GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

Overview

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create a pull request with the updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest
  
    steps:
      - uses: actions/checkout@v2
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # Optional, This will be used to configure git
          # defaults to `github-actions[bot]` if not provided
          committer_username: 'test'
          committer_email: '[email protected]'
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/checkout@v2", "actions/cache@v2"]'

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

License

The code in this project is released under the MIT License.

Comments
  • "fatal: not in a git directory" after several successful runs

    The actions were working correctly, and during the last run the error "fatal : not in a git directory" appeared.

    The faulty run: https://github.com/jmlemetayer/project-release/actions/runs/3699984553/jobs/6267948063

    The last modification of the workflow was the update of the "actions/checkout" to v3.2.0 (done by the github-actions-version-updater): https://github.com/jmlemetayer/project-release/commit/a0a4dfdf978d1b67979ca6d8a8df434a303a1c85

    bug 
    opened by jmlemetayer 12
  • Add pull request branch configuration

    Add pull request branch configuration

    This fixes #39

    There is 2 new configuration:

    • pull_request_branch: The pull request branch name.
    • pull_request_unique: Is the pull request branch unique? If "false" the branch will be suffixed with a timestamp.

    By default the branch is not unique and is suffixed with a timestamp, and the name is gh-actions-update.

    The current default behavior is unchanged.

    opened by jmlemetayer 9
  • 0.7.0 fails even if there is no error

    0.7.0 fails even if there is no error

    When running this action, the workflows fails, even if there's no evident error and all the actions are checked:

    image

    The job is configured like this:

    jobs:
      build:
        runs-on: ubuntu-latest
    
        steps:
          - uses: actions/checkout@v2
            with:
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
    
          - name: Run GitHub Actions Version Updater
            uses: saadmk11/[email protected]
            with:
              # Optional, This will be used to configure git
              # defaults to `github-actions[bot]` if not provided
              #committer_username: 'test'
              #committer_email: '[email protected]'
              # Optional, allows customizing the commit message and pull request title
              # Both default to 'Update GitHub Action Versions'
              commit_message: 'Github Actions versions have changed'
              pull_request_title: 'Github Actions versions have changed'
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
              release_types: major
    
    bug 
    opened by ASarco 7
  • Workflow always fails at the

    Workflow always fails at the "Create New Branch" stage

    Hi!

    First of all thanks for writing this action and making it publicly available. 👍

    I'm trying to make it to work, however for me it always fails at the Create New Branch stage, and unfortunately I can't see the reason for that from the output:

    Create New Branch (refs/heads/main -> gh-actions-update-1669032900)
      Error: Note: checking out 'refs/heads/main'.
      
      You are in 'detached HEAD' state. You can look around, make experimental
      changes and commit them, and you can discard any commits you make in this
      state without impacting any branches by performing another checkout.
      
      If you want to create a new branch to retain commits you create, you may
      do so (now or later) by using -b with the checkout command again. Example:
      
        git checkout -b <new-branch-name>
      
      HEAD is now at 3acfbc3 Set explicit permissions in update gh actions workflow
      
      This repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting '.git/hooks/post-checkout'.
    

    Using version 0.7.1.

    I did try to disable Git LFS (even though doesn't seem like that would be a problem), with the same results.

    Any hints?

    Thanks

    opened by nicoddemus 5
  • Feature Request: Add user/team reviewer field for generated PR

    Feature Request: Add user/team reviewer field for generated PR

    It would be nice to have optional fields for adding team reviewers/user reviewers on the PR that is generated by this action. This way we would also be notified of any newly opened PR due to this action. I am trying to implement this for our openedX repos here in this PR: https://github.com/openedx/edx-platform/pull/31170 and this feature would unblock me on this PR.

    enhancement 
    opened by aht007 5
  • Downgrades are being proposed

    Downgrades are being proposed

    There seems to be something off with resolving the actual version changes:

    Found new version for "actions/checkout"
      Updating "actions/checkout@v3" with "actions/[email protected]"
      Found new version for "saadmk11/github-actions-version-updater"
      Updating "saadmk11/github-actions-version-updater@main" with "saadmk11/[email protected]"
      Found new version for "actions/setup-python"
      Updating "actions/setup-python@v4" with "actions/[email protected]"
    

    The specific issues I see here:

    • v2.5.0 is considered more recent than version v3 for actions/checkout.
    • v0.5.6 is considered more recent than main, although main references the latest unreleased code from the default branch.
    • v4.3.0 is being proposed for the short syntax v4, although I would assume that v4 will always use the latest release of the v4 major version (currently being v4.3.0 for actions/setup-python). I am not sure about this though, as I could not find any information on which version is being picked by GitHub Actions in this case.
    bug 
    opened by FriedrichFroebel 4
  • main: use local paths instead of github API

    main: use local paths instead of github API

    for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

    Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

    opened by villelahdenvuo 3
  • This action sometimes suggests downgrades

    This action sometimes suggests downgrades

    Sometimes actions backport some features to previous major versions, and this action is offering them in the PRs, essentially meaning it would downgrade the version if merged.

    As far as I understand this is due to not parsing the version and just looking at the latest release in terms of date. I recommend parsing the version and comparing them numerically to decide whether a version is newer or not.

    opened by starikcetin 3
  • Custom commit message and pull request title won't work

    Custom commit message and pull request title won't work

    I am using this action as follows:

    - uses: saadmk11/[email protected]
      with:
        commit_message: "chore: update github action versions"
        pull_request_title: "chore: update github action versions"
        token: ${{ secrets.WORKFLOW_SCOPED_ACCESS_TOKEN }}
    

    It gives the following warning:

    Unexpected input(s) 'commit_message', 'pull_request_title', valid inputs are ['entryPoint', 'args', 'committer_username', 'committer_email', 'ignore', 'token']
    

    And I get the default pull request title and commit message instead.

    opened by starikcetin 2
  • Allow custom commit message and pull request title

    Allow custom commit message and pull request title

    This PR creates two new inputs, to allow customizing the PR title and commit message. This is useful when someone wants to ensure consistency in their repo, such as using conventional commits or any organization standard.

    Those are optional, and will default to the current value of 'Update GitHub Action Versions'.

    New inputs were also documented in the README file.

    opened by thehedgefrog 2
  • 404 when creating pull request

    404 when creating pull request

    Hi,

    I just tested it and have the following message:

    Warning: Could not create a pull request on Squidex/squidex, status code: 404
    

    https://github.com/Squidex/squidex/actions/runs/3260603775/jobs/5354281561

    opened by SebastianStehle 1
  • Feature Request: be able to scan actions defined within a composite actions

    Feature Request: be able to scan actions defined within a composite actions

    Since composite actions are a alternative method to make the workflows more reusable, i think it would be good to add a way to check if the actions defined within have a new version.

    Today, a composite action can be defined in two ways:

    • In a public repository Then, can be used in a workflow like another Github Action in the marketplace (ex: uses: actions/checkout@v3). For this case, the version updater will work without problems.

    • In a private repository For this case, you need to checkout the repo that contains the composite action using a PAT token. Then in the step, the action need be specified specified without the version (@x.x.x). The version of the composite action is determined by the ref input of the checkouted step of the composite action repo.


    The problem is, in both cases, there is no way to check the versions of the actions used in the composite actions. Our projects uses a lot of these composite actions in the workflows. We used this approach because Github Actions does not support using reusable workflows from private repositores, only composite actions. There is a way to add this feature? Maybe scan the composite action file, instead of the workflow itself...

    Thanks in advance.

    Needs More Information 
    opened by jdsantosadam 1
  • Feature Request: Add the option to add labels to the created PR

    Feature Request: Add the option to add labels to the created PR

    This seems like a fairly standard practice for GitHub Actions that create issues and PRs for you so I was surprised to find this wasn't an option here. We've got a couple of very PR-heavy repos so being able to add labels like "automated" and "dependencies" is very helpful for filtering bot-generated PRs from ones created by humans, especially for reminders and notifications.

    enhancement 
    opened by xiehan 0
  • Allow actions to be stored inside a sub-directory of a repository

    Allow actions to be stored inside a sub-directory of a repository

    Some action developers seem to put multiple actions into separate directories inside one repository: Example: flatpak-github-actions.

    As this works with GitHub Actions, it would be nice to also be able to get update notifications for them.

    enhancement 
    opened by tobiastom 1
  • Allow to configure the branch name

    Allow to configure the branch name

    I have configured the version updater action on my project and it works perfectly. Thanks for your project.

    But as it is executed every day and with a new branch name each time, if I don't check my projects every day, I end up with several pull requests for the same patch.

    On my workflow:

    on:                                                                                                                                                                                                            
      schedule:                                                                                                                                                                                                    
        - cron: '0 0 * * *'
    

    On main.py:

    new_branch_name = f"gh-actions-update-{int(time.time())}"
    

    I think it will be good to have a fix branch name (at least as an option), So that the pull request can be updated each time (with a force push).

    Best regards, Jean-Marie

    enhancement 
    opened by jmlemetayer 2
  • Unable to push branch

    Unable to push branch

    Hi! I'm currently trying to implement your workflow in https://github.com/voxpupuli/vox-pupuli-tasks/pull/479

    from the workflow config:

      github-action-updater:
        runs-on: ubuntu-latest
        steps:
        - uses: actions/checkout@v2
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
        - name: GitHub Actions Version Updater
          uses: saadmk11/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
    

    This fails with:

    Create New Branch
      error: pathspec 'refs/pull/479/merge' did not match any file(s) known to git
      Switched to a new branch 'gh-actions-update-1655896430'
      [gh-actions-update-1655896430 7cbc18e] Update GitHub Action Versions
       3 files changed, 14 insertions(+), 14 deletions(-)
      To https://github.com/voxpupuli/vox-pupuli-tasks
       ! [remote rejected] gh-actions-update-1655896430 -> gh-actions-update-1655896430 (shallow update not allowed)
      error: failed to push some refs to 'https://github.com/voxpupuli/vox-pupuli-tasks'
    Create Pull Request
      Warning: Could not create a pull request on voxpupuli/vox-pupuli-tasks, status code: [422]
    

    and a couple of questions:

    • Does the token for actions/checkout@v2 actually needs the workflow scope?
    • The action is marked as successful, even when the push failed. I think that should be changed?
    Needs More Information 
    opened by bastelfreak 6
Releases(v0.7.2)
  • v0.7.2(Dec 25, 2022)

    What's Changed

    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/42
    • Document required workaround for LFS-enabled repositories by @nicoddemus in https://github.com/saadmk11/github-actions-version-updater/pull/44
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/45
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/46
    • Try Git Safe Directory to Resolve fatal: not in a git directory by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/50
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/51
    • Release v0.7.2 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/52

    New Contributors

    • @pre-commit-ci made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • @nicoddemus made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/44

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.1...v0.7.2

    Source code(tar.gz)
    Source code(zip)
  • v0.7.1(Oct 29, 2022)

    What's Changed

    • ci: update checkout version by @kevinneville in https://github.com/saadmk11/github-actions-version-updater/pull/32
    • Handle Workflow File Not Found Error by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/33
    • Add Option to Specify Custom Workflow File/Directory Paths by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/34
    • Add GitHub Actions Version Updater by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/35
    • Update GitHub Action Versions by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/36

    New Contributors

    • @kevinneville made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/32

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.0...v0.7.1

    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Oct 22, 2022)

    What's Changed

    • Allow custom commit message and pull request title by @thehedgefrog in https://github.com/saadmk11/github-actions-version-updater/pull/12
    • Refactor Code and Use github-action-utils for logging by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/17
    • Add Option to Skip Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/18
    • Add Option to Use Commit SHA as a Version and FIx Latest Release Version Resolver by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/19
    • Add Option to Request Reviews for Generated Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/24
    • Add Option to use Release Types (major, minor, patch) for Updates by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/26
    • Improve Documentation by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/27
    • Release v0.7.0 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/28

    New Contributors

    • @thehedgefrog made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/12

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.5.6...v0.7.0

    Source code(tar.gz)
    Source code(zip)
  • v0.5.6(Apr 10, 2021)

  • v0.5.5(Apr 8, 2021)

Owner
Maksudul Haque
Web Developer, Open Source Contributor
Maksudul Haque
MODSKIN-LOLPRO-updater: The mod is fkn 10y old and has'nt a self-updater

The mod is fkn 10y old and has'nt a self-updater. To use it just run the exec, wait some seconds, and it will run the new modsk

Shiro Amurha 3 Apr 23, 2022
tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel

tox-gh is a tox plugin which helps running tox on GitHub Actions with multiple different Python versions on multiple workers in parallel. This project is inspired by tox-travis.

tox development team 19 Dec 26, 2022
to learn how to do pull request and do contribution to other's repo

Hacktoberfest-2021 - open-source-contribution An Open Source repository to Teach people How to contribute to open sources. ?? ?? JOIN PVX PROGRAMMING

Shubham Rawat 82 Dec 26, 2022
Automated GitHub profile content using the USGS API, Plotly and GitHub Actions.

Top 20 Largest Earthquakes in the Past 24 Hours Location Mag Date and Time (UTC) 92 km SW of Sechura, Peru 5.2 11-05-2021 23:19:50 113 km NNE of Lobuj

Mr. Phantom 28 Oct 31, 2022
Python project setup, updater, and launcher

Launcher Python project setup, updater, and launcher Purpose: Increase project productivity and provide features easily. Once installed as a git submo

DAAV, LLC 1 Jan 7, 2022
Python project setup, updater, and launcher

pyLaunch Python project setup, updater, and launcher Purpose: Increase project productivity and provide features easily. Once installed as a git submo

DAAV, LLC 1 Jan 7, 2022
Purge all transformation orientations addon for Blender 2.8 and newer versions

CTO Purge This add-on adds a new button to Blender's Transformation Orientation panel which empowers the user to purge all of his/her custom transform

MMMrqs 10 Dec 29, 2022
Auto check in via GitHub Actions

因为本人毕业离校,本项目交由在校的@hfut-xyc同学接手,请访问hfut-xyc/hfut_auto_check-in获得最新的脚本 本项目遵从GPLv2协定,Copyright (C) 2021, Fw[a]rd 免责声明 根据GPL协定,我、本项目的作者,不会对您使用这个脚本带来的任何后果

Fw[a]rd 3 Jun 27, 2021
Addon for Blender 2.8+ that automatically creates NLA tracks for all animations. Useful for GLTF export.

PushDownAll An addon for Blender 2.8+ that runs Push Down on all animations, creating NLA tracks for each. This is useful if you have an object with m

Cory Petkovsek 16 Oct 6, 2022
An extended version of the hotkeys demo code using action classes

An extended version of the hotkeys application using action classes. In adafruit's Hotkeys code, a macro is using a series of integers, assumed to be

Neradoc 5 May 1, 2022
This is the core of the program which takes 5k SYMBOLS and looks back N years to pull in the daily OHLC data of those symbols and saves them to disc.

This is the core of the program which takes 5k SYMBOLS and looks back N years to pull in the daily OHLC data of those symbols and saves them to disc.

Daniel Caine 1 Jan 31, 2022
a pull switch (or BYO button) that gets you out of video calls, quick

zoomout a pull switch (or BYO button) that gets you out of video calls, quick. As seen on Twitter System compatibility Tested on macOS Catalina (10.15

Brian Moore 422 Dec 30, 2022
Donatus Prince 6 Feb 25, 2022
Notifies server owners of mod updates, also notifies of player deaths and player joins through Discord.

ProjectZomboid-ServerAssistant Notifies server owners of mod updates, also notifies of player deaths and player joins through Discord. A Python based

null 3 Sep 30, 2022
A bot to view Dilbert comics directly from Discord and get updates of the comics automatically.

A bot to view Dilbert comics directly from Discord and get updates of the comics automatically

Raghav Sharma 3 Nov 30, 2022
github action test, because I dont know it.

mad-y testing testing pip install -r requirements.txt add the DISCORD_TOKEN value to your env vars. and run mad-y how to Deploy ` docker build -t mad-

Mit 1 Oct 29, 2021
A Github Action for sending messages to a Matrix Room.

matrix-commit A Github Action for sending messages to a Matrix Room. Screenshot: Example Usage: # .github/workflows/matrix-commit.yml on: push:

null 3 Sep 11, 2022
LSO, also known as Linux Swap Operator, is a software with both GUI and terminal versions that you can manage the Swap area for Linux operating systems.

LSO - Linux Swap Operator Türkçe - LSO Nedir? LSO, diğer adıyla Linux Swap Operator Linux işletim sistemleri için Swap alanını yönetebileceğiniz hem G

Eren İnce 4 Feb 9, 2022
Xbps-install wrapper written in Python that doesn't care about case sensitiveness and package versions

xbi Xbps-install wrapper written in Python that doesn't care about case sensitiveness and package versions. Description This Python script can be easi

Emanuele Sabato 5 Apr 11, 2022