GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

Overview

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create a pull request with the updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest
  
    steps:
      - uses: actions/[email protected]
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # Optional, This will be used to configure git
          # defaults to `github-actions[bot]` if not provided
          committer_username: 'test'
          committer_email: '[email protected]'
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/[email protected]", "actions/[email protected]"]'

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

License

The code in this project is released under the MIT License.

Comments
  • "fatal: not in a git directory" after several successful runs

    The actions were working correctly, and during the last run the error "fatal : not in a git directory" appeared.

    The faulty run: https://github.com/jmlemetayer/project-release/actions/runs/3699984553/jobs/6267948063

    The last modification of the workflow was the update of the "actions/checkout" to v3.2.0 (done by the github-actions-version-updater): https://github.com/jmlemetayer/project-release/commit/a0a4dfdf978d1b67979ca6d8a8df434a303a1c85

    bug 
    opened by jmlemetayer 12
  • Add pull request branch configuration

    Add pull request branch configuration

    This fixes #39

    There is 2 new configuration:

    • pull_request_branch: The pull request branch name.
    • pull_request_unique: Is the pull request branch unique? If "false" the branch will be suffixed with a timestamp.

    By default the branch is not unique and is suffixed with a timestamp, and the name is gh-actions-update.

    The current default behavior is unchanged.

    opened by jmlemetayer 9
  • 0.7.0 fails even if there is no error

    0.7.0 fails even if there is no error

    When running this action, the workflows fails, even if there's no evident error and all the actions are checked:

    image

    The job is configured like this:

    jobs:
      build:
        runs-on: ubuntu-latest
    
        steps:
          - uses: actions/[email protected]
            with:
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
    
          - name: Run GitHub Actions Version Updater
            uses: saadmk11/[email protected]
            with:
              # Optional, This will be used to configure git
              # defaults to `github-actions[bot]` if not provided
              #committer_username: 'test'
              #committer_email: '[email protected]'
              # Optional, allows customizing the commit message and pull request title
              # Both default to 'Update GitHub Action Versions'
              commit_message: 'Github Actions versions have changed'
              pull_request_title: 'Github Actions versions have changed'
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
              release_types: major
    
    bug 
    opened by ASarco 7
  • Workflow always fails at the

    Workflow always fails at the "Create New Branch" stage

    Hi!

    First of all thanks for writing this action and making it publicly available. 👍

    I'm trying to make it to work, however for me it always fails at the Create New Branch stage, and unfortunately I can't see the reason for that from the output:

    Create New Branch (refs/heads/main -> gh-actions-update-1669032900)
      Error: Note: checking out 'refs/heads/main'.
      
      You are in 'detached HEAD' state. You can look around, make experimental
      changes and commit them, and you can discard any commits you make in this
      state without impacting any branches by performing another checkout.
      
      If you want to create a new branch to retain commits you create, you may
      do so (now or later) by using -b with the checkout command again. Example:
      
        git checkout -b <new-branch-name>
      
      HEAD is now at 3acfbc3 Set explicit permissions in update gh actions workflow
      
      This repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting '.git/hooks/post-checkout'.
    

    Using version 0.7.1.

    I did try to disable Git LFS (even though doesn't seem like that would be a problem), with the same results.

    Any hints?

    Thanks

    opened by nicoddemus 5
  • Feature Request: Add user/team reviewer field for generated PR

    Feature Request: Add user/team reviewer field for generated PR

    It would be nice to have optional fields for adding team reviewers/user reviewers on the PR that is generated by this action. This way we would also be notified of any newly opened PR due to this action. I am trying to implement this for our openedX repos here in this PR: https://github.com/openedx/edx-platform/pull/31170 and this feature would unblock me on this PR.

    enhancement 
    opened by aht007 5
  • Downgrades are being proposed

    Downgrades are being proposed

    There seems to be something off with resolving the actual version changes:

    Found new version for "actions/checkout"
      Updating "actions/[email protected]" with "actions/[email protected]"
      Found new version for "saadmk11/github-actions-version-updater"
      Updating "saadmk11/[email protected]" with "saadmk11/[email protected]"
      Found new version for "actions/setup-python"
      Updating "actions/set[email protected]" with "actions/[email protected]"
    

    The specific issues I see here:

    • v2.5.0 is considered more recent than version v3 for actions/checkout.
    • v0.5.6 is considered more recent than main, although main references the latest unreleased code from the default branch.
    • v4.3.0 is being proposed for the short syntax v4, although I would assume that v4 will always use the latest release of the v4 major version (currently being v4.3.0 for actions/setup-python). I am not sure about this though, as I could not find any information on which version is being picked by GitHub Actions in this case.
    bug 
    opened by FriedrichFroebel 4
  • main: use local paths instead of github API

    main: use local paths instead of github API

    for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

    Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

    opened by villelahdenvuo 3
  • This action sometimes suggests downgrades

    This action sometimes suggests downgrades

    Sometimes actions backport some features to previous major versions, and this action is offering them in the PRs, essentially meaning it would downgrade the version if merged.

    As far as I understand this is due to not parsing the version and just looking at the latest release in terms of date. I recommend parsing the version and comparing them numerically to decide whether a version is newer or not.

    opened by starikcetin 3
  • Custom commit message and pull request title won't work

    Custom commit message and pull request title won't work

    I am using this action as follows:

    - uses: saadmk11/[email protected]
      with:
        commit_message: "chore: update github action versions"
        pull_request_title: "chore: update github action versions"
        token: ${{ secrets.WORKFLOW_SCOPED_ACCESS_TOKEN }}
    

    It gives the following warning:

    Unexpected input(s) 'commit_message', 'pull_request_title', valid inputs are ['entryPoint', 'args', 'committer_username', 'committer_email', 'ignore', 'token']
    

    And I get the default pull request title and commit message instead.

    opened by starikcetin 2
  • Allow custom commit message and pull request title

    Allow custom commit message and pull request title

    This PR creates two new inputs, to allow customizing the PR title and commit message. This is useful when someone wants to ensure consistency in their repo, such as using conventional commits or any organization standard.

    Those are optional, and will default to the current value of 'Update GitHub Action Versions'.

    New inputs were also documented in the README file.

    opened by thehedgefrog 2
  • 404 when creating pull request

    404 when creating pull request

    Hi,

    I just tested it and have the following message:

    Warning: Could not create a pull request on Squidex/squidex, status code: 404
    

    https://github.com/Squidex/squidex/actions/runs/3260603775/jobs/5354281561

    opened by SebastianStehle 1
  • Feature Request: be able to scan actions defined within a composite actions

    Feature Request: be able to scan actions defined within a composite actions

    Since composite actions are a alternative method to make the workflows more reusable, i think it would be good to add a way to check if the actions defined within have a new version.

    Today, a composite action can be defined in two ways:

    • In a public repository Then, can be used in a workflow like another Github Action in the marketplace (ex: uses: actions/[email protected]). For this case, the version updater will work without problems.

    • In a private repository For this case, you need to checkout the repo that contains the composite action using a PAT token. Then in the step, the action need be specified specified without the version (@x.x.x). The version of the composite action is determined by the ref input of the checkouted step of the composite action repo.


    The problem is, in both cases, there is no way to check the versions of the actions used in the composite actions. Our projects uses a lot of these composite actions in the workflows. We used this approach because Github Actions does not support using reusable workflows from private repositores, only composite actions. There is a way to add this feature? Maybe scan the composite action file, instead of the workflow itself...

    Thanks in advance.

    Needs More Information 
    opened by jdsantosadam 1
  • Feature Request: Add the option to add labels to the created PR

    Feature Request: Add the option to add labels to the created PR

    This seems like a fairly standard practice for GitHub Actions that create issues and PRs for you so I was surprised to find this wasn't an option here. We've got a couple of very PR-heavy repos so being able to add labels like "automated" and "dependencies" is very helpful for filtering bot-generated PRs from ones created by humans, especially for reminders and notifications.

    enhancement 
    opened by xiehan 0
  • Allow actions to be stored inside a sub-directory of a repository

    Allow actions to be stored inside a sub-directory of a repository

    Some action developers seem to put multiple actions into separate directories inside one repository: Example: flatpak-github-actions.

    As this works with GitHub Actions, it would be nice to also be able to get update notifications for them.

    enhancement 
    opened by tobiastom 1
  • Allow to configure the branch name

    Allow to configure the branch name

    I have configured the version updater action on my project and it works perfectly. Thanks for your project.

    But as it is executed every day and with a new branch name each time, if I don't check my projects every day, I end up with several pull requests for the same patch.

    On my workflow:

    on:                                                                                                                                                                                                            
      schedule:                                                                                                                                                                                                    
        - cron: '0 0 * * *'
    

    On main.py:

    new_branch_name = f"gh-actions-update-{int(time.time())}"
    

    I think it will be good to have a fix branch name (at least as an option), So that the pull request can be updated each time (with a force push).

    Best regards, Jean-Marie

    enhancement 
    opened by jmlemetayer 2
  • Unable to push branch

    Unable to push branch

    Hi! I'm currently trying to implement your workflow in https://github.com/voxpupuli/vox-pupuli-tasks/pull/479

    from the workflow config:

      github-action-updater:
        runs-on: ubuntu-latest
        steps:
        - uses: actions/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
        - name: GitHub Actions Version Updater
          uses: saadmk11/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
    

    This fails with:

    Create New Branch
      error: pathspec 'refs/pull/479/merge' did not match any file(s) known to git
      Switched to a new branch 'gh-actions-update-1655896430'
      [gh-actions-update-1655896430 7cbc18e] Update GitHub Action Versions
       3 files changed, 14 insertions(+), 14 deletions(-)
      To https://github.com/voxpupuli/vox-pupuli-tasks
       ! [remote rejected] gh-actions-update-1655896430 -> gh-actions-update-1655896430 (shallow update not allowed)
      error: failed to push some refs to 'https://github.com/voxpupuli/vox-pupuli-tasks'
    Create Pull Request
      Warning: Could not create a pull request on voxpupuli/vox-pupuli-tasks, status code: [422]
    

    and a couple of questions:

    • Does the token for actions/[email protected] actually needs the workflow scope?
    • The action is marked as successful, even when the push failed. I think that should be changed?
    Needs More Information 
    opened by bastelfreak 6
Releases(v0.7.2)
  • v0.7.2(Dec 25, 2022)

    What's Changed

    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/42
    • Document required workaround for LFS-enabled repositories by @nicoddemus in https://github.com/saadmk11/github-actions-version-updater/pull/44
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/45
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/46
    • Try Git Safe Directory to Resolve fatal: not in a git directory by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/50
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/51
    • Release v0.7.2 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/52

    New Contributors

    • @pre-commit-ci made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • @nicoddemus made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/44

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.1...v0.7.2

    Source code(tar.gz)
    Source code(zip)
  • v0.7.1(Oct 29, 2022)

    What's Changed

    • ci: update checkout version by @kevinneville in https://github.com/saadmk11/github-actions-version-updater/pull/32
    • Handle Workflow File Not Found Error by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/33
    • Add Option to Specify Custom Workflow File/Directory Paths by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/34
    • Add GitHub Actions Version Updater by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/35
    • Update GitHub Action Versions by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/36

    New Contributors

    • @kevinneville made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/32

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.0...v0.7.1

    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Oct 22, 2022)

    What's Changed

    • Allow custom commit message and pull request title by @thehedgefrog in https://github.com/saadmk11/github-actions-version-updater/pull/12
    • Refactor Code and Use github-action-utils for logging by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/17
    • Add Option to Skip Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/18
    • Add Option to Use Commit SHA as a Version and FIx Latest Release Version Resolver by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/19
    • Add Option to Request Reviews for Generated Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/24
    • Add Option to use Release Types (major, minor, patch) for Updates by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/26
    • Improve Documentation by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/27
    • Release v0.7.0 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/28

    New Contributors

    • @thehedgefrog made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/12

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.5.6...v0.7.0

    Source code(tar.gz)
    Source code(zip)
  • v0.5.6(Apr 10, 2021)

  • v0.5.5(Apr 8, 2021)

Owner
Maksudul Haque
Web Developer, Open Source Contributor
Maksudul Haque
DNA Storage Simulator that analyzes and simulates DNA storage

DNA Storage Simulator This monorepository contains code for a research project by Mayank Keoliya and supervised by Djordje Jevdjic, that analyzes and

Mayank Keoliya 3 Sep 25, 2022
The best free and open-source automated time tracker. Cross-platform, extensible, privacy-focused.

Records what you do so that you can know how you've spent your time. All in a secure way where you control the data. Website — Forum — Documentation —

ActivityWatch 7.8k Jan 09, 2023
Un Assistente Vocale scritto in Python e altamente personalizzabile

Un Assistente Vocale scritto in Python e altamente personalizzabile

Marco 2 May 06, 2022
Get you an ultimate lexer generator using Fable; port OCaml sedlex to FSharp, Python and more!

NOTE: currently we support interpreted mode and Python source code generation. It's EASY to compile compiled_unit into source code for C#, F# and othe

Taine Zhao 15 Aug 06, 2022
Tools, guides, and resources for blockchain analysts to interface with data on the Ergo platform.

Ergo Intelligence Objective Provide a suite of easy-to-use toolkits, guides, and resources for blockchain analysts and data scientists to quickly unde

Chris 5 Mar 15, 2022
A small Python library which gives you the IEEE-754 representation of a floating point number.

ieee754 ieee754 is small Python library which gives you the IEEE-754 representation of a floating point number. You can specify a precision given in t

Bora Canbula 5 Dec 20, 2022
The purpose of this script is to bypass disablefund, provide some useful information, and dig the hook function of PHP extension.

The purpose of this script is to bypass disablefund, provide some useful information, and dig the hook function of PHP extension.

Firebasky 14 Aug 02, 2021
A wide AOI generator tool.

Dark Generator A wide AOI generator tool. Information Installation To Install you have to have python 3.x and pip installed on your system. If you hav

Darkest Surface 12 Dec 26, 2022
Kolibri: the offline app for universal education

Kolibri This repository is for software developers wishing to contribute to Kolibri. If you are looking for help installing, configuring and using Kol

Learning Equality 564 Jan 02, 2023
🤖🧭Creates google-like navigation menu using python-telegram-bot wrapper

python telegram bot menu pagination Makes a google style pagination line for a list of items. In other words it builds a menu for navigation if you ha

Sergey Smirnov 9 Nov 27, 2022
Ingest openldap data into bloodhound

Bloodhound for Linux Ingest a dumped OpenLDAP ldif into neo4j to be visualized in Bloodhound. Usage: ./ldif_to_neo4j.py ./sample.ldif | cypher-shell -

Guillaume Quéré 71 Nov 09, 2022
Slotscheck - Find mistakes in your slots definitions

🎰 Slotscheck Adding __slots__ to a class in Python is a great way to reduce mem

Arie Bovenberg 67 Dec 31, 2022
A Puzzle A Day Keep the Work Away

A Puzzle A Day Keep the Work Away No moyu again!

P4SSER8Y 5 Feb 12, 2022
Fly DCS without a joystick

Intro Usage Delete all mouse view axis Install DCSEasyControlExports to your "Saved Games/DCS/" Path python DCSEasyControl/main.py Set DCS to F12 view

XuHao 36 Dec 27, 2022
Better firefox bookmarks script for rofi

rofi-bookmarks Small python script to open firefox bookmarks with rofi. Features Icons! Only show bookmarks in a specified bookmark folder Show entire

32 Nov 10, 2022
Skull shaped MOSFET cells for the Efabless's 130nm process

SkullFET Skull shaped MOSFET cells for the Efabless's 130nm process List of cells Inverter Copyright (C) 2021 Uri Shaked

Wokwi 3 Dec 14, 2022
Watcher for systemdrun user scopes

Systemctl Memory Watcher Animated watcher for systemdrun user scopes. Usage Launch some process in your GNU-Linux or compatible OS with systemd-run co

Antonio Vanegas 2 Jan 20, 2022
A pet facts python api

Pet-Facts-API A pet facts python api Project Links API :- https://pet-facts-api.vercel.app Docs :- https://fayasnoushad.github.io/Pet-Facts-API

Fayas Noushad 3 Dec 18, 2021
A plugin for poetry that allows you to execute scripts defined in your pyproject.toml, just like you can in npm or pipenv

poetry-exec-plugin A plugin for poetry that allows you to execute scripts defined in your pyproject.toml, just like you can in npm or pipenv Installat

38 Jan 06, 2023
A multi purpose password managing and generating tool called Kyper.

Kyper A multi purpose password managing and generating tool called Kyper. Setup The setup for Kyper is fairly simple only involving the command python

Jan Dorian Poczekaj 1 Feb 05, 2022