Learn through the super-clean Baeldung Pro experience:
>> Membership and Baeldung Pro.
No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.
Guide to Getting Commit SHA in GitHub Actions
Last updated: April 11, 2025
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
1. Overview
GitHub Actions is one of the most popular automation tools for CI/CD workflows. These automated workflows are triggered by specific events in GitHub repositories, such as push, pull_request, and so on. So, getting the commit SHA can be very useful in some use cases, such as version tagging, interacting with GitHub APIs, and so on.
In this tutorial, we’ll explore different ways to get the commit SHA in GitHub actions.
2. Merge Commit in Pull Requests
Before exploring how to get the commit SHA, we must understand the nitty-gritty of the merge commit in pull requests. It’ll help us figure out the correct commit SHA based on our use case.
When we raise any pull request, GitHub internally creates a merge commit to show the result of merging the code changes from the source branch into the target branch. Moreover, such a commit doesn’t belong to either of the two branches:
We must note that there are three SHA values. Two of these are the SHAs of the heads of the branches, and the third is the internal commit that GitHub creates internally.
Moreover, if we configure our workflow to run on the pull_request and push events, GitHub would generate two separate workflow runs:
For the workflow generated via the push event, we might usually be interested in getting the commit SHA of the head of the branch. However, for the workflow generated via the pull_request event, using the internal merge commit SHA value is also common.
In the following sections, we can visit the commit page on GitHub to verify the details about a commit:
https://github.com/[username]/[repository-name]/commit/[commit-sha]
Now, let’s go ahead and learn how to get the commit SHA in the GitHub actions.
3. Using the github Context
In this section, we’ll use the github context to get the commit SHAs for our use cases.
3.1. push Event
Let’s define the commit-sha-push.yml workflow that’s triggered for the push events:
$ cat .github/workflows/commit-sha-push.yml
name: Workflow to get commit sha in GitHub actions
on:
push:
jobs:
display-commit-sha:
runs-on: ubuntu-latest
steps:
- name: commit SHA of the head of the branch
run: echo "The commit SHA is ${{ github.sha }}"We used the ${{ github.sha }} to determine the commit SHA as GitHub internally sets this to the SHA commit of the head of the branch.
Further, we can push a commit to the branch and check the output of the job:
Our job was executed successfully.
Lastly, we can check the commit history of the branch to match the commit SHA of the head of the branch against the results from the job:
Perfect! We got the correct result, as expected.
3.2. pull_request Event
Let’s define the commit-sha-pull-request.yml workflow that’s triggered on the pull_request events:
$ cat .github/workflows/commit-sha-pull-request.yml
name: Workflow to get commit sha in GitHub actions
on:
pull_request:
jobs:
display-commit-sha:
runs-on: ubuntu-latest
steps:
- name: Get commit SHA of the merge commit
run: echo "commit SHA:" ${{ github.sha }}
- name: Display Source and Target Commit SHA
run: |
echo "Source commit SHA: ${{ github.event.pull_request.head.sha }}"
echo "Target commit SHA: ${{ github.event.pull_request.base.sha }}"It’s important to note that GitHub sets the github.sha value to the merge commit SHA for pull_request events. So, we used the github.event.pull_request.head.sha and github.event.pull_request.base.sha context values to get the commit SHAs for the source and target branches, respectively.
Now, we can raise a pull request and see the job in action:
We can see that both steps of the job were executed successfully.
Next, let’s verify the commit SHA of the target branch by checking the commit history of the main branch:
Both values match.
Lastly, let’s check the merge commit SHA by visiting the commit page:
Great. It looks correct, too. We can notice that the merge commit represents the merge commit when the source branch is merged into the target branch.
4. Using the git Command
In this section, we’ll use the git command to retrieve the commit SHA for various use cases.
4.1. push Event
Let’s start by adding the commit-sha-push-git-cmd.yml workflow to our repository:
$ cat .github/workflows/commit-sha-push-git-cmd.yml
name: Workflow to get commit sha in GitHub actions
on:
push:
jobs:
display-commit-sha:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: commit SHA of the head of the branch
run: echo "The commit SHA is $(git rev-parse HEAD)"We used the predefined actions/checkout GitHub action to checkout the repository so that we could run the git commands in the subsequent step. Later on, we used the git rev-parse command to get the commit SHA of the HEAD reference.
Now, let’s see the job in action:
We can see that both the steps were executed successfully.
Lastly, we can verify the commit SHA by matching it against the commit history of the branch:
Great! It looks like we got this one right.
4.2. pull_request Event
First, let’s add the commit-sha-pull-request-git-cmd.yml workflow to our repository:
$ cat .github/workflows/commit-sha-pull-request-git-cmd.yml
name: Workflow to get commit sha in GitHub actions
on:
pull_request:
jobs:
display-commit-sha:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Get commit SHA
run: |
git fetch origin \
+refs/pull/${{ github.event.pull_request.number }}/\*:refs/remotes/origin/pull/${{ github.event.pull_request.number }}/\* \
+refs/heads/${{ github.base_ref }}:refs/remotes/origin/${{ github.base_ref }}
echo "Merge commit SHA: $(git rev-parse origin/pull/${{ github.event.pull_request.number }}/merge)"
echo "Source commit SHA: $(git rev-parse origin/pull/${{ github.event.pull_request.number }}/head)"
echo "Target commit SHA: $(git rev-parse origin/${{ github.base_ref }})"We started our workflow by checking out the repository using the predefined actions/checkout GitHub action. Next, we used the git fetch command to get the references related to the pull request and the base branch. Moreover, we used the github.event context to get the pull request number. Later, we used the git rev-parse command to get the commit SHA for these three references.
Now, let’s see the job in action for a pull request that we raised:
We can see that our job successfully provided all three commits SHA values.
Finally, we can check the merge commit by visiting the commit page:
Fantastic! It looks like we nailed this one. We can also check the branch’s commit history to verify the other two commit SHAs.
5. Conclusion
In this tutorial, we learned how to get the commit SHA in GitHub actions. We started by leveraging the github context to get the commit SHAs. Later on, we explored an advanced way of using the git commands together with the predefined actions/checkout GitHub action.