GitHub Actions Version Updater is GitHub Action that Updates Other GitHub Actions in a Repository and creates a pull request with those updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.
How Does It Work:
GitHub Actions Version Updater first goes through all the workflows
in a repository and checks for updates for each of the actions used in those workflows.If an update is found and if that action is not ignored then the workflows are updated
with the latest release of the action being used.If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.
Finally, a pull request is created with the newly created branch.
GitHub repository:
saadmk11 / github-actions-version-updater
A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates
GitHub Actions Version Updater
GitHub Actions Version Updater is a GitHub Action that is used to Update All GitHub Actions in a Repository and create a pull request with the updates (if enabled) It is an automated dependency updater similar to GitHub's Dependabot but for GitHub Actions.
How Does It Work?
-
GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.
-
If an update is found and if that action is not ignored then the workflows are updated with the new version of the action being used.
-
If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub. (If enabled)
-
Finally, a pull request is created with the newly created branch. (If enabled)
Supported Version Fetch Sources
-
release-tag
(default): Uses specific release tag from…
Marketplace:
https://github.com/marketplace/actions/github-actions-version-updater
Usage:
We recommend running this action on a schedule
event or a workflow_dispatch
event.
To integrate GitHub Actions Version Updater
on your repository, create a YAML
file inside .github/workflows/
directory (.github/workflows/updater.yaml
) add the following into the file:
name: GitHub Actions Version Updater
# Controls when the action will run.
on:
# can be used to run workflow manually
workflow_dispatch:
schedule:
# Automatically run on every Sunday
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
# Access token with `workflow` scope is required
token: ${{ secrets.WORKFLOW_SECRET }}
- name: Run GitHub Actions Version Updater
uses: saadmk11/github-actions-version-updater@v0.5.6
with:
# Access token with `workflow` scope is required
token: ${{ secrets.WORKFLOW_SECRET }}
# Do not update these actions (Optional)
# You need to add JSON array inside a string
# because GitHub Actions does not yet allow `Lists` as input
ignore: '["actions/checkout@v2", "actions/cache@v2"]'
Important Note:
GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}
) does not have permission to update a workflow. That's why you need to create a Personal Access Token
with repo and workflow scope and pass it to the action.
To know more about how to pass a secret to GitHub actions you can Read GitHub Docs
GitHub Actions Version Updater in Action:
Pull Request Created by GitHub Actions Version Updater:
Pull Request File Changes:
Conclusion
I think this will be really helpful for Open Source Maintainers to manage GitHub actions dependencies. If anyone is interested please try GitHub Actions Version Updater out and leave some feedback :)
If you have any questions you can reach out to me on Twitter @saad_mk11
Top comments (0)