Tangled

Tangled scm

Description

The Tangled scm plugin is used to manage git repositories hosted on Tangled, an AT protocol based git host. Depending on the stage, it can be used for different purposes:

source: Retrieve data from a git repository, such as a file content
condition: Ensure data exist on a git repository, such as a file content
target: Ensure data is up to date on a git repository

Authentication

Tangled repositories live on knots (git servers) while pull request records are stored as atproto records on the author’s Personal Data Server (PDS).

Git clone and push both go through SSH. Tangled knots reject HTTPS pushes, so the plugin uses an ssh://-style URL for both directions. For the default knot (knot1.tangled.sh), the SSH gateway lives on tangled.org; self-hosted knots use the knot hostname directly. The plugin builds the URL automatically from owner and repository; override with cloneURL only if you need a different host or path.
Authentication relies on your SSH agent. Make sure the key registered with your Tangled account is loaded (ssh-add ~/.ssh/id_ed25519); the underlying go-git transport does not read default identity files on its own.
Pull request creation uses an atproto app password against the user’s PDS (no token is sent to the knot itself). Generate the app password from your PDS’s web UI (Bluesky users: https://bsky.app/settings/app-passwords).

Parameters

Name	Type	Description	Required

CommitMessage

Updatecli uses conventional commits as described on www.conventionalcommits.org.

Name	Default	Description
type	chore	Specify commit type
scope		Specify commit scope
footer		Specify commit footer message
title		Override default body message
hideCredit		Remove "Made with ❤️️ by updatecli" from commit message
body		Override default body message

Name

Required

Default

Description

type

chore

Specify commit type

scope

Specify commit scope

footer

Specify commit footer message

title

Override default body message

hideCredit

Remove "Made with ❤️️ by updatecli" from commit message

body

Override default body message

GPG

Updatecli can sign commits using a private GPG key if configured accordingly.

Name	Required	Default	Description
signingkey			Defines the armored private gpg key
password			Defines the gpg key password

Name

Required

Default

Description

signingkey

Defines the armored private gpg key

password

Defines the gpg key password

Example

# updatecli.yaml
---
name: Test Tangled scm

scms:
  tangled:
    kind: tangled
    spec:
      owner: alice.tangled.sh
      repository: updatecli-mirror
      branch: main
      handle: alice.tangled.sh
      # atproto app password used to author pull request records on the user's PDS.
      # Generate one from your PDS's web UI (Bluesky: https://bsky.app/settings/app-passwords).
      appPassword: '{{ requiredEnv "TANGLED_APP_PASSWORD" }}'

sources:
  license:
    name: Retrieve license file content
    kind: file
    scmid: tangled
    spec:
      file: LICENSE

Last modified on May 24, 2026

Edit this page on GitHub