GitHub Actions Version Updater is a GitHub Action that is used to Update All GitHub Actions in a Repository and create a pull request with the updates (if enabled). It is an automated dependency updater similar to GitHub's Dependabot but for GitHub Actions.
-
GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.
-
If an update is found and if that action is not ignored then the workflows are updated with the new version of the action being used.
-
If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub. (If enabled)
-
Finally, a pull request is created with the newly created branch. (If enabled)
-
release-tag
(default): Uses specific release tag from the latest release to update a GitHub Action. (e.g.actions/[email protected]
) -
release-commit-sha
: Uses the latest release tag commit SHA to update a GitHub Action. (e.g.actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f
) -
default-branch-sha
: Uses default branch (e.g:main
,master
) latest commit SHA to update a GitHub Action. (e.g.actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f
)
You can use update_version_with
input option to select one of them. (e.g. update_version_with: 'default-branch-sha'
)
all
(default): Actions with any new release will be updated.major
: Actions with only new major release will be updated.minor
: Actions with only new minor release will be updated.patch
: Actions with only new patch release will be updated.
You can use release_types
input option to select one/all of them. (e.g. "major, minor"
)
We recommend running this action on a schedule
event or a workflow_dispatch
event.
To integrate GitHub Actions Version Updater
on your repository, create a YAML
file
inside .github/workflows/
directory (e.g: .github/workflows/updater.yaml
) add the following lines into the file:
name: GitHub Actions Version Updater
# Controls when the action will run.
on:
schedule:
# Automatically run on every Sunday
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_SECRET }}
- name: Run GitHub Actions Version Updater
uses: saadmk11/[email protected]
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_SECRET }}
These are the inputs that can be provided on the workflow.
Name | Required | Description | Default | Example |
---|---|---|---|---|
token |
Yes | GitHub Access Token with workflow scope (The Token needs to be added to the actions secrets) |
null |
${{ secrets.WORKFLOW_SECRET }} |
committer_username |
No | Name of the user who will commit the changes to GitHub | "github-actions[bot]" | "Test User" |
committer_email |
No | Email Address of the user who will commit the changes to GitHub | "github-actions[bot]@users.noreply.github.com" | "[email protected]" |
commit_message |
No | Commit message for the commits created by the action | "Update GitHub Action Versions" | "Custom Commit Message" |
pull_request_title |
No | Title of the pull requests generated by the action | "Update GitHub Action Versions" | "Custom PR Title" |
ignore |
No | A comma separated string of GitHub Actions to ignore updates for | null |
"actions/checkout@v2, actions/cache@v2" |
skip_pull_request |
No | If "true", the action will only check for updates and if any update is found the job will fail and update the build summary with the diff (Options: "true", "false") | "false" | "true" |
update_version_with |
No | Use The Latest Release Tag/Commit SHA or Default Branch Commit SHA to update the actions (options: "release-tag", "release-commit-sha", "default-branch-sha"') | "release-tag" | "release-commit-sha" |
release_types |
No | A comma separated string of release types to use when updating the actions. By default, all release types are used to update the actions. Only Applicable for "release-tag", "release-commit-sha" (Options: "major", "minor", "patch" [one or many seperated by comma]) | "all" | "minor, patch" |
pull_request_user_reviewers |
No | A comma separated string (usernames) which denotes the users that should be added as reviewers to the pull request | null |
"octocat, hubot, other_user" |
pull_request_team_reviewers |
No | A comma separated string (team slugs) which denotes the teams that should be added as reviewers to the pull request | null |
"justice-league, other_team" |
extra_workflow_locations |
No | A comma separated string of file or directory paths to look for workflows. By default, only the workflow files in the .github/workflows directory are checked updates |
null |
"path/to/directory, path/to/workflow.yaml" |
name: GitHub Actions Version Updater
# Controls when the action will run.
on:
# can be used to run workflow manually
workflow_dispatch:
schedule:
# Automatically run on every Sunday
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_SECRET }}
- name: Run GitHub Actions Version Updater
uses: saadmk11/[email protected]
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_SECRET }}
committer_username: 'Test'
committer_email: '[email protected]'
commit_message: 'Commit Message'
pull_request_title: 'Pull Request Title'
ignore: 'actions/checkout@v2, actions/cache@v2'
skip_pull_request: 'false'
update_version_with: 'release-tag'
release_types: "minor, patch"
pull_request_user_reviewers: "octocat, hubot, other_user"
pull_request_team_reviewers: "justice-league, other_team"
extra_workflow_locations: "path/to/directory, path/to/workflow.yaml"
GitHub does not allow updating workflow files inside a workflow run.
The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}
) does not have
permission to update a workflow. That's why you need to create a Personal Access Token
with repo and workflow scope and pass it to the action.
To know more about how to pass a secret to GitHub actions you can Read GitHub Docs
The code in this project is released under the MIT License.