GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

Overview

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create a pull request with the updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest
  
    steps:
      - uses: actions/[email protected]
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # Optional, This will be used to configure git
          # defaults to `github-actions[bot]` if not provided
          committer_username: 'test'
          committer_email: '[email protected]'
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/[email protected]", "actions/[email protected]"]'

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

License

The code in this project is released under the MIT License.

Comments
  • "fatal: not in a git directory" after several successful runs

    The actions were working correctly, and during the last run the error "fatal : not in a git directory" appeared.

    The faulty run: https://github.com/jmlemetayer/project-release/actions/runs/3699984553/jobs/6267948063

    The last modification of the workflow was the update of the "actions/checkout" to v3.2.0 (done by the github-actions-version-updater): https://github.com/jmlemetayer/project-release/commit/a0a4dfdf978d1b67979ca6d8a8df434a303a1c85

    bug 
    opened by jmlemetayer 12
  • Add pull request branch configuration

    Add pull request branch configuration

    This fixes #39

    There is 2 new configuration:

    • pull_request_branch: The pull request branch name.
    • pull_request_unique: Is the pull request branch unique? If "false" the branch will be suffixed with a timestamp.

    By default the branch is not unique and is suffixed with a timestamp, and the name is gh-actions-update.

    The current default behavior is unchanged.

    opened by jmlemetayer 9
  • 0.7.0 fails even if there is no error

    0.7.0 fails even if there is no error

    When running this action, the workflows fails, even if there's no evident error and all the actions are checked:

    image

    The job is configured like this:

    jobs:
      build:
        runs-on: ubuntu-latest
    
        steps:
          - uses: actions/[email protected]
            with:
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
    
          - name: Run GitHub Actions Version Updater
            uses: saadmk11/[email protected]
            with:
              # Optional, This will be used to configure git
              # defaults to `github-actions[bot]` if not provided
              #committer_username: 'test'
              #committer_email: '[email protected]'
              # Optional, allows customizing the commit message and pull request title
              # Both default to 'Update GitHub Action Versions'
              commit_message: 'Github Actions versions have changed'
              pull_request_title: 'Github Actions versions have changed'
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
              release_types: major
    
    bug 
    opened by ASarco 7
  • Workflow always fails at the

    Workflow always fails at the "Create New Branch" stage

    Hi!

    First of all thanks for writing this action and making it publicly available. 👍

    I'm trying to make it to work, however for me it always fails at the Create New Branch stage, and unfortunately I can't see the reason for that from the output:

    Create New Branch (refs/heads/main -> gh-actions-update-1669032900)
      Error: Note: checking out 'refs/heads/main'.
      
      You are in 'detached HEAD' state. You can look around, make experimental
      changes and commit them, and you can discard any commits you make in this
      state without impacting any branches by performing another checkout.
      
      If you want to create a new branch to retain commits you create, you may
      do so (now or later) by using -b with the checkout command again. Example:
      
        git checkout -b <new-branch-name>
      
      HEAD is now at 3acfbc3 Set explicit permissions in update gh actions workflow
      
      This repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting '.git/hooks/post-checkout'.
    

    Using version 0.7.1.

    I did try to disable Git LFS (even though doesn't seem like that would be a problem), with the same results.

    Any hints?

    Thanks

    opened by nicoddemus 5
  • Feature Request: Add user/team reviewer field for generated PR

    Feature Request: Add user/team reviewer field for generated PR

    It would be nice to have optional fields for adding team reviewers/user reviewers on the PR that is generated by this action. This way we would also be notified of any newly opened PR due to this action. I am trying to implement this for our openedX repos here in this PR: https://github.com/openedx/edx-platform/pull/31170 and this feature would unblock me on this PR.

    enhancement 
    opened by aht007 5
  • Downgrades are being proposed

    Downgrades are being proposed

    There seems to be something off with resolving the actual version changes:

    Found new version for "actions/checkout"
      Updating "actions/[email protected]" with "actions/[email protected]"
      Found new version for "saadmk11/github-actions-version-updater"
      Updating "saadmk11/[email protected]" with "saadmk11/[email protected]"
      Found new version for "actions/setup-python"
      Updating "actions/set[email protected]" with "actions/[email protected]"
    

    The specific issues I see here:

    • v2.5.0 is considered more recent than version v3 for actions/checkout.
    • v0.5.6 is considered more recent than main, although main references the latest unreleased code from the default branch.
    • v4.3.0 is being proposed for the short syntax v4, although I would assume that v4 will always use the latest release of the v4 major version (currently being v4.3.0 for actions/setup-python). I am not sure about this though, as I could not find any information on which version is being picked by GitHub Actions in this case.
    bug 
    opened by FriedrichFroebel 4
  • main: use local paths instead of github API

    main: use local paths instead of github API

    for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

    Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

    opened by villelahdenvuo 3
  • This action sometimes suggests downgrades

    This action sometimes suggests downgrades

    Sometimes actions backport some features to previous major versions, and this action is offering them in the PRs, essentially meaning it would downgrade the version if merged.

    As far as I understand this is due to not parsing the version and just looking at the latest release in terms of date. I recommend parsing the version and comparing them numerically to decide whether a version is newer or not.

    opened by starikcetin 3
  • Custom commit message and pull request title won't work

    Custom commit message and pull request title won't work

    I am using this action as follows:

    - uses: saadmk11/[email protected]
      with:
        commit_message: "chore: update github action versions"
        pull_request_title: "chore: update github action versions"
        token: ${{ secrets.WORKFLOW_SCOPED_ACCESS_TOKEN }}
    

    It gives the following warning:

    Unexpected input(s) 'commit_message', 'pull_request_title', valid inputs are ['entryPoint', 'args', 'committer_username', 'committer_email', 'ignore', 'token']
    

    And I get the default pull request title and commit message instead.

    opened by starikcetin 2
  • Allow custom commit message and pull request title

    Allow custom commit message and pull request title

    This PR creates two new inputs, to allow customizing the PR title and commit message. This is useful when someone wants to ensure consistency in their repo, such as using conventional commits or any organization standard.

    Those are optional, and will default to the current value of 'Update GitHub Action Versions'.

    New inputs were also documented in the README file.

    opened by thehedgefrog 2
  • 404 when creating pull request

    404 when creating pull request

    Hi,

    I just tested it and have the following message:

    Warning: Could not create a pull request on Squidex/squidex, status code: 404
    

    https://github.com/Squidex/squidex/actions/runs/3260603775/jobs/5354281561

    opened by SebastianStehle 1
  • Feature Request: be able to scan actions defined within a composite actions

    Feature Request: be able to scan actions defined within a composite actions

    Since composite actions are a alternative method to make the workflows more reusable, i think it would be good to add a way to check if the actions defined within have a new version.

    Today, a composite action can be defined in two ways:

    • In a public repository Then, can be used in a workflow like another Github Action in the marketplace (ex: uses: actions/[email protected]). For this case, the version updater will work without problems.

    • In a private repository For this case, you need to checkout the repo that contains the composite action using a PAT token. Then in the step, the action need be specified specified without the version (@x.x.x). The version of the composite action is determined by the ref input of the checkouted step of the composite action repo.


    The problem is, in both cases, there is no way to check the versions of the actions used in the composite actions. Our projects uses a lot of these composite actions in the workflows. We used this approach because Github Actions does not support using reusable workflows from private repositores, only composite actions. There is a way to add this feature? Maybe scan the composite action file, instead of the workflow itself...

    Thanks in advance.

    Needs More Information 
    opened by jdsantosadam 1
  • Feature Request: Add the option to add labels to the created PR

    Feature Request: Add the option to add labels to the created PR

    This seems like a fairly standard practice for GitHub Actions that create issues and PRs for you so I was surprised to find this wasn't an option here. We've got a couple of very PR-heavy repos so being able to add labels like "automated" and "dependencies" is very helpful for filtering bot-generated PRs from ones created by humans, especially for reminders and notifications.

    enhancement 
    opened by xiehan 0
  • Allow actions to be stored inside a sub-directory of a repository

    Allow actions to be stored inside a sub-directory of a repository

    Some action developers seem to put multiple actions into separate directories inside one repository: Example: flatpak-github-actions.

    As this works with GitHub Actions, it would be nice to also be able to get update notifications for them.

    enhancement 
    opened by tobiastom 1
  • Allow to configure the branch name

    Allow to configure the branch name

    I have configured the version updater action on my project and it works perfectly. Thanks for your project.

    But as it is executed every day and with a new branch name each time, if I don't check my projects every day, I end up with several pull requests for the same patch.

    On my workflow:

    on:                                                                                                                                                                                                            
      schedule:                                                                                                                                                                                                    
        - cron: '0 0 * * *'
    

    On main.py:

    new_branch_name = f"gh-actions-update-{int(time.time())}"
    

    I think it will be good to have a fix branch name (at least as an option), So that the pull request can be updated each time (with a force push).

    Best regards, Jean-Marie

    enhancement 
    opened by jmlemetayer 2
  • Unable to push branch

    Unable to push branch

    Hi! I'm currently trying to implement your workflow in https://github.com/voxpupuli/vox-pupuli-tasks/pull/479

    from the workflow config:

      github-action-updater:
        runs-on: ubuntu-latest
        steps:
        - uses: actions/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
        - name: GitHub Actions Version Updater
          uses: saadmk11/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
    

    This fails with:

    Create New Branch
      error: pathspec 'refs/pull/479/merge' did not match any file(s) known to git
      Switched to a new branch 'gh-actions-update-1655896430'
      [gh-actions-update-1655896430 7cbc18e] Update GitHub Action Versions
       3 files changed, 14 insertions(+), 14 deletions(-)
      To https://github.com/voxpupuli/vox-pupuli-tasks
       ! [remote rejected] gh-actions-update-1655896430 -> gh-actions-update-1655896430 (shallow update not allowed)
      error: failed to push some refs to 'https://github.com/voxpupuli/vox-pupuli-tasks'
    Create Pull Request
      Warning: Could not create a pull request on voxpupuli/vox-pupuli-tasks, status code: [422]
    

    and a couple of questions:

    • Does the token for actions/[email protected] actually needs the workflow scope?
    • The action is marked as successful, even when the push failed. I think that should be changed?
    Needs More Information 
    opened by bastelfreak 6
Releases(v0.7.2)
  • v0.7.2(Dec 25, 2022)

    What's Changed

    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/42
    • Document required workaround for LFS-enabled repositories by @nicoddemus in https://github.com/saadmk11/github-actions-version-updater/pull/44
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/45
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/46
    • Try Git Safe Directory to Resolve fatal: not in a git directory by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/50
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/51
    • Release v0.7.2 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/52

    New Contributors

    • @pre-commit-ci made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • @nicoddemus made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/44

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.1...v0.7.2

    Source code(tar.gz)
    Source code(zip)
  • v0.7.1(Oct 29, 2022)

    What's Changed

    • ci: update checkout version by @kevinneville in https://github.com/saadmk11/github-actions-version-updater/pull/32
    • Handle Workflow File Not Found Error by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/33
    • Add Option to Specify Custom Workflow File/Directory Paths by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/34
    • Add GitHub Actions Version Updater by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/35
    • Update GitHub Action Versions by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/36

    New Contributors

    • @kevinneville made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/32

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.0...v0.7.1

    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Oct 22, 2022)

    What's Changed

    • Allow custom commit message and pull request title by @thehedgefrog in https://github.com/saadmk11/github-actions-version-updater/pull/12
    • Refactor Code and Use github-action-utils for logging by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/17
    • Add Option to Skip Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/18
    • Add Option to Use Commit SHA as a Version and FIx Latest Release Version Resolver by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/19
    • Add Option to Request Reviews for Generated Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/24
    • Add Option to use Release Types (major, minor, patch) for Updates by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/26
    • Improve Documentation by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/27
    • Release v0.7.0 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/28

    New Contributors

    • @thehedgefrog made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/12

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.5.6...v0.7.0

    Source code(tar.gz)
    Source code(zip)
  • v0.5.6(Apr 10, 2021)

  • v0.5.5(Apr 8, 2021)

Owner
Maksudul Haque
Web Developer, Open Source Contributor
Maksudul Haque
A test repository to build a python package and publish the package to Artifact Registry using GCB

A test repository to build a python package and publish the package to Artifact Registry using GCB. Then have the package be a dependency in a GCF function.

1 Feb 09, 2022
Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

SysWhispers2BOF Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs. Introduction This script was initially created to fix specific

FalconForce 101 Dec 20, 2022
an elegant datasets factory

rawbuilder an elegant datasets factory Free software: MIT license Documentation: https://rawbuilder.readthedocs.io. Features Schema oriented datasets

Mina Farag 7 Nov 12, 2022
A simple hash system.

PBH-Hash-System A simple hash system. Usage You could use it like this: from pbh import pbh print(pbh("Hey", True)) Output: 2feae2471698cfcdcbd6b98ca

Karim 3 Mar 24, 2022
A nonebot2 plugin, send news information in a picture form.

A nonebot2 plugin, send news information in a picture form.

幼稚园园长 7 Nov 18, 2022
Provide Prometheus url_sd compatible API Endpoint with data from Netbox

netbox-plugin-prometheus-sd Provide Prometheus http_sd compatible API Endpoint with data from Netbox. HTTP SD is a new feature in Prometheus and not a

Felix Peters 66 Dec 19, 2022
Introduction to Databases Coursework 2 (SQL) - dataset generator

Introduction to Databases Coursework 2 (SQL) - dataset generator This is python script generates a text file with insert queries for the schema.sql fi

Javier Bosch 1 Nov 08, 2021
SDX: Software Defined Internet Exchange

Installation steps: Download and import the Internet2-SDX virtual machine (VM) image, below, in VirtualBox and you are all set :) $ wget http://sites.

Software Defined Internet Exchange Point 15 Nov 21, 2021
Python pyside2 kütüphanesi ile oluşturduğum drone için yer kontrol istasyonu yazılımı.

Ground Control Station (Yer Kontrol İstasyonu) Teknofest yarışmasında yerlilik kısmında Yer Kontrol İstasyonu yazılımı seçeneği bulunuyordu. Bu yüzden

Emirhan Bülbül 4 May 14, 2022
ColabFold / AlphaFold2_advanced on your local PC (or macOS)

LocalColabFold ColabFold / AlphaFold2_advanced on your local PC (or macOS) Installation For Linux Make sure curl and wget commands are already install

Yoshitaka Moriwaki 207 Dec 22, 2022
Users can read others' travel journeys in addition to being able to upload and delete posts detailing their own experiences

Users can read others' travel journeys in addition to being able to upload and delete posts detailing their own experiences! Posts are organized by country and destination within that country.

Christopher Zeas 1 Feb 03, 2022
YourX: URL Clusterer With Python

YourX | URL Clusterer Screenshots Instructions for running Install requirements

ARPSyndicate 1 Mar 11, 2022
Repositório contendo atividades no curso de desenvolvimento de sistemas no SENAI

SENAI-DES Este é um repositório contendo as atividades relacionadas ao curso de desenvolvimento de sistemas no SENAI. Se é a primeira vez em contato c

Abe Hidek 4 Dec 06, 2022
Capture screen and download off Roku based devices

rokuview Capture screen and download off Roku based devices Tested on Hisense TV with Roku OS built-in No guarantee this will work with all Roku model

3 May 27, 2021
PyScaffold is a project generator for bootstrapping high quality Python packages

PyScaffold is a project generator for bootstrapping high quality Python packages, ready to be shared on PyPI and installable via pip. It is easy to use and encourages the adoption of the best tools a

PyScaffold 1.7k Jan 03, 2023
Why write code when you can import it directly from GitHub Copilot?

Copilot Importer Why write code when you can import it directly from GitHub Copilot? What is Copilot Importer? The copilot python module will dynamica

Mythic 41 Jan 04, 2023
The Python Fuzzer that the world deserves 🐍

pip3 install frelatage Current release : 0.0.2 The Python Fuzzer that the world deserves Installation | How it works | Features | Use Frelatage | Conf

Rog3r 219 Dec 21, 2022
pydock - Docker-based environment manager for Python

pydock - Docker-based environment manager for Python ⚠️ pydock is still in beta mode, and very unstable. It is not recommended for anything serious. p

Alejandro Piad 16 Sep 18, 2021
An open source recipe book from the awesome staff of Clinical Genomics

meatballs An open source recipe book from the awesome staff of Clinical Genomics.

Clinical Genomics 2 Dec 07, 2021
Never miss a deadline again

Hack the Opportunities Never miss a deadline again! Link to the excel sheet Contribution This list is not complete and I alone cannot make it whole. T

Vibali Joshi 391 Dec 28, 2022