TOOLKIT FOR GITHUB RELEASES

Install tools from GitHub releases with one command.

ghr is a single static binary that picks the right release asset for your OS and architecture, then verifies it with minisign, sigstore, or a plain checksum — on Mac, Linux, and Windows, and in GitHub Actions.

Quick install
curl -fsSL https://raw.githubusercontent.com/cataggar/ghr/main/install.sh | sh
iwr -useb https://raw.githubusercontent.com/cataggar/ghr/main/install.ps1 | iex
brew install cataggar/ghr/ghr   # or: winget install ghr
pipx install ghr-bin             # or: uv tool install ghr-bin
What it does

Cross-platform installs

ghr picks the right archive for your OS and CPU architecture automatically — one command works on macOS, Linux, and Windows.

Verified, not just downloaded

Every install can check GitHub's own SHA-256, a minisign signature, and a sigstore bundle before anything is extracted.

Built for GitHub Actions

actions/install and actions/download install several tools in one cached step, sharing an HTTP client and auth token.

Install ghr with ghr

ghr can install itself from its own releases — the same verification path every other tool gets.

No key files on disk

ghr minisign sign reads its secret key and password from the environment, so a release job is a single step.

Fork and self-host

Mirroring or re-publishing a project's releases is a normal GitHub fork — no separate registry to run.

From the blog

ghr: a toolkit for GitHub releases

Why ghr exists, how installs are verified with GitHub's checksum, minisign, and sigstore, and what it looks like to install ghr with ghr itself.

Read more →

Installable WebAssembly apps

Teaching ghr to install WASI 0.3 WebAssembly components straight from a GitHub release — a 3 KB app that runs unmodified on Windows, Linux, and macOS.

Read more →

Installable WASI 0.3 Pet Store example

A two-component WebAssembly example — a web component and a storage component talking over a component-model interface — installed with a single ghr command.

Read more →