actup

Appearance

Install

Requirements

  • Bun 1.3.x. The repo pins bun@1.3.13 (packageManager in package.json); development is verified on 1.3.13. actup uses Bun-native APIs (bun:sqlite, Bun.TOML, Bun.file, Bun.Glob, Bun.semver) and Node.js is not supported.
  • Network access to your action hosts (GitHub/GitLab/Gitea), unless you run fully --offline against a warm cache.

Get the code

actup is currently distributed from source as a Bun monorepo. Clone the repository and install workspace dependencies:

bash
git clone https://github.com/kjanat/actup-ts
cd actup-ts
bun install

bun install resolves all workspace packages (@actup/core, @actup/provider-*, @actup/providers, @actup/cli).

Running

The root package.json exposes a script that runs the CLI entry point:

bash
bun run actup --help

bun run actup is equivalent to bun packages/cli/src/index.ts. You can invoke the entry point directly as well:

bash
bun packages/cli/src/index.ts check

The CLI file has a #!/usr/bin/env bun shebang and the @actup/cli package declares a bin named actup, so within a Bun workspace context the binary name is actup.

Authentication

Tokens are read from the environment. GitHub GraphQL (the default fetch.apiMode) requires a token.

VariableUsed for
GITHUB_TOKEN / GH_TOKENGitHub / GitHub Enterprise
GITLAB_TOKENGitLab
GITEA_TOKENGitea / Forgejo / Codeberg

A per-host tokenEnv in the config file overrides the default variable for that host. Token-related auth failures exit with code 3 — see usage.

Docker

A Dockerfile builds a slim image containing just the compiled actup binary (no Bun / node_modules in the final layer). No image is published to a registry yet — build it from source:

bash
docker build -t actup .
docker run --rm actup --help

Mount the repository you want to scan at /work (the image's working directory). The container runs as a non-root user, so a read-only mount is enough for check:

bash
docker run --rm -v "$PWD:/work:ro" actup check
docker run --rm -v "$PWD:/work:ro" actup check --format sarif > actup.sarif

For update / pin (which rewrite files) mount writable (drop :ro) and pass a token via -e GITHUB_TOKEN for higher rate limits.

Verify the install

bash
bun run actup config       # prints the effective default config as JSON
bun run actup cache path    # prints the SQLite cache file path

Next: Usage.