DEV Community

Maksudul Haque
Maksudul Haque

Posted on • Updated on

GitHub Actions Version Updater, Similar to GitHub's Dependabot, but for GitHub Actions

GitHub Actions Version Updater is GitHub Action that Updates Other GitHub Actions in a Repository and creates a pull request with those updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows
    in a repository and checks for updates for each of the actions used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated
    with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

GitHub repository:

GitHub logo saadmk11 / github-actions-version-updater

A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is a GitHub Action that is used to Update All GitHub Actions in a Repository and create a pull request with the updates (if enabled) It is an automated dependency updater similar to GitHub's Dependabot but for GitHub Actions.

How Does It Work?

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the new version of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub. (If enabled)

  • Finally, a pull request is created with the newly created branch. (If enabled)

Supported Version Fetch Sources

  • release-tag (default): Uses specific release tag from…

Marketplace:

https://github.com/marketplace/actions/github-actions-version-updater

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/github-actions-version-updater@v0.5.6
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/checkout@v2", "actions/cache@v2"]'
Enter fullscreen mode Exit fullscreen mode

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token
with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

Pull Request Created by GitHub Actions Version Updater:

GitHub Actions Version Updater Pull Request

Pull Request File Changes:

GitHub Actions Version Updater Pull Request Changes

Conclusion

I think this will be really helpful for Open Source Maintainers to manage GitHub actions dependencies. If anyone is interested please try GitHub Actions Version Updater out and leave some feedback :)

If you have any questions you can reach out to me on Twitter @saad_mk11

Top comments (0)