gh is GitHub on the command line. It brings pull requests, issues, and other GitHub concepts to the terminal next to where you are already working with git and your code.
GitHub CLI is supported for users on GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server 2.20+ with support for macOS, Windows, and Linux.
For installation options see below, for usage instructions see the manual.
If anything feels off or if you feel that some functionality is missing, please check out the contributing page. There you will find instructions for sharing your feedback, building the tool locally, and submitting pull requests to the project.
If you are a hubber and are interested in shipping new commands for the CLI, check out our doc on internal contributions
For additional macOS packages and installers, see community-supported docs
- Debian, Raspberry Pi, Ubuntu
- Amazon Linux, CentOS, Fedora, openSUSE, RHEL, SUSE
- Precompiled binaries on releases page
For additional Linux & Unix packages and installers, see community-supported docs
For additional Windows packages and installers, see community-supported docs
See here on how to build GitHub CLI from source.
To add GitHub CLI to your codespace, add the following to your devcontainer file:
"features": {
"ghcr.io/devcontainers/features/github-cli:1": {}
}GitHub-hosted runners have the GitHub CLI pre-installed, which is updated weekly.
If a specific version is needed, your GitHub Actions workflow will need to install it based on the macOS, Linux & Unix, or Windows instructions above.
For information on all pre-installed tools, see actions/runner-images
Since version 2.50.0, gh has been producing Build Provenance Attestation, enabling a cryptographically verifiable paper-trail back to the origin GitHub repository, git revision, and build instructions used. The build provenance attestations are signed and rely on Public Good Sigstore for PKI.
There are two common ways to verify a downloaded release, depending on whether gh is already installed or not. If gh is installed, it's trivial to verify a new release:
-
Option 1: Using
ghif already installed:$ gh at verify -R cli/cli gh_2.62.0_macOS_arm64.zip Loaded digest sha256:fdb77f31b8a6dd23c3fd858758d692a45f7fc76383e37d475bdcae038df92afc for file://gh_2.62.0_macOS_arm64.zip Loaded 1 attestation from GitHub API ✓ Verification succeeded! sha256:fdb77f31b8a6dd23c3fd858758d692a45f7fc76383e37d475bdcae038df92afc was attested by: REPO PREDICATE_TYPE WORKFLOW cli/cli https://slsa.dev/provenance/v1 .github/workflows/deployment.yml@refs/heads/trunk
-
Option 2: Using Sigstore
cosign:To perform this, download the attestation for the downloaded release and use cosign to verify the authenticity of the downloaded release:
$ cosign verify-blob-attestation --bundle cli-cli-attestation-3120304.sigstore.json \ --new-bundle-format \ --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ --certificate-identity="https://github.com/cli/cli/.github/workflows/deployment.yml@refs/heads/trunk" \ gh_2.62.0_macOS_arm64.zip Verified OK
For many years, hub was the unofficial GitHub CLI tool. gh is a new project that helps us explore
what an official GitHub CLI tool can look like with a fundamentally different design. While both
tools bring GitHub to the terminal, hub behaves as a proxy to git, and gh is a standalone
tool. Check out our more detailed explanation to learn more.