GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

Overview

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create a pull request with the updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest
  
    steps:
      - uses: actions/[email protected]
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # Optional, This will be used to configure git
          # defaults to `github-actions[bot]` if not provided
          committer_username: 'test'
          committer_email: '[email protected]'
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/[email protected]", "actions/[email protected]"]'

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

License

The code in this project is released under the MIT License.

Comments
  • 0.7.0 fails even if there is no error

    0.7.0 fails even if there is no error

    When running this action, the workflows fails, even if there's no evident error and all the actions are checked:

    image

    The job is configured like this:

    jobs:
      build:
        runs-on: ubuntu-latest
    
        steps:
          - uses: actions/[email protected]
            with:
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
    
          - name: Run GitHub Actions Version Updater
            uses: saadmk11/[email protected]
            with:
              # Optional, This will be used to configure git
              # defaults to `github-actions[bot]` if not provided
              #committer_username: 'test'
              #committer_email: '[email protected]'
              # Optional, allows customizing the commit message and pull request title
              # Both default to 'Update GitHub Action Versions'
              commit_message: 'Github Actions versions have changed'
              pull_request_title: 'Github Actions versions have changed'
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
              release_types: major
    
    bug 
    opened by ASarco 7
  • Feature Request: Add user/team reviewer field for generated PR

    Feature Request: Add user/team reviewer field for generated PR

    It would be nice to have optional fields for adding team reviewers/user reviewers on the PR that is generated by this action. This way we would also be notified of any newly opened PR due to this action. I am trying to implement this for our openedX repos here in this PR: https://github.com/openedx/edx-platform/pull/31170 and this feature would unblock me on this PR.

    enhancement 
    opened by aht007 5
  • Downgrades are being proposed

    Downgrades are being proposed

    There seems to be something off with resolving the actual version changes:

    Found new version for "actions/checkout"
      Updating "actions/[email protected]" with "actions/[email protected]"
      Found new version for "saadmk11/github-actions-version-updater"
      Updating "saadmk11/[email protected]" with "saadmk11/[email protected]"
      Found new version for "actions/setup-python"
      Updating "actions/[email protected]" with "actions/[email protected]"
    

    The specific issues I see here:

    • v2.5.0 is considered more recent than version v3 for actions/checkout.
    • v0.5.6 is considered more recent than main, although main references the latest unreleased code from the default branch.
    • v4.3.0 is being proposed for the short syntax v4, although I would assume that v4 will always use the latest release of the v4 major version (currently being v4.3.0 for actions/setup-python). I am not sure about this though, as I could not find any information on which version is being picked by GitHub Actions in this case.
    bug 
    opened by FriedrichFroebel 4
  • main: use local paths instead of github API

    main: use local paths instead of github API

    for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

    Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

    opened by villelahdenvuo 3
  • This action sometimes suggests downgrades

    This action sometimes suggests downgrades

    Sometimes actions backport some features to previous major versions, and this action is offering them in the PRs, essentially meaning it would downgrade the version if merged.

    As far as I understand this is due to not parsing the version and just looking at the latest release in terms of date. I recommend parsing the version and comparing them numerically to decide whether a version is newer or not.

    opened by starikcetin 3
  • Custom commit message and pull request title won't work

    Custom commit message and pull request title won't work

    I am using this action as follows:

    - uses: saadmk11/[email protected]
      with:
        commit_message: "chore: update github action versions"
        pull_request_title: "chore: update github action versions"
        token: ${{ secrets.WORKFLOW_SCOPED_ACCESS_TOKEN }}
    

    It gives the following warning:

    Unexpected input(s) 'commit_message', 'pull_request_title', valid inputs are ['entryPoint', 'args', 'committer_username', 'committer_email', 'ignore', 'token']
    

    And I get the default pull request title and commit message instead.

    opened by starikcetin 2
  • Allow custom commit message and pull request title

    Allow custom commit message and pull request title

    This PR creates two new inputs, to allow customizing the PR title and commit message. This is useful when someone wants to ensure consistency in their repo, such as using conventional commits or any organization standard.

    Those are optional, and will default to the current value of 'Update GitHub Action Versions'.

    New inputs were also documented in the README file.

    opened by thehedgefrog 2
  • 404 when creating pull request

    404 when creating pull request

    Hi,

    I just tested it and have the following message:

    Warning: Could not create a pull request on Squidex/squidex, status code: 404
    

    https://github.com/Squidex/squidex/actions/runs/3260603775/jobs/5354281561

    opened by SebastianStehle 1
  • Add Option to Let Users Specify Custom Workflow Locations

    Add Option to Let Users Specify Custom Workflow Locations

    We are currently using GitHub's API (which always returns .github/workflows/*.y(a)ml files) to find the workflow locations, This works in most cases but if a repository has workflow files in different locations then those files are not checked.

    Originally Posted By: @villelahdenvuo Ref: https://github.com/saadmk11/github-actions-version-updater/pull/29

    for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

    Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

    enhancement 
    opened by saadmk11 0
  • Feature Request: Only suggest major version upgrades

    Feature Request: Only suggest major version upgrades

    I would like to stay with @v3, @v4 and so on. Would be great to only suggest these changes. I do not need a PR for an upgrade from v3.2.11 to v3.2.12 for example.

    Perhaps a mode with "MAJOR", "MINOR", "FULL"?

    opened by SebastianStehle 0
  • Dry run mode

    Dry run mode

    I recently discovered this action and considered using it in my own projects.

    For now, it seems to always generate a pull request if there are changes. While this is perfectly fine for most use cases, I would like to use this as a check only, id est an action which reports the corresponding action versions to update inside each workflow and fails if there are updates, without creating a corresponding pull request.

    With the current updater class, this seems to be tricky: I would either have to subclass this in some code of mine and overwrite the complete run method - or monkey-patch at least create_pull_request.

    Is there any chance of providing some sort of "dry run" mode natively, which just performs the check instead of sending a pull request as well?

    enhancement 
    opened by FriedrichFroebel 0
  • Allow actions to be stored inside a sub-directory of a repository

    Allow actions to be stored inside a sub-directory of a repository

    Some action developers seem to put multiple actions into separate directories inside one repository: Example: flatpak-github-actions.

    As this works with GitHub Actions, it would be nice to also be able to get update notifications for them.

    enhancement 
    opened by tobiastom 1
  • Add pull request branch configuration

    Add pull request branch configuration

    This fixes #39

    There is 2 new configuration:

    • pull_request_branch: The pull request branch name.
    • pull_request_unique: Is the pull request branch unique? If "false" the branch will be suffixed with a timestamp.

    By default the branch is not unique and is suffixed with a timestamp, and the name is gh-actions-update.

    The current default behavior is unchanged.

    opened by jmlemetayer 2
  • Allow to configure the branch name

    Allow to configure the branch name

    I have configured the version updater action on my project and it works perfectly. Thanks for your project.

    But as it is executed every day and with a new branch name each time, if I don't check my projects every day, I end up with several pull requests for the same patch.

    On my workflow:

    on:                                                                                                                                                                                                            
      schedule:                                                                                                                                                                                                    
        - cron: '0 0 * * *'
    

    On main.py:

    new_branch_name = f"gh-actions-update-{int(time.time())}"
    

    I think it will be good to have a fix branch name (at least as an option), So that the pull request can be updated each time (with a force push).

    Best regards, Jean-Marie

    enhancement 
    opened by jmlemetayer 0
  • Unable to push branch

    Unable to push branch

    Hi! I'm currently trying to implement your workflow in https://github.com/voxpupuli/vox-pupuli-tasks/pull/479

    from the workflow config:

      github-action-updater:
        runs-on: ubuntu-latest
        steps:
        - uses: actions/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
        - name: GitHub Actions Version Updater
          uses: saadmk11/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
    

    This fails with:

    Create New Branch
      error: pathspec 'refs/pull/479/merge' did not match any file(s) known to git
      Switched to a new branch 'gh-actions-update-1655896430'
      [gh-actions-update-1655896430 7cbc18e] Update GitHub Action Versions
       3 files changed, 14 insertions(+), 14 deletions(-)
      To https://github.com/voxpupuli/vox-pupuli-tasks
       ! [remote rejected] gh-actions-update-1655896430 -> gh-actions-update-1655896430 (shallow update not allowed)
      error: failed to push some refs to 'https://github.com/voxpupuli/vox-pupuli-tasks'
    Create Pull Request
      Warning: Could not create a pull request on voxpupuli/vox-pupuli-tasks, status code: [422]
    

    and a couple of questions:

    • Does the token for actions/[email protected] actually needs the workflow scope?
    • The action is marked as successful, even when the push failed. I think that should be changed?
    bug 
    opened by bastelfreak 6
Releases(v0.7.1)
  • v0.7.1(Oct 29, 2022)

    What's Changed

    • ci: update checkout version by @kevinneville in https://github.com/saadmk11/github-actions-version-updater/pull/32
    • Handle Workflow File Not Found Error by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/33
    • Add Option to Specify Custom Workflow File/Directory Paths by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/34
    • Add GitHub Actions Version Updater by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/35
    • Update GitHub Action Versions by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/36

    New Contributors

    • @kevinneville made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/32

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.0...v0.7.1

    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Oct 22, 2022)

    What's Changed

    • Allow custom commit message and pull request title by @thehedgefrog in https://github.com/saadmk11/github-actions-version-updater/pull/12
    • Refactor Code and Use github-action-utils for logging by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/17
    • Add Option to Skip Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/18
    • Add Option to Use Commit SHA as a Version and FIx Latest Release Version Resolver by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/19
    • Add Option to Request Reviews for Generated Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/24
    • Add Option to use Release Types (major, minor, patch) for Updates by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/26
    • Improve Documentation by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/27
    • Release v0.7.0 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/28

    New Contributors

    • @thehedgefrog made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/12

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.5.6...v0.7.0

    Source code(tar.gz)
    Source code(zip)
  • v0.5.6(Apr 10, 2021)

  • v0.5.5(Apr 8, 2021)

Owner
Maksudul Haque
Web Developer, Open Source Contributor
Maksudul Haque
MODSKIN-LOLPRO-updater: The mod is fkn 10y old and has'nt a self-updater

The mod is fkn 10y old and has'nt a self-updater. To use it just run the exec, wait some seconds, and it will run the new modsk

Shiro Amurha 3 Apr 23, 2022
tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel

tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel. This project is inspired by tox-travis.

tox development team 18 Oct 24, 2022
to learn how to do pull request and do contribution to other's repo

Hacktoberfest-2021 - open-source-contribution An Open Source repository to Teach people How to contribute to open sources. ?? ?? JOIN PVX PROGRAMMING

Shubham Rawat 79 Oct 17, 2022
Automated GitHub profile content using the USGS API, Plotly and GitHub Actions.

Top 20 Largest Earthquakes in the Past 24 Hours Location Mag Date and Time (UTC) 92 km SW of Sechura, Peru 5.2 11-05-2021 23:19:50 113 km NNE of Lobuj

Mr. Phantom 28 Oct 31, 2022
Python project setup, updater, and launcher

Launcher Python project setup, updater, and launcher Purpose: Increase project productivity and provide features easily. Once installed as a git submo

DAAV, LLC 1 Jan 7, 2022
Python project setup, updater, and launcher

pyLaunch Python project setup, updater, and launcher Purpose: Increase project productivity and provide features easily. Once installed as a git submo

DAAV, LLC 1 Jan 7, 2022
Purge all transformation orientations addon for Blender 2.8 and newer versions

CTO Purge This add-on adds a new button to Blender's Transformation Orientation panel which empowers the user to purge all of his/her custom transform

MMMrqs 8 Apr 15, 2022
Auto check in via GitHub Actions

因为本人毕业离校,本项目交由在校的@hfut-xyc同学接手,请访问hfut-xyc/hfut_auto_check-in获得最新的脚本 本项目遵从GPLv2协定,Copyright (C) 2021, Fw[a]rd 免责声明 根据GPL协定,我、本项目的作者,不会对您使用这个脚本带来的任何后果

Fw[a]rd 3 Jun 27, 2021
Addon for Blender 2.8+ that automatically creates NLA tracks for all animations. Useful for GLTF export.

PushDownAll An addon for Blender 2.8+ that runs Push Down on all animations, creating NLA tracks for each. This is useful if you have an object with m

Cory Petkovsek 16 Oct 6, 2022
An extended version of the hotkeys demo code using action classes

An extended version of the hotkeys application using action classes. In adafruit's Hotkeys code, a macro is using a series of integers, assumed to be

Neradoc 5 May 1, 2022
This is the core of the program which takes 5k SYMBOLS and looks back N years to pull in the daily OHLC data of those symbols and saves them to disc.

This is the core of the program which takes 5k SYMBOLS and looks back N years to pull in the daily OHLC data of those symbols and saves them to disc.

Daniel Caine 1 Jan 31, 2022
a pull switch (or BYO button) that gets you out of video calls, quick

zoomout a pull switch (or BYO button) that gets you out of video calls, quick. As seen on Twitter System compatibility Tested on macOS Catalina (10.15

Brian Moore 422 Oct 21, 2022
Donatus Prince 6 Feb 25, 2022
Notifies server owners of mod updates, also notifies of player deaths and player joins through Discord.

ProjectZomboid-ServerAssistant Notifies server owners of mod updates, also notifies of player deaths and player joins through Discord. A Python based

null 3 Sep 30, 2022
A bot to view Dilbert comics directly from Discord and get updates of the comics automatically.

A bot to view Dilbert comics directly from Discord and get updates of the comics automatically

Raghav Sharma 2 Nov 2, 2022
github action test, because I dont know it.

mad-y testing testing pip install -r requirements.txt add the DISCORD_TOKEN value to your env vars. and run mad-y how to Deploy ` docker build -t mad-

Mit 1 Oct 29, 2021
A Github Action for sending messages to a Matrix Room.

matrix-commit A Github Action for sending messages to a Matrix Room. Screenshot: Example Usage: # .github/workflows/matrix-commit.yml on: push:

null 3 Sep 11, 2022
LSO, also known as Linux Swap Operator, is a software with both GUI and terminal versions that you can manage the Swap area for Linux operating systems.

LSO - Linux Swap Operator Türkçe - LSO Nedir? LSO, diğer adıyla Linux Swap Operator Linux işletim sistemleri için Swap alanını yönetebileceğiniz hem G

Eren İnce 4 Feb 9, 2022
Xbps-install wrapper written in Python that doesn't care about case sensitiveness and package versions

xbi Xbps-install wrapper written in Python that doesn't care about case sensitiveness and package versions. Description This Python script can be easi

Emanuele Sabato 5 Apr 11, 2022