create-pull-request
Create Pull Request is a GitHub Actions workflow automation tool that detects file changes in your repository and automatically commits them to a new branch, then opens a pull request. It simplifies CI/CD pipelines by removing the need for manual PR creation after automated code modifications.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | peter-evans/create-pull-request |
| Owner | peter-evans |
| Primary language | TypeScript |
| License | MIT — OSI-approved |
| Stars | 2.8k |
| Forks | 546 |
| Open issues | 17 |
| Latest release | v8.1.1 (2026-04-10) |
| Last updated | 2026-07-01 |
| Source | https://github.com/peter-evans/create-pull-request |
What create-pull-request is
A TypeScript-based GitHub Action that monitors the Actions workspace for tracked/untracked file changes and commits, creates or updates branches with configurable naming strategies, and opens pull requests with customizable metadata (title, body, labels, reviewers, draft status). Supports token flexibility (GITHUB_TOKEN, PAT, GitHub App tokens) and fork-based workflows.
Get the create-pull-request source
Clone the repository and explore it locally.
git clone https://github.com/peter-evans/create-pull-request.gitcd create-pull-request# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Explicitly enable workflow permissions (contents: write, pull-requests: write) in repositories created after Feb 2023 to avoid read-only GITHUB_TOKEN errors.
- Choose token strategy: GITHUB_TOKEN is simplest but won't trigger downstream workflows; PAT or GitHub App tokens required for workflow chaining at cost of credential management.
- Use branch-suffix strategies (random, timestamp, short-commit-hash) to avoid collisions if creating multiple PRs in parallel; default 'create-pull-request/patch' branch reuses/updates existing PR.
- Configure add-paths carefully using git pathspec syntax to avoid committing unintended files (e.g., build artifacts, node_modules).
- Set maintainer-can-modify to true if contributors should be able to update PR branches; false restricts to original author.
When to avoid it — and what to weigh
- Sensitive Secret/Credential Changes — Do not use for changes involving secrets or credentials. The action commits changes to a tracked branch; unintended exposure is possible if permissions misconfigured.
- High-Volume Automated PRs Without Governance — Avoid heavy automation without team guardrails. Hundreds of auto-created PRs can overwhelm review processes and create maintenance debt.
- Triggering Cascading Workflow Runs — GITHUB_TOKEN will not trigger downstream `on: push` or `on: pull_request` workflows by design. If your pipeline requires chained workflow execution, use PAT or GitHub App tokens (adds complexity).
- Complex Multi-Step Conditional Commits — The action commits all detected changes by default. If you need granular control over which specific changes commit in which order, you'll need custom branching logic.
License & commercial use
MIT License – permissive, allows commercial use, modification, and distribution with attribution. No restrictions on use in proprietary or closed-source projects.
MIT permits commercial use without restriction. However, review your workflow's token strategy (especially PAT/GitHub App management) for compliance with your organization's credential policies.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
No inherent security flaws disclosed in available data, but review your token strategy carefully: GITHUB_TOKEN is scoped narrowly but won't trigger workflows; PAT/GitHub App tokens expand permissions and require secure storage. Ensure add-paths filter prevents commits of secrets or sensitive files. Commits are attributed to the workflow actor, creating an audit trail.
Alternatives to consider
GitHub Actions: git-auto-commit-action (stefanzweifel)
Simpler lightweight alternative for direct commits to a branch; does not create PRs, better for self-contained automation without review gates.
Manual git commands in workflow
Full control over commit logic and PR metadata; requires more boilerplate and error handling; suitable for highly custom scenarios.
Renovate or Dependabot
Specialized for dependency updates and security patches; offers native PR management, auto-merge policies, and advanced grouping; not suitable for general code generation.
Build on create-pull-request with DEV.co software developers
Integrate Create Pull Request into your CI/CD pipeline today. Our engineers can help design a secure token strategy and workflow automation architecture tailored to your team's needs.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
create-pull-request FAQ
Why don't pull requests trigger my downstream workflows?
Can I use this action without write permissions?
How do I avoid duplicate PRs when my workflow runs multiple times?
Is it safe to commit secrets with this action?
Software development & web development with DEV.co
Need help beyond evaluating create-pull-request? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Ready to automate your GitHub workflow?
Integrate Create Pull Request into your CI/CD pipeline today. Our engineers can help design a secure token strategy and workflow automation architecture tailored to your team's needs.