Skip to content

A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates

License

Notifications You must be signed in to change notification settings

saadmk11/github-actions-version-updater

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is a GitHub Action that is used to Update All GitHub Actions in a Repository and create a pull request with the updates (if enabled). It is an automated dependency updater similar to GitHub's Dependabot but for GitHub Actions.

How Does It Work?

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the new version of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub. (If enabled)

  • Finally, a pull request is created with the newly created branch. (If enabled)

Supported Version Fetch Sources

  • release-tag (default): Uses specific release tag from the latest release to update a GitHub Action. (e.g. actions/[email protected])

  • release-commit-sha: Uses the latest release tag commit SHA to update a GitHub Action. (e.g. actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f)

  • default-branch-sha: Uses default branch (e.g: main, master) latest commit SHA to update a GitHub Action. (e.g. actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f)

You can use update_version_with input option to select one of them. (e.g. update_version_with: 'default-branch-sha')

Release Types

  • all (default): Actions with any new release will be updated.
  • major: Actions with only new major release will be updated.
  • minor: Actions with only new minor release will be updated.
  • patch: Actions with only new patch release will be updated.

You can use release_types input option to select one/all of them. (e.g. "major, minor")

Usage

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (e.g: .github/workflows/updater.yaml) add the following lines into the file:

name: GitHub Actions Version Updater

# Controls when the action will run.
on:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          # [Required] Access token with `workflow` scope.
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # [Required] Access token with `workflow` scope.
          token: ${{ secrets.WORKFLOW_SECRET }}

Workflow input options

These are the inputs that can be provided on the workflow.

Name Required Description Default Example
token Yes GitHub Access Token with workflow scope (The Token needs to be added to the actions secrets) null ${{ secrets.WORKFLOW_SECRET }}
committer_username No Name of the user who will commit the changes to GitHub "github-actions[bot]" "Test User"
committer_email No Email Address of the user who will commit the changes to GitHub "github-actions[bot]@users.noreply.github.com" "[email protected]"
commit_message No Commit message for the commits created by the action "Update GitHub Action Versions" "Custom Commit Message"
pull_request_title No Title of the pull requests generated by the action "Update GitHub Action Versions" "Custom PR Title"
pull_request_branch (Experimental) No The pull request branch name. (If provided, the action will force push to the branch) "gh-actions-update-" "github/actions-update"
ignore No A comma separated string of GitHub Actions to ignore updates for null "actions/checkout@v2, actions/cache@v2"
skip_pull_request No If "true", the action will only check for updates and if any update is found the job will fail and update the build summary with the diff (Options: "true", "false") "false" "true"
update_version_with No Use The Latest Release Tag/Commit SHA or Default Branch Commit SHA to update the actions (options: "release-tag", "release-commit-sha", "default-branch-sha"') "release-tag" "release-commit-sha"
release_types No A comma separated string of release types to use when updating the actions. By default, all release types are used to update the actions. Only Applicable for "release-tag", "release-commit-sha" (Options: "major", "minor", "patch" [one or many seperated by comma]) "all" "minor, patch"
pull_request_user_reviewers No A comma separated string (usernames) which denotes the users that should be added as reviewers to the pull request null "octocat, hubot, other_user"
pull_request_team_reviewers No A comma separated string (team slugs) which denotes the teams that should be added as reviewers to the pull request null "justice-league, other_team"
pull_request_labels No A comma separated string (label names) which denotes the labels which will be added to the pull request null "dependencies, automated"
extra_workflow_locations No A comma separated string of file or directory paths to look for workflows. By default, only the workflow files in the .github/workflows directory are checked updates null "path/to/directory, path/to/workflow.yaml"

Workflow with all options

name: GitHub Actions Version Updater

# Controls when the action will run.
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          # [Required] Access token with `workflow` scope.
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # [Required] Access token with `workflow` scope.
          token: ${{ secrets.WORKFLOW_SECRET }}
          committer_username: 'Test'
          committer_email: '[email protected]'
          commit_message: 'Commit Message'
          pull_request_title: 'Pull Request Title'
          ignore: 'actions/checkout@v2, actions/cache@v2'
          skip_pull_request: 'false'
          update_version_with: 'release-tag'
          release_types: "minor, patch"
          pull_request_user_reviewers: "octocat, hubot, other_user"
          pull_request_team_reviewers: "justice-league, other_team"
          pull_request_labels: "dependencies, automated"
          extra_workflow_locations: "path/to/directory, path/to/workflow.yaml"
          # [Experimental]
          pull_request_branch: "actions-update"

Important Note

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token

For Personal Access Token (Classic):

You need to create a classic Personal Access Token with these scopes:

  • repo (To Push Changes to the Repository and Create Pull Requests)
  • workflow (To Update GitHub Action workflow files)

For Fine-grained Personal Access Token:

You need to create a Fine-grained Personal Access Token with these Repository permissions:

  • Contents: Read and write (To Push Changes to the Repository)
  • Workflows: Read and write (To Update GitHub Action workflow files)
  • Pull requests: Read and write (To Create Pull Requests)
  • Metadata: Read-only (Required by Above Permissions)

After creating the token, you need to add it to your repository actions secrets and use it in the workflow. To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

A note about Git Large File Storage (LFS)

If your repository uses Git LFS, you will need to manually remove the LFS-related hook files, otherwise the action will fail because Git will not be able to create a branch because the lfs executable is not installed inside the container used by this action.

To work around this, just remove the hook files manually as an extra step before this action executes:

# ...
jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.WORKFLOW_SECRET }}
          lfs: false

      - name: Remove LFS hooks
        # This repository uses Git LFS, but it not being
        # in the container causes the action to fail to create a new branch.
        # Removing the hooks manually is harmless and works around this issue.
        run: |
          rm .git/hooks/post-checkout
          rm .git/hooks/pre-push

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # ...

Outputs

Output Name Description
GHA_UPDATE_PR_NUMBER The number of the created pull request.

Example Workflow

name: GitHub Actions Version Updater

# Controls when the action will run.
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
        with:
          # [Required] Access token with `workflow` scope.
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        # Required to get the PR number
        id: gha-update
        with:
          # [Required] Access token with `workflow` scope.
          token: ${{ secrets.WORKFLOW_SECRET }}
          skip_pull_request: 'false'
      - name: Get PR Number
        run: echo "The PR Number is ${{ steps.gha-update.outputs.GHA_UPDATE_PR_NUMBER }}"

Alternative

You can also use Dependabot to update your GitHub Actions.

GitHub Actions Version Updater in Action

GitHub Actions Version Updater Demo

License

The code in this project is released under the MIT License.