step-security · Raj-StepSecurity · Apr 10, 2026 · Apr 9, 2026 · Apr 10, 2026
diff --git a/LICENSE b/LICENSE
@@ -1,7 +1,7 @@
 MIT License
 
 Copyright (c) 2020 Contributors
-Copyright (c) 2023 StepSecurity
+Copyright (c) 2026 StepSecurity
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+[![StepSecurity Maintained Action](https://raw.githubusercontent.com/step-security/maintained-actions-assets/main/assets/maintained-action-banner.png)](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions)
+
 # action-semantic-pull-request
 
 This is a GitHub Action that ensures that your pull request titles match the [Conventional Commits spec](https://www.conventionalcommits.org/). Typically, this is used in combination with a tool like [semantic-release](https://github.com/semantic-release/semantic-release) to automate releases.

diff --git a/dist/index.js b/dist/index.js
@@ -1,6 +1,6 @@
+import require$$1 from 'fs';
 import require$$0$1 from 'os';
 import require$$0$2 from 'crypto';
-import require$$1 from 'fs';
 import require$$1$9, { resolve } from 'path';
 import require$$2$1 from 'http';
 import require$$1$1 from 'https';
@@ -81912,19 +81912,49 @@ async function run() {
 }
 
 async function validateSubscription() {
-  const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`;
+  let repoPrivate;
+  const eventPath = process.env.GITHUB_EVENT_PATH;
+  if (eventPath && require$$1.existsSync(eventPath)) {
+    const payload = JSON.parse(require$$1.readFileSync(eventPath, 'utf8'));
+    repoPrivate = payload?.repository?.private;
+  }
+
+  const upstream = 'amannn/action-semantic-pull-request';
+  const action = process.env.GITHUB_ACTION_REPOSITORY;
+  const docsUrl =
+    'https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions';
+
+  core.info('');
+  core.info('\u001b[1;36mStepSecurity Maintained Action\u001b[0m');
+  core.info(`Secure drop-in replacement for ${upstream}`);
+  if (repoPrivate === false) {
+    core.info('\u001b[32m\u2713 Free for public repositories\u001b[0m');
+  }
+  core.info(`\u001b[36mLearn more:\u001b[0m ${docsUrl}`);
+  core.info('');
+
+  if (repoPrivate === false) return;
+  const serverUrl = process.env.GITHUB_SERVER_URL || 'https://github.com';
+  const body = {action: action || ''};
 
+  if (serverUrl !== 'https://github.com') body.ghes_server = serverUrl;
   try {
-    await axios.get(API_URL, {timeout: 3000});
+    await axios.post(
+      `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`,
+      body,
+      {timeout: 3000}
+    );
   } catch (error) {
-    if (error.response && error.response.status === 403) {
-      console.error(
-        'Subscription is not valid. Reach out to support@stepsecurity.io'
+    if (axios.isAxiosError(error) && error.response?.status === 403) {
+      core.error(
+        `\u001b[1;31mThis action requires a StepSecurity subscription for private repositories.\u001b[0m`
+      );
+      core.error(
+        `\u001b[31mLearn how to enable a subscription: ${docsUrl}\u001b[0m`
       );
       process.exit(1);
-    } else {
-      core.info('Timeout or API not reachable. Continuing to next step.');
     }
+    core.info('Timeout or API not reachable. Continuing to next step.');
   }
 }
 

diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/index.js b/src/index.js
@@ -1,3 +1,4 @@
+import fs from 'fs';
 import core from '@actions/core';
 import github from '@actions/github';
 import axios from 'axios';
@@ -174,19 +175,49 @@ async function run() {
 }
 
 async function validateSubscription() {
-  const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`;
+  let repoPrivate;
+  const eventPath = process.env.GITHUB_EVENT_PATH;
+  if (eventPath && fs.existsSync(eventPath)) {
+    const payload = JSON.parse(fs.readFileSync(eventPath, 'utf8'));
+    repoPrivate = payload?.repository?.private;
+  }
+
+  const upstream = 'amannn/action-semantic-pull-request';
+  const action = process.env.GITHUB_ACTION_REPOSITORY;
+  const docsUrl =
+    'https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions';
+
+  core.info('');
+  core.info('\u001b[1;36mStepSecurity Maintained Action\u001b[0m');
+  core.info(`Secure drop-in replacement for ${upstream}`);
+  if (repoPrivate === false) {
+    core.info('\u001b[32m\u2713 Free for public repositories\u001b[0m');
+  }
+  core.info(`\u001b[36mLearn more:\u001b[0m ${docsUrl}`);
+  core.info('');
+
+  if (repoPrivate === false) return;
+  const serverUrl = process.env.GITHUB_SERVER_URL || 'https://github.com';
+  const body = {action: action || ''};
 
+  if (serverUrl !== 'https://github.com') body.ghes_server = serverUrl;
   try {
-    await axios.get(API_URL, {timeout: 3000});
+    await axios.post(
+      `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`,
+      body,
+      {timeout: 3000}
+    );
   } catch (error) {
-    if (error.response && error.response.status === 403) {
-      console.error(
-        'Subscription is not valid. Reach out to support@stepsecurity.io'
+    if (axios.isAxiosError(error) && error.response?.status === 403) {
+      core.error(
+        `\u001b[1;31mThis action requires a StepSecurity subscription for private repositories.\u001b[0m`
+      );
+      core.error(
+        `\u001b[31mLearn how to enable a subscription: ${docsUrl}\u001b[0m`
       );
       process.exit(1);
-    } else {
-      core.info('Timeout or API not reachable. Continuing to next step.');
     }
+    core.info('Timeout or API not reachable. Continuing to next step.');
   }
 }