for a commit using its :commit_sha. This endpoint triggers notifications. Creating content too quickly using this endpoint may result in secondary rate limiting. For more information, see "Rate limits for the API" and "Best practices for using the REST API." This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type. - application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text. - application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body’s markdown. Response will include body_html. - application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. When authenticated with admin or owner permissions to the repository, you can use this endpoint to require signed commits on a branch. You must enable branch protection to require signed commits.
Users with push access in a repository can create commit statuses for a given SHA. Note: there is a limit of 1000 statuses per sha and context within a repository. Attempts to create more than 1000 statuses will result in a validation error.
Deployments offer a few configurable parameters with certain defaults. The ref parameter can be any named branch, tag, or SHA. At GitHub we often deploy branches and verify them before we merge a pull request. The environment parameter allows deployments to be issued to different runtime environments. Teams often have multiple environments for verifying their applications, such as production, staging, and qa. This parameter makes it easier to track which environments have requested deployments. The default environment is production. The auto_merge parameter is used to ensure that the requested ref is not behind the repository’s default branch. If the ref is behind the default branch for the repository, we will attempt to merge it for you. If the merge succeeds, the API will return a successful merge commit. If merge conflicts prevent the merge from succeeding, the API will return a failure response. By default, commit statuses for every submitted context must be in a success state. The required_contexts parameter allows you to specify a subset of contexts that must be success, or to specify contexts that have not yet been submitted. You are not required to use commit statuses to deploy. If you do not require any contexts or create any commit statuses, the deployment will always succeed. The payload parameter is available for any extra information that a deployment system might need. It is a JSON text field that will be passed on when a deployment event is dispatched. The task parameter is used by the deployment system to allow different execution paths. In the web world this might be deploy:migrations to run schema changes on the system. In the compiled world this could be a flag to compile an application with debugging enabled. Merged branch response: You will see this response when GitHub automatically merges the base branch into the topic branch instead of creating a deployment. This auto-merge happens when: * Auto-merge option is enabled in the repository * Topic branch does not include the latest changes on the base branch, which is master in the response example * There are no merge conflicts If there are no new commits in the base branch, a new request to create a deployment should give a successful response. Merge conflict response: This error happens when the auto_merge option is enabled and when the default branch (in this case master), can’t be merged into the branch that’s being deployed (in this case topic-branch), due to merge conflicts. Failed commit status checks: This error happens when the required_contexts parameter indicates that one or more contexts need to have a success status for the commit to be deployed, but one or more of the required contexts do not have a state of success. OAuth app tokens and personal access tokens (classic) need the repo or repo_deployment scope to use this endpoint.
Creates a deployment branch or tag policy for an environment. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Enable a custom deployment protection rule for an environment. The authenticated user must have admin or owner permissions to the repository to use this endpoint. For more information about the app that is providing this custom deployment rule, see the documentation for the GET /apps/{app_slug} endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Users with push access can create deployment statuses for a given deployment. OAuth app tokens and personal access tokens (classic) need the repo_deployment scope to use this endpoint.
You can use this endpoint to trigger a webhook event called repository_dispatch when you want activity that happens outside of GitHub to trigger a GitHub Actions workflow or GitHub App webhook. You must configure your GitHub Actions workflow or GitHub App to run when the repository_dispatch event occurs. For an example repository_dispatch webhook payload, see "RepositoryDispatchEvent." The client_payload parameter is available for any extra information that your workflow might need. This parameter is a JSON payload that will be passed on when the webhook event is dispatched. For example, the client_payload can include a message that a user would like to send using a GitHub Actions workflow. Or the client_payload can be used as a test to debug your workflow. This input example shows how you can use the client_payload as a test to debug your workflow. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Creates a new repository for the authenticated user. OAuth app tokens and personal access tokens (classic) need the public_repo or repo scope to create a public repository, and repo scope to create a private repository.
Create a fork for the authenticated user. Note: Forking a Repository happens asynchronously. You may have to wait a short period of time before you can access the git objects. If this takes longer than 5 minutes, be sure to contact GitHub Support. Note: Although this endpoint works with GitHub Apps, the GitHub App must be installed on the destination account with access to all repositories and on the source account with access to the source repository.
Creates a new repository in the specified organization. The authenticated user must be a member of the organization. OAuth app tokens and personal access tokens (classic) need the public_repo or repo scope to create a public repository, and repo scope to create a private repository.
Create new or update existing custom property values for a repository. Using a value of null for a custom property will remove or ‘unset’ the property value from the repository. Repository admins and other users with the repository-level "edit custom property values" fine-grained permission can use this endpoint.
Create or update an environment with protection rules, such as required reviewers. For more information about environment protection rules, see "Environments." Note: To create or update name patterns that branches must match in order to deploy to this environment, see "Deployment branch policies." Note: To create or update secrets for an environment, see "GitHub Actions secrets." OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Creates a new file or replaces an existing file in a repository. Note: If you use this endpoint and the "Delete a file" endpoint in parallel, the concurrent requests will conflict and you will receive errors. You must use these endpoints serially instead. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. The workflow scope is also required in order to modify files in the .github/workflows directory.
Configures a GitHub Pages site. For more information, see "About GitHub Pages." The authenticated user must be a repository administrator, maintainer, or have the ‘manage GitHub Pages settings’ permission. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Creates a new repository using a repository template. Use the template_owner and template_repo route parameters to specify the repository to use as the template. If the repository is not public, the authenticated user must own or be a member of an organization that owns the repository. To check if a repository is available to use as a template, get the repository’s information using the Get a repository endpoint and check that the is_template key is true. OAuth app tokens and personal access tokens (classic) need the public_repo or repo scope to create a public repository, and repo scope to create a private repository.
Repositories can have multiple webhooks installed. Each webhook should have a unique config. Multiple webhooks can share the same config as long as those webhooks do not have any events that overlap.
Deleting a repository requires admin access. If an organization owner has configured the organization to prevent members from deleting organization-owned repositories, you will get a 403 Forbidden response. OAuth app tokens and personal access tokens (classic) need the delete_repo scope to use this endpoint.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Disables the ability to restrict who can push to this branch.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Removing admin enforcement requires admin or owner permissions to the repository and branch protection to be enabled.
This deletes a single autolink reference by ID that was configured for the given repository. Information about autolinks are only available to repository administrators.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. When authenticated with admin or owner permissions to the repository, you can use this endpoint to disable required signed commits on a branch. You must enable branch protection to require signed commits.
If the repository only has one deployment, you can delete the deployment regardless of its status. If the repository has more than one deployment, you can only delete inactive deployments. This ensures that repositories with multiple deployments will always have an active deployment. To set a deployment as inactive, you must: * Create a new deployment that is active so that the system has a record of the current state, then delete the previously active deployment. * Mark the active deployment as inactive by adding any non-successful deployment status. For more information, see "Create a deployment" and "Create a deployment status." OAuth app tokens and personal access tokens (classic) need the repo or repo_deployment scope to use this endpoint.
Deletes a deployment branch or tag policy for an environment. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Deletes a file in a repository. You can provide an additional committer parameter, which is an object containing information about the committer. Or, you can provide an author parameter, which is an object containing information about the author. The author section is optional and is filled in with the committer information if omitted. If the committer information is omitted, the authenticated user’s information is used. You must provide values for both name and email, whether you choose to use author or committer. Otherwise, you’ll receive a 422 status code. Note: If you use this endpoint and the "Create or update file contents" endpoint in parallel, the concurrent requests will conflict and you will receive errors. You must use these endpoints serially instead.
Deletes a GitHub Pages site. For more information, see "About GitHub Pages. The authenticated user must be a repository administrator, maintainer, or have the ‘manage GitHub Pages settings’ permission. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Disables automated security fixes for a repository. The authenticated user must have admin access to the repository. For more information, see "Configuring automated security fixes".
Disables a custom deployment protection rule for an environment. The authenticated user must have admin or owner permissions to the repository to use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Disables private vulnerability reporting for a repository. The authenticated user must have admin access to the repository. For more information, see "Privately reporting a security vulnerability".
Disables dependency alerts and the dependency graph for a repository. The authenticated user must have admin access to the repository. For more information, see "About security alerts for vulnerable dependencies".
Gets a redirect URL to download a tar archive for a repository. If you omit :ref, the repository’s default branch (usually main) will be used. Please make sure your HTTP framework is configured to follow redirects or you will need to use the Location header to make a second GET request. Note: For private repositories, these links are temporary and expire after five minutes.
Gets a redirect URL to download a zip archive for a repository. If you omit :ref, the repository’s default branch (usually main) will be used. Please make sure your HTTP framework is configured to follow redirects or you will need to use the Location header to make a second GET request. Note: For private repositories, these links are temporary and expire after five minutes. If the repository is empty, you will receive a 404 when you follow the redirect.
Enables automated security fixes for a repository. The authenticated user must have admin access to the repository. For more information, see "Configuring automated security fixes".
Enables private vulnerability reporting for a repository. The authenticated user must have admin access to the repository. For more information, see "Privately reporting a security vulnerability."
Enables dependency alerts and the dependency graph for a repository. The authenticated user must have admin access to the repository. For more information, see "About security alerts for vulnerable dependencies".
Generate a name and body describing a release. The body content will be markdown formatted and contain information like the changes since last release and users who contributed. The generated release notes are not saved anywhere. They are intended to be generated and used when creating a new release.
The parent and source objects are present when the repository is a fork. parent is the repository this repository was forked from, source is the ultimate source for the network. Note: In order to see the security_and_analysis block for a repository you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see "Managing security managers in your organization."
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Lists who has access to this protected branch. Note: Users, apps, and teams restrictions are only available for organization-owned repositories.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Gets all custom deployment protection rules that are enabled for an environment. Anyone with read access to the repository can use this endpoint. For more information about environments, see "Using environments for deployment." For more information about the app that is providing this custom deployment rule, see the documentation for the GET /apps/{app_slug} endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Lists the environments for a repository. Anyone with read access to the repository can use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Lists the GitHub Apps that have push access to this branch. Only GitHub Apps that are installed on the repository and that have been granted write access to the repository contents can be added as authorized actors on a protected branch.
This returns a single autolink reference by ID that was configured for the given repository. Information about autolinks are only available to repository administrators.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Returns all active rules that apply to the specified branch. The branch does not need to exist; rules that would apply to a branch with that name will be returned. All active rules that apply will be returned, regardless of the level at which they are configured (e.g. repository or organization). Rules in rulesets with "evaluate" or "disabled" enforcement statuses are not returned.
Get the total number of clones and breakdown per day or week for the last 14 days. Timestamps are aligned to UTC midnight of the beginning of the day or week. Week begins on Monday.
Returns a weekly aggregate of the number of additions and deletions pushed to a repository. Note: This endpoint can only be used for repositories with fewer than 10,000 commits. If the repository contains 10,000 or more commits, a 422 status code will be returned.
Checks the repository permission of a collaborator. The possible repository permissions are admin, write, read, and none. Note: The permission attribute provides the legacy base roles of admin, write, read, and none, where the maintain role is mapped to write and the triage role is mapped to read. To determine the role assigned to the collaborator, see the role_name attribute, which will provide the full role name, including custom roles. The permissions hash can also be used to determine which base level of access the collaborator has to the repository.
Users with pull access in a repository can access a combined view of commit statuses for a given ref. The ref can be a SHA, a branch name, or a tag name. Additionally, a combined state is returned. The state is one of: * failure if any of the contexts report as error or failure * pending if there are no statuses or a context is pending * success if the latest status for all contexts is success
Returns the contents of a single commit reference. You must have read access for the repository to use this endpoint. Note: If there are more than 300 files in the commit diff and the default JSON media type is requested, the response will include pagination link headers for the remaining files, up to a limit of 3000 files. Each page contains the static commit information, and the only changes are to the file listing. This endpoint supports the following custom media types. For more information, see "Media types." Pagination query parameters are not supported for these media types. - application/vnd.github.diff: Returns the diff of the commit. Larger diffs may time out and return a 5xx status code. - application/vnd.github.patch: Returns the patch of the commit. Diffs with binary data will have no patch property. Larger diffs may time out and return a 5xx status code. - application/vnd.github.sha: Returns the commit’s SHA-1 hash. You can use this endpoint to check if a remote reference’s SHA-1 hash is the same as your local reference’s SHA-1 hash by providing the local SHA-1 reference as the ETag. Signature verification object The response will include a verification object that describes the result of verifying the commit’s signature. The following fields are included in the verification object: | Name | Type | Description | | –– | –– | ———– | | verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. | | reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. | | signature | string | The signature that was extracted from the commit. | | payload | string | The value that was signed. | These are the possible values for reason in the verification object: | Value | Description | | —– | ———– | | expired_key | The key that made the signature is expired. | | not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. | | gpgverify_error | There was an error communicating with the signature verification service. | | gpgverify_unavailable | The signature verification service is currently unavailable. | | unsigned | The object does not include a signature. | | unknown_signature_type | A non-PGP signature was found in the commit. | | no_user | No user was associated with the committer email address in the commit. | | unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. | | bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. | | unknown_key | The key that made the signature has not been registered with any user’s account. | | malformed_signature | There was an error parsing the signature. | | invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. | | valid | None of the above errors applied, so the signature is considered to be verified. |
Gets a specified commit comment. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type. - application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text. - application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body’s markdown. Response will include body_html. - application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. When authenticated with admin or owner permissions to the repository, you can use this endpoint to check whether a branch requires signed commits. An enabled status of true indicates you must sign commits on this branch. For more information, see Signing commits with GPG in GitHub Help. Note: You must enable branch protection to require signed commits.
Returns all community profile metrics for a repository. The repository cannot be a fork. The returned metrics include an overall health score, the repository description, the presence of documentation, the detected code of conduct, the detected license, and the presence of ISSUE\_TEMPLATE, PULL\_REQUEST\_TEMPLATE, README, and CONTRIBUTING files. The health_percentage score is defined as a percentage of how many of the recommended community health files are present. For more information, see "About community profiles for public repositories." content_reports_enabled is only returned for organization-owned repositories.
Gets the contents of a file or directory in a repository. Specify the file path or directory with the path parameter. If you omit the path parameter, you will receive the contents of the repository’s root directory. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github.raw+json: Returns the raw file contents for files and symlinks. - application/vnd.github.html+json: Returns the file contents in HTML. Markup languages are rendered to HTML using GitHub’s open-source Markup library. - application/vnd.github.object+json: Returns the contents in a consistent object format regardless of the content type. For example, instead of an array of objects for a directory, the response will be an object with an entries attribute containing the array of objects. If the content is a directory, the response will be an array of objects, one object for each item in the directory. When listing the contents of a directory, submodules have their "type" specified as "file". Logically, the value should be "submodule". This behavior exists for backwards compatibility purposes. In the next major version of the API, the type will be returned as "submodule". If the content is a symlink and the symlink’s target is a normal file in the repository, then the API responds with the content of the file. Otherwise, the API responds with an object describing the symlink itself. If the content is a submodule, the submodule_git_url field identifies the location of the submodule repository, and the sha identifies a specific commit within the submodule repository. Git uses the given URL when cloning the submodule repository, and checks out the submodule at that specific commit. If the submodule repository is not hosted on github.com, the Git URLs (git_url and _links[\"git\"]) and the github.com URLs (html_url and _links[\"html\"]) will have null values. Notes: - To get a repository’s contents recursively, you can recursively get the tree. - This API has an upper limit of 1,000 files for a directory. If you need to retrieve more files, use the Git Trees API. - Download URLs expire and are meant to be used just once. To ensure the download URL does not expire, please use the contents API to obtain a fresh download URL for each download. - If the requested file’s size is: - 1 MB or smaller: All features of this endpoint are supported. - Between 1-100 MB: Only the raw or object custom media types are supported. Both will work as normal, except that when using the object media type, the content field will be an empty string and the encoding field will be \"none\". To get the contents of these larger files, use the raw media type. - Greater than 100 MB: This endpoint is not supported.
Returns the total number of commits authored by the contributor. In addition, the response includes a Weekly Hash (weeks array) with the following information: * w - Start of the week, given as a Unix timestamp. * a - Number of additions * d - Number of deletions * c - Number of commits Note: This endpoint will return 0 values for all addition and deletion counts in repositories with 10,000 or more commits.
Gets an enabled custom deployment protection rule for an environment. Anyone with read access to the repository can use this endpoint. For more information about environments, see "Using environments for deployment." For more information about the app that is providing this custom deployment rule, see GET /apps/{app_slug}. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Gets a deployment branch or tag policy for an environment. Anyone with read access to the repository can use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Note: To get information about name patterns that branches must match in order to deploy to this environment, see "Get a deployment branch policy." Anyone with read access to the repository can use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Gets information about the single most recent build of a GitHub Pages site. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
View the latest published full release for the repository. The latest release is the most recent non-prerelease, non-draft release, sorted by the created_at attribute. The created_at attribute is the date of the commit used for the release, and not the date when the release was drafted or published.
Gets a health check of the DNS settings for the CNAME record configured for a repository’s GitHub Pages. The first request to this endpoint returns a 202 Accepted status and starts an asynchronous background task to get the results for the domain. After the background task completes, subsequent requests to this endpoint return a 200 OK status with the health check results in the response. The authenticated user must be a repository administrator, maintainer, or have the ‘manage GitHub Pages settings’ permission to use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Returns the total commit counts for the owner and total commit counts in all. all is everyone combined, including the owner in the last 52 weeks. If you’d like to get the commit counts for non-owners, you can subtract owner from all. The array order is oldest week (index 0) to most recent week. The most recent week is seven days ago at UTC midnight to today at UTC midnight.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Each array contains the day number, hour number, and number of commits: * 0-6: Sunday - Saturday * 0-23: Hour of day * Number of commits For example, [2, 14, 25] indicates that there were 25 total commits, during the 2:00pm hour on Tuesdays. All times are based on the time zone of individual commits.
Gets the preferred README for a repository. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github.raw+json: Returns the raw file contents. This is the default if you do not specify a media type. - application/vnd.github.html+json: Returns the README in HTML. Markup languages are rendered to HTML using GitHub’s open-source Markup library.
Gets the README from a repository directory. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github.raw+json: Returns the raw file contents. This is the default if you do not specify a media type. - application/vnd.github.html+json: Returns the README in HTML. Markup languages are rendered to HTML using GitHub’s open-source Markup library.
Gets a public release with the specified release ID. Note: This returns an upload_url key corresponding to the endpoint for uploading release assets. This key is a hypermedia resource. For more information, see "Getting started with the REST API."
To download the asset’s binary content, set the Accept header of the request to application/octet-stream. The API will either redirect the client to the location, or stream it directly if possible. API clients should handle both a 200 or 302 response.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Lists the teams who have push access to this branch. The list includes child teams.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Lists the people who have push access to this branch.
Get the total number of views and breakdown per day or week for the last 14 days. Timestamps are aligned to UTC midnight of the beginning of the day or week. Week begins on Monday.
Returns the webhook configuration for a repository. To get more information about the webhook, including the active state and events, use "Get a repository webhook." OAuth app tokens and personal access tokens (classic) need the read:repo_hook or repo scope to use this endpoint.
Lists a detailed history of changes to a repository, such as pushes, merges, force pushes, and branch changes, and associates these changes with commits and users. For more information about viewing repository activity, see "Viewing activity and data for your repository."
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Returns all branches where the given commit SHA is the HEAD, or latest commit for the branch.
For organization-owned repositories, the list of collaborators includes outside collaborators, organization members that are direct collaborators, organization members with access through team memberships, organization members with access through default organization permissions, and organization owners. Organization members with write, maintain, or admin privileges on the organization-owned repository can use this endpoint. Team members will include the members of child teams. The authenticated user must have push access to the repository to use this endpoint. OAuth app tokens and personal access tokens (classic) need the read:org and repo scopes to use this endpoint.
Lists the comments for a specified commit. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type. - application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text. - application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body’s markdown. Response will include body_html. - application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.
Lists the commit comments for a specified repository. Comments are ordered by ascending ID. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type. - application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text. - application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body’s markdown. Response will include body_html. - application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.
Users with pull access in a repository can view commit statuses for a given ref. The ref can be a SHA, a branch name, or a tag name. Statuses are returned in reverse chronological order. The first status in the list will be the latest one. This resource is also available via a legacy route: GET /repos/:owner/:repo/statuses/:ref.
Signature verification object The response will include a verification object that describes the result of verifying the commit’s signature. The following fields are included in the verification object: | Name | Type | Description | | –– | –– | ———– | | verified | boolean | Indicates whether GitHub considers the signature in this commit to be verified. | | reason | string | The reason for verified value. Possible values and their meanings are enumerated in table below. | | signature | string | The signature that was extracted from the commit. | | payload | string | The value that was signed. | These are the possible values for reason in the verification object: | Value | Description | | —– | ———– | | expired_key | The key that made the signature is expired. | | not_signing_key | The "signing" flag is not among the usage flags in the GPG key that made the signature. | | gpgverify_error | There was an error communicating with the signature verification service. | | gpgverify_unavailable | The signature verification service is currently unavailable. | | unsigned | The object does not include a signature. | | unknown_signature_type | A non-PGP signature was found in the commit. | | no_user | No user was associated with the committer email address in the commit. | | unverified_email | The committer email address in the commit was associated with a user, but the email address is not verified on their account. | | bad_email | The committer email address in the commit is not included in the identities of the PGP key that made the signature. | | unknown_key | The key that made the signature has not been registered with any user’s account. | | malformed_signature | There was an error parsing the signature. | | invalid | The signature could not be cryptographically verified using the key whose key-id was found in the signature. | | valid | None of the above errors applied, so the signature is considered to be verified. |
Lists contributors to the specified repository and sorts them by the number of commits per contributor in descending order. This endpoint may return information that is a few hours old because the GitHub REST API caches contributor data to improve performance. GitHub identifies contributors by author email address. This endpoint groups contribution counts by GitHub user, which includes all associated email addresses. To improve performance, only the first 500 author email addresses in the repository link to GitHub users. The rest will appear as anonymous contributors without associated GitHub user information.
Gets all custom deployment protection rule integrations that are available for an environment. Anyone with read access to the repository can use this endpoint. For more information about environments, see "Using environments for deployment." For more information about the app that is providing this custom deployment rule, see "GET an app". OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Lists the deployment branch policies for an environment. Anyone with read access to the repository can use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.
Lists repositories that the authenticated user has explicit permission (:read, :write, or :admin) to access. The authenticated user has explicit permission to access repositories they own, repositories where they are a collaborator, and repositories that they can access through an organization membership.
Lists repositories for the specified organization. Note: In order to see the security_and_analysis block for a repository you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see "Managing security managers in your organization."
Lists all public repositories in the order that they were created. Note: - For GitHub Enterprise Server, this endpoint will only list repositories available to all users on the enterprise. - Pagination is powered exclusively by the since parameter. Use the Link header to get the URL for the next page of repositories.
Lists the merged pull request that introduced the commit to the repository. If the commit is not present in the default branch, will only return open pull requests associated with the commit. To list the open or merged pull requests associated with a branch, you can set the commit_sha parameter to the branch name.
This returns a list of releases, which does not include regular Git tags that have not been associated with a release. To get a list of Git tags, use the Repository Tags API. Information about published releases are available to everyone. Only users with push access will receive listings for draft releases.
Lists the teams that have access to the specified repository and that are also visible to the authenticated user. For a public repository, a team is listed only if that team added the public repository explicitly. OAuth app tokens and personal access tokens (classic) need the public_repo or repo scope to use this endpoint with a public repository, and repo scope to use this endpoint with a private repository.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Removes the ability of an app to push to this branch. Only GitHub Apps that are installed on the repository and that have been granted write access to the repository contents can be added as authorized actors on a protected branch.
Removes a collaborator from a repository. To use this endpoint, the authenticated user must either be an administrator of the repository or target themselves for removal. This endpoint also: - Cancels any outstanding invitations - Unasigns the user from any issues - Removes access to organization projects if the user is not an organization member and is not a collaborator on any other organization repositories. - Unstars the repository - Updates access permissions to packages Removing a user as a collaborator has the following effects on forks: - If the user had access to a fork through their membership to this repository, the user will also be removed from the fork. - If the user had their own fork of the repository, the fork will be deleted. - If the user still has read access to the repository, open pull requests by this user from a fork will be denied. Note: A user can still have access to the repository through organization permissions like base repository permissions. Although the API responds immediately, the additional permission updates might take some extra time to complete in the background. For more information on fork permissions, see "About permissions and visibility of forks".
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Removes the ability of a team to push to this branch. You can also remove push access for child teams.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Removes the ability of a user to push to this branch. | Type | Description | | —–– | ——————————————————————————————————————————————— | | array | Usernames of the people who should no longer have push access. Note: The list of users, apps, and teams in total is limited to 100 items. |
Renames a branch in a repository. Note: Although the API responds immediately, the branch rename process might take some extra time to complete in the background. You won’t be able to push to the old branch name while the rename process is in progress. For more information, see "Renaming a branch". The authenticated user must have push access to the branch. If the branch is the default branch, the authenticated user must also have admin or owner permissions. In order to rename the default branch, fine-grained access tokens also need the administration:write repository permission.
You can request that your site be built from the latest revision on the default branch. This has the same effect as pushing a commit to your default branch, but does not require an additional commit. Manually triggering page builds can be helpful when diagnosing build warnings and failures. Build requests are limited to one concurrent build per repository and one concurrent build per requester. If you request a build while another is still in progress, the second request will be queued until the first completes.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Adding admin enforcement requires admin or owner permissions to the repository and branch protection to be enabled.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Replaces the list of apps that have push access to this branch. This removes all apps that previously had push access and grants push access to the new list of apps. Only GitHub Apps that are installed on the repository and that have been granted write access to the repository contents can be added as authorized actors on a protected branch.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Replaces the list of teams that have push access to this branch. This removes all teams that previously had push access and grants push access to the new list of teams. Team restrictions include child teams.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Replaces the list of people that have push access to this branch. This removes all people that previously had push access and grants push access to the new list of people. | Type | Description | | —–– | —————————————————————————————————————————– | | array | Usernames for people who can have push access. Note: The list of users, apps, and teams in total is limited to 100 items. |
This will trigger the hook with the latest push to the current repository if the hook is subscribed to push events. If the hook is not subscribed to push events, the server will respond with 204 but no test POST will be generated. Note: Previously /repos/:owner/:repo/hooks/:hook_id/test
A transfer request will need to be accepted by the new owner when transferring a personal repository to another user. The response will contain the original owner, and the transfer will continue asynchronously. For more details on the requirements to transfer personal and organization-owned repositories, see about repository transfers.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Protecting a branch requires admin or owner permissions to the repository. Note: Passing new arrays of users and teams replaces their previous values. Note: The list of users, apps, and teams in total is limited to 100 items.
Updates the contents of a specified commit comment. This endpoint supports the following custom media types. For more information, see "Media types." - application/vnd.github-commitcomment.raw+json: Returns the raw markdown body. Response will include body. This is the default if you do not pass any specific media type. - application/vnd.github-commitcomment.text+json: Returns a text only representation of the markdown body. Response will include body_text. - application/vnd.github-commitcomment.html+json: Returns HTML rendered from the body’s markdown. Response will include body_html. - application/vnd.github-commitcomment.full+json: Returns raw, text, and HTML representations. Response will include body, body_text, and body_html.
Updates a deployment branch or tag policy for an environment. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Updates information for a GitHub Pages site. For more information, see "About GitHub Pages. The authenticated user must be a repository administrator, maintainer, or have the ‘manage GitHub Pages settings’ permission. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Updating pull request review enforcement requires admin or owner permissions to the repository and branch protection to be enabled. Note: Passing new arrays of users and teams replaces their previous values.
Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see GitHub’s products in the GitHub Help documentation. Updating required status checks requires admin or owner permissions to the repository and branch protection to be enabled.
Updates a webhook configured in a repository. If you previously had a secret set, you must provide the same secret or set a new secret or the secret will be removed. If you are only updating individual webhook config properties, use "Update a webhook configuration for a repository."
Updates the webhook configuration for a repository. To update more information about the webhook, including the active state and events, use "Update a repository webhook." OAuth app tokens and personal access tokens (classic) need the write:repo_hook or repo scope to use this endpoint.
This endpoint makes use of a Hypermedia relation to determine which URL to access. The endpoint you call to upload release assets is specific to your release. Use the upload_url returned in the response of the Create a release endpoint to upload a release asset. You need to use an HTTP client which supports SNI to make calls to this endpoint. Most libraries will set the required Content-Length header automatically. Use the required Content-Type header to provide the media type of the asset. For a list of media types, see Media Types. For example: application/zip GitHub expects the asset data in its raw binary form, rather than JSON. You will send the raw binary content of the asset as the request body. Everything else about the endpoint is the same as the rest of the API. For example, you’ll still need to pass your authentication to be able to upload an asset. When an upstream failure occurs, you will receive a 502 Bad Gateway status. This may leave an empty asset with a state of starter. It can be safely deleted. Notes: * GitHub renames asset filenames that have special characters, non-alphanumeric characters, and leading or trailing periods. The "List release assets" endpoint lists the renamed filenames. For more information and help, contact GitHub Support. * To find the release_id query the GET /repos/{owner}/{repo}/releases/latest endpoint. * If you upload an asset with the same filename as another uploaded asset, you’ll receive an error and must delete the old file before you can re-upload the new asset.