CLI Reference
ghagen provides commands organized into top-level commands (synth, check-synced, init) and a deps subgroup (deps pin, deps check-synced, deps upgrade).
Installation
Section titled “Installation”npm install --save-dev @ghagen/ghagenghagen synth
Section titled “ghagen synth”Generate YAML workflow files from your TypeScript/JavaScript definitions.
npx ghagen synthOptions
Section titled “Options”| Option | Description |
|---|---|
--config PATH | Path to the configuration file. Defaults to auto-detection. |
Config file resolution
Section titled “Config file resolution”If --config is not specified, ghagen locates the workflow file in this order:
- The top-level
entrypointkey in.ghagen.yml, if present .github/ghagen.workflows.ts.github/ghagen.workflows.js.github/ghagen.workflows.mjsghagen.workflows.tsghagen.workflows.jsghagen.workflows.mjsghagen.config.tsghagen.config.jsghagen.config.mjs
The entrypoint value is a path (relative paths resolve against the
.ghagen.yml parent directory, i.e. the repo root, not the current working
directory). Use this when your workflow file lives outside the default
locations:
entrypoint: scripts/workflows.tsWithin the workflow file, ghagen looks for:
- A
createApp()function that returns anAppinstance - An
appvariable that is anAppinstance
Example
Section titled “Example”# Use default config detectionnpx ghagen synth
# Specify a config filenpx ghagen synth --config workflows/generate.tsghagen check-synced
Section titled “ghagen check-synced”Verify that generated YAML files match the current TypeScript/JavaScript definitions. Exits with code 0 if all files are up to date, or code 1 if any file is stale.
npx ghagen check-syncedOptions
Section titled “Options”| Option | Description |
|---|---|
--config PATH | Path to the configuration file. Defaults to auto-detection. |
This command follows the same config file resolution as synth.
Example
Section titled “Example”# Run in CI to catch stale workflowsnpx ghagen check-synced
# Check with explicit confignpx ghagen check-synced --config .github/ghagen.workflows.tsCI usage
Section titled “CI usage”Add ghagen check-synced to your CI pipeline to ensure that generated YAML files are never out of sync with their TypeScript definitions:
- name: Check workflow freshness run: npx ghagen check-syncedIf someone edits a generated YAML file directly instead of updating the TypeScript source, ghagen check-synced will fail and the CI run will report the mismatch.
ghagen deps pin
Section titled “ghagen deps pin”Pin every uses: reference in your workflows to an exact commit SHA, recorded
in .ghagen.lock.yml. When a lockfile is present, ghagen synth
automatically rewrites uses: entries to the pinned SHA on emission, so your
generated YAML is reproducible without hand-editing.
npx ghagen deps pin # Resolve any refs missing from the lockfilenpx ghagen deps pin --update # Re-resolve every entry to the latest SHAnpx ghagen deps pin --prune # Drop lockfile entries no longer referencedOptions
Section titled “Options”| Option | Description |
|---|---|
--config PATH, -c | Path to the configuration file. Defaults to auto-detection. |
--update | Re-resolve every entry to its current SHA, not just the missing ones. |
--prune | Remove lockfile entries that are no longer referenced by any workflow. |
--token TOKEN | GitHub token used to resolve refs. Defaults to $GITHUB_TOKEN, then $GH_TOKEN. Unauthenticated requests are limited to 60/hour. |
Exit codes
Section titled “Exit codes”| Code | Meaning |
|---|---|
0 | Lockfile is in sync (or was updated successfully) |
1 | One or more refs failed to resolve |
ghagen deps check-synced
Section titled “ghagen deps check-synced”Verify the lockfile is in sync with the current code. Exits with code 1 if the lockfile is stale. Does not make network calls.
npx ghagen deps check-syncedOptions
Section titled “Options”| Option | Description |
|---|---|
--config PATH, -c | Path to the configuration file. Defaults to auto-detection. |
--prune | Also check for lockfile entries that are no longer referenced by any workflow. |
Exit codes
Section titled “Exit codes”| Code | Meaning |
|---|---|
0 | Lockfile is in sync |
1 | Lockfile is stale |
CI usage
Section titled “CI usage”Run ghagen deps check-synced --prune in CI to catch PRs that introduce a new
uses: without updating the lockfile:
step({ name: "Check lockfile sync", run: "npx ghagen deps check-synced --prune",});ghagen deps check-synced does not make network calls, so it doesn’t need a GitHub token.
ghagen deps upgrade
Section titled “ghagen deps upgrade”Detect and apply updates to action dependencies in your workflows. By default,
applies updates to source files (version bumps). Use --check for a
dry-run report without modifying files.
npx ghagen deps upgrade # Apply available updates to source filesnpx ghagen deps upgrade --check # Report available updates without applyingnpx ghagen deps upgrade --check --json # Machine-readable JSON reportOptions
Section titled “Options”| Option | Description |
|---|---|
--config PATH, -c | Path to the configuration file. Defaults to auto-detection. |
--check | Report available updates without applying changes (dry-run mode). |
--json | Output results as JSON (only valid with --check). |
--token TOKEN | GitHub token used to query tags. Defaults to $GITHUB_TOKEN, then $GH_TOKEN. |
Exit codes
Section titled “Exit codes”| Code | Meaning |
|---|---|
0 | No updates available, or updates applied successfully |
1 | Updates available (--check) or one or more updates failed to apply |
ghagen init
Section titled “ghagen init”Scaffold a starter configuration file with a minimal CI workflow.
npx ghagen initOptions
Section titled “Options”| Option | Description |
|---|---|
--outdir PATH | Directory to create the config file in. Defaults to .github. |
Example
Section titled “Example”# Create .github/ghagen.workflows.tsnpx ghagen init
# Create in a custom directorynpx ghagen init --outdir workflowsThe generated file contains an App instance with a single CI workflow that checks out code and runs a placeholder test command.