The actions were working correctly, and during the last run the error "fatal : not in a git directory" appeared.

The faulty run: https://github.com/jmlemetayer/project-release/actions/runs/3699984553/jobs/6267948063

The last modification of the workflow was the update of the "actions/checkout" to v3.2.0 (done by the github-actions-version-updater): https://github.com/jmlemetayer/project-release/commit/a0a4dfdf978d1b67979ca6d8a8df434a303a1c85

This fixes #39

There is 2 new configuration:

• pull_request_branch: The pull request branch name.
• pull_request_unique: Is the pull request branch unique? If "false" the branch will be suffixed with a timestamp.

By default the branch is not unique and is suffixed with a timestamp, and the name is gh-actions-update.

The current default behavior is unchanged.

When running this action, the workflows fails, even if there's no evident error and all the actions are checked:

The job is configured like this:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.ACTION_GITHUB_TOKEN }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # Optional, This will be used to configure git
          # defaults to `github-actions[bot]` if not provided
          #committer_username: 'test'
          #committer_email: '[email protected]'
          # Optional, allows customizing the commit message and pull request title
          # Both default to 'Update GitHub Action Versions'
          commit_message: 'Github Actions versions have changed'
          pull_request_title: 'Github Actions versions have changed'
          # Access token with `workflow` scope is required
          token: ${{ secrets.ACTION_GITHUB_TOKEN }}
          release_types: major

Hi!

First of all thanks for writing this action and making it publicly available. 👍

I'm trying to make it to work, however for me it always fails at the Create New Branch stage, and unfortunately I can't see the reason for that from the output:

Create New Branch (refs/heads/main -> gh-actions-update-1669032900)
  Error: Note: checking out 'refs/heads/main'.
  
  You are in 'detached HEAD' state. You can look around, make experimental
  changes and commit them, and you can discard any commits you make in this
  state without impacting any branches by performing another checkout.
  
  If you want to create a new branch to retain commits you create, you may
  do so (now or later) by using -b with the checkout command again. Example:
  
    git checkout -b <new-branch-name>
  
  HEAD is now at 3acfbc3 Set explicit permissions in update gh actions workflow
  
  This repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting '.git/hooks/post-checkout'.

Using version 0.7.1.

I did try to disable Git LFS (even though doesn't seem like that would be a problem), with the same results.

Any hints?

Thanks

It would be nice to have optional fields for adding team reviewers/user reviewers on the PR that is generated by this action. This way we would also be notified of any newly opened PR due to this action. I am trying to implement this for our openedX repos here in this PR: https://github.com/openedx/edx-platform/pull/31170 and this feature would unblock me on this PR.

There seems to be something off with resolving the actual version changes:

Found new version for "actions/checkout"
  Updating "actions/checkout@v3" with "actions/[email protected]"
  Found new version for "saadmk11/github-actions-version-updater"
  Updating "saadmk11/github-actions-version-updater@main" with "saadmk11/[email protected]"
  Found new version for "actions/setup-python"
  Updating "actions/setup-python@v4" with "actions/[email protected]"

The specific issues I see here:

• v2.5.0 is considered more recent than version v3 for actions/checkout.
• v0.5.6 is considered more recent than main, although main references the latest unreleased code from the default branch.
• v4.3.0 is being proposed for the short syntax v4, although I would assume that v4 will always use the latest release of the v4 major version (currently being v4.3.0 for actions/setup-python). I am not sure about this though, as I could not find any information on which version is being picked by GitHub Actions in this case.

for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

Sometimes actions backport some features to previous major versions, and this action is offering them in the PRs, essentially meaning it would downgrade the version if merged.

As far as I understand this is due to not parsing the version and just looking at the latest release in terms of date. I recommend parsing the version and comparing them numerically to decide whether a version is newer or not.

I am using this action as follows:

- uses: saadmk11/[email protected]
  with:
    commit_message: "chore: update github action versions"
    pull_request_title: "chore: update github action versions"
    token: ${{ secrets.WORKFLOW_SCOPED_ACCESS_TOKEN }}

It gives the following warning:

Unexpected input(s) 'commit_message', 'pull_request_title', valid inputs are ['entryPoint', 'args', 'committer_username', 'committer_email', 'ignore', 'token']

And I get the default pull request title and commit message instead.

This PR creates two new inputs, to allow customizing the PR title and commit message. This is useful when someone wants to ensure consistency in their repo, such as using conventional commits or any organization standard.

Those are optional, and will default to the current value of 'Update GitHub Action Versions'.

New inputs were also documented in the README file.

Hi,

I just tested it and have the following message:

Warning: Could not create a pull request on Squidex/squidex, status code: 404

https://github.com/Squidex/squidex/actions/runs/3260603775/jobs/5354281561

Since composite actions are a alternative method to make the workflows more reusable, i think it would be good to add a way to check if the actions defined within have a new version.

Today, a composite action can be defined in two ways:

• In a public repository Then, can be used in a workflow like another Github Action in the marketplace (ex: uses: actions/checkout@v3). For this case, the version updater will work without problems.

• In a private repository For this case, you need to checkout the repo that contains the composite action using a PAT token. Then in the step, the action need be specified specified without the version (@x.x.x). The version of the composite action is determined by the ref input of the checkouted step of the composite action repo.

The problem is, in both cases, there is no way to check the versions of the actions used in the composite actions. Our projects uses a lot of these composite actions in the workflows. We used this approach because Github Actions does not support using reusable workflows from private repositores, only composite actions. There is a way to add this feature? Maybe scan the composite action file, instead of the workflow itself...

Thanks in advance.

This seems like a fairly standard practice for GitHub Actions that create issues and PRs for you so I was surprised to find this wasn't an option here. We've got a couple of very PR-heavy repos so being able to add labels like "automated" and "dependencies" is very helpful for filtering bot-generated PRs from ones created by humans, especially for reminders and notifications.

Some action developers seem to put multiple actions into separate directories inside one repository: Example: flatpak-github-actions.

As this works with GitHub Actions, it would be nice to also be able to get update notifications for them.

I have configured the version updater action on my project and it works perfectly. Thanks for your project.

But as it is executed every day and with a new branch name each time, if I don't check my projects every day, I end up with several pull requests for the same patch.

On my workflow:

on:                                                                                                                                                                                                            
  schedule:                                                                                                                                                                                                    
    - cron: '0 0 * * *'

On main.py:

new_branch_name = f"gh-actions-update-{int(time.time())}"

I think it will be good to have a fix branch name (at least as an option), So that the pull request can be updated each time (with a force push).

Best regards, Jean-Marie

Hi! I'm currently trying to implement your workflow in https://github.com/voxpupuli/vox-pupuli-tasks/pull/479

from the workflow config:

  github-action-updater:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
    - name: GitHub Actions Version Updater
      uses: saadmk11/[email protected]
      with:
        token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}

This fails with:

Create New Branch
  error: pathspec 'refs/pull/479/merge' did not match any file(s) known to git
  Switched to a new branch 'gh-actions-update-1655896430'
  [gh-actions-update-1655896430 7cbc18e] Update GitHub Action Versions
   3 files changed, 14 insertions(+), 14 deletions(-)
  To https://github.com/voxpupuli/vox-pupuli-tasks
   ! [remote rejected] gh-actions-update-1655896430 -> gh-actions-update-1655896430 (shallow update not allowed)
  error: failed to push some refs to 'https://github.com/voxpupuli/vox-pupuli-tasks'
Create Pull Request
  Warning: Could not create a pull request on voxpupuli/vox-pupuli-tasks, status code: [422]

and a couple of questions:

• Does the token for actions/checkout@v2 actually needs the workflow scope?
• The action is marked as successful, even when the push failed. I think that should be changed?