No description
- Shell 95.6%
- Makefile 2.5%
- Dockerfile 1.9%
| .forgejo/workflows | ||
| tests | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitignore | ||
| .prettierignore | ||
| action.yml | ||
| Dockerfile | ||
| entrypoint.sh | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
bluesky-post-action
A reusable Forgejo Action that publishes a plain-text post to a Bluesky account via the AT Protocol.
Usage
- name: Announce release
uses: ModernLeft/bluesky-post-action@v1
with:
identifier: ${{ secrets.BLUESKY_HANDLE }}
password: ${{ secrets.BLUESKY_APP_PASSWORD }}
text: "New release ${{ github.ref_name }} is out!"
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
identifier |
yes | n/a | Bluesky handle (e.g. you.bsky.social) or account email |
password |
yes | n/a | App password, not your main account password |
text |
yes | n/a | Post text (max 300 graphemes) |
pds-host |
no | https://bsky.social |
PDS base URL, for self-hosted PDS instances |
footer |
no | false |
When true, append a footer with a clickable link back to this action |
Setup
- In Bluesky, go to Settings → Privacy and security → App passwords and create a new app password. App passwords are revocable and scoped, so never put your main password in CI.
- In your Forgejo repository, add two secrets:
BLUESKY_HANDLE: your handle or emailBLUESKY_APP_PASSWORD: the app password from step 1
- Reference the action in a workflow as shown in Usage above.
Rotating the app password
App passwords are managed through the AT Protocol XRPC API. Revoking one needs a session created from the account's main password, because an app password cannot manage other app passwords. See the AT Protocol server API reference for the request and response shapes:
If you self-host, point these calls at your own PDS host instead of
https://bsky.social. After creating a replacement, update the
BLUESKY_APP_PASSWORD secret in your Forgejo repository so CI uses the new
value.
Notes
- Plain text, aside from the optional
footerlink. Embed cards, images, threads, and rich-text facets in your own text are out of scope. - The step fails if authentication fails or Bluesky rejects the post (e.g. text over the 300-grapheme limit).