GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

Overview

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create a pull request with the updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest
  
    steps:
      - uses: actions/[email protected]
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/[email protected]
        with:
          # Optional, This will be used to configure git
          # defaults to `github-actions[bot]` if not provided
          committer_username: 'test'
          committer_email: '[email protected]'
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/[email protected]", "actions/[email protected]"]'

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

License

The code in this project is released under the MIT License.

Comments
  • "fatal: not in a git directory" after several successful runs

    The actions were working correctly, and during the last run the error "fatal : not in a git directory" appeared.

    The faulty run: https://github.com/jmlemetayer/project-release/actions/runs/3699984553/jobs/6267948063

    The last modification of the workflow was the update of the "actions/checkout" to v3.2.0 (done by the github-actions-version-updater): https://github.com/jmlemetayer/project-release/commit/a0a4dfdf978d1b67979ca6d8a8df434a303a1c85

    bug 
    opened by jmlemetayer 12
  • Add pull request branch configuration

    Add pull request branch configuration

    This fixes #39

    There is 2 new configuration:

    • pull_request_branch: The pull request branch name.
    • pull_request_unique: Is the pull request branch unique? If "false" the branch will be suffixed with a timestamp.

    By default the branch is not unique and is suffixed with a timestamp, and the name is gh-actions-update.

    The current default behavior is unchanged.

    opened by jmlemetayer 9
  • 0.7.0 fails even if there is no error

    0.7.0 fails even if there is no error

    When running this action, the workflows fails, even if there's no evident error and all the actions are checked:

    image

    The job is configured like this:

    jobs:
      build:
        runs-on: ubuntu-latest
    
        steps:
          - uses: actions/[email protected]
            with:
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
    
          - name: Run GitHub Actions Version Updater
            uses: saadmk11/[email protected]
            with:
              # Optional, This will be used to configure git
              # defaults to `github-actions[bot]` if not provided
              #committer_username: 'test'
              #committer_email: '[email protected]'
              # Optional, allows customizing the commit message and pull request title
              # Both default to 'Update GitHub Action Versions'
              commit_message: 'Github Actions versions have changed'
              pull_request_title: 'Github Actions versions have changed'
              # Access token with `workflow` scope is required
              token: ${{ secrets.ACTION_GITHUB_TOKEN }}
              release_types: major
    
    bug 
    opened by ASarco 7
  • Workflow always fails at the

    Workflow always fails at the "Create New Branch" stage

    Hi!

    First of all thanks for writing this action and making it publicly available. 👍

    I'm trying to make it to work, however for me it always fails at the Create New Branch stage, and unfortunately I can't see the reason for that from the output:

    Create New Branch (refs/heads/main -> gh-actions-update-1669032900)
      Error: Note: checking out 'refs/heads/main'.
      
      You are in 'detached HEAD' state. You can look around, make experimental
      changes and commit them, and you can discard any commits you make in this
      state without impacting any branches by performing another checkout.
      
      If you want to create a new branch to retain commits you create, you may
      do so (now or later) by using -b with the checkout command again. Example:
      
        git checkout -b <new-branch-name>
      
      HEAD is now at 3acfbc3 Set explicit permissions in update gh actions workflow
      
      This repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting '.git/hooks/post-checkout'.
    

    Using version 0.7.1.

    I did try to disable Git LFS (even though doesn't seem like that would be a problem), with the same results.

    Any hints?

    Thanks

    opened by nicoddemus 5
  • Feature Request: Add user/team reviewer field for generated PR

    Feature Request: Add user/team reviewer field for generated PR

    It would be nice to have optional fields for adding team reviewers/user reviewers on the PR that is generated by this action. This way we would also be notified of any newly opened PR due to this action. I am trying to implement this for our openedX repos here in this PR: https://github.com/openedx/edx-platform/pull/31170 and this feature would unblock me on this PR.

    enhancement 
    opened by aht007 5
  • Downgrades are being proposed

    Downgrades are being proposed

    There seems to be something off with resolving the actual version changes:

    Found new version for "actions/checkout"
      Updating "actions/[email protected]" with "actions/[email protected]"
      Found new version for "saadmk11/github-actions-version-updater"
      Updating "saadmk11/[email protected]" with "saadmk11/[email protected]"
      Found new version for "actions/setup-python"
      Updating "actions/set[email protected]" with "actions/[email protected]"
    

    The specific issues I see here:

    • v2.5.0 is considered more recent than version v3 for actions/checkout.
    • v0.5.6 is considered more recent than main, although main references the latest unreleased code from the default branch.
    • v4.3.0 is being proposed for the short syntax v4, although I would assume that v4 will always use the latest release of the v4 major version (currently being v4.3.0 for actions/setup-python). I am not sure about this though, as I could not find any information on which version is being picked by GitHub Actions in this case.
    bug 
    opened by FriedrichFroebel 4
  • main: use local paths instead of github API

    main: use local paths instead of github API

    for iterating the workflow files. By default it will look in .github/workflows/*.y(a)ml for files.

    Not my code, but I'm using this fork because I have some workflows in different folders that I would also like to keep up to date, but the fork is lacking the latest updates.

    opened by villelahdenvuo 3
  • This action sometimes suggests downgrades

    This action sometimes suggests downgrades

    Sometimes actions backport some features to previous major versions, and this action is offering them in the PRs, essentially meaning it would downgrade the version if merged.

    As far as I understand this is due to not parsing the version and just looking at the latest release in terms of date. I recommend parsing the version and comparing them numerically to decide whether a version is newer or not.

    opened by starikcetin 3
  • Custom commit message and pull request title won't work

    Custom commit message and pull request title won't work

    I am using this action as follows:

    - uses: saadmk11/[email protected]
      with:
        commit_message: "chore: update github action versions"
        pull_request_title: "chore: update github action versions"
        token: ${{ secrets.WORKFLOW_SCOPED_ACCESS_TOKEN }}
    

    It gives the following warning:

    Unexpected input(s) 'commit_message', 'pull_request_title', valid inputs are ['entryPoint', 'args', 'committer_username', 'committer_email', 'ignore', 'token']
    

    And I get the default pull request title and commit message instead.

    opened by starikcetin 2
  • Allow custom commit message and pull request title

    Allow custom commit message and pull request title

    This PR creates two new inputs, to allow customizing the PR title and commit message. This is useful when someone wants to ensure consistency in their repo, such as using conventional commits or any organization standard.

    Those are optional, and will default to the current value of 'Update GitHub Action Versions'.

    New inputs were also documented in the README file.

    opened by thehedgefrog 2
  • 404 when creating pull request

    404 when creating pull request

    Hi,

    I just tested it and have the following message:

    Warning: Could not create a pull request on Squidex/squidex, status code: 404
    

    https://github.com/Squidex/squidex/actions/runs/3260603775/jobs/5354281561

    opened by SebastianStehle 1
  • Feature Request: be able to scan actions defined within a composite actions

    Feature Request: be able to scan actions defined within a composite actions

    Since composite actions are a alternative method to make the workflows more reusable, i think it would be good to add a way to check if the actions defined within have a new version.

    Today, a composite action can be defined in two ways:

    • In a public repository Then, can be used in a workflow like another Github Action in the marketplace (ex: uses: actions/[email protected]). For this case, the version updater will work without problems.

    • In a private repository For this case, you need to checkout the repo that contains the composite action using a PAT token. Then in the step, the action need be specified specified without the version (@x.x.x). The version of the composite action is determined by the ref input of the checkouted step of the composite action repo.


    The problem is, in both cases, there is no way to check the versions of the actions used in the composite actions. Our projects uses a lot of these composite actions in the workflows. We used this approach because Github Actions does not support using reusable workflows from private repositores, only composite actions. There is a way to add this feature? Maybe scan the composite action file, instead of the workflow itself...

    Thanks in advance.

    Needs More Information 
    opened by jdsantosadam 1
  • Feature Request: Add the option to add labels to the created PR

    Feature Request: Add the option to add labels to the created PR

    This seems like a fairly standard practice for GitHub Actions that create issues and PRs for you so I was surprised to find this wasn't an option here. We've got a couple of very PR-heavy repos so being able to add labels like "automated" and "dependencies" is very helpful for filtering bot-generated PRs from ones created by humans, especially for reminders and notifications.

    enhancement 
    opened by xiehan 0
  • Allow actions to be stored inside a sub-directory of a repository

    Allow actions to be stored inside a sub-directory of a repository

    Some action developers seem to put multiple actions into separate directories inside one repository: Example: flatpak-github-actions.

    As this works with GitHub Actions, it would be nice to also be able to get update notifications for them.

    enhancement 
    opened by tobiastom 1
  • Allow to configure the branch name

    Allow to configure the branch name

    I have configured the version updater action on my project and it works perfectly. Thanks for your project.

    But as it is executed every day and with a new branch name each time, if I don't check my projects every day, I end up with several pull requests for the same patch.

    On my workflow:

    on:                                                                                                                                                                                                            
      schedule:                                                                                                                                                                                                    
        - cron: '0 0 * * *'
    

    On main.py:

    new_branch_name = f"gh-actions-update-{int(time.time())}"
    

    I think it will be good to have a fix branch name (at least as an option), So that the pull request can be updated each time (with a force push).

    Best regards, Jean-Marie

    enhancement 
    opened by jmlemetayer 2
  • Unable to push branch

    Unable to push branch

    Hi! I'm currently trying to implement your workflow in https://github.com/voxpupuli/vox-pupuli-tasks/pull/479

    from the workflow config:

      github-action-updater:
        runs-on: ubuntu-latest
        steps:
        - uses: actions/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
        - name: GitHub Actions Version Updater
          uses: saadmk11/[email protected]
          with:
            token: ${{ secrets.SAADMK11_GITHUB_ACTIONS_VERSION_UPDATER_VPT }}
    

    This fails with:

    Create New Branch
      error: pathspec 'refs/pull/479/merge' did not match any file(s) known to git
      Switched to a new branch 'gh-actions-update-1655896430'
      [gh-actions-update-1655896430 7cbc18e] Update GitHub Action Versions
       3 files changed, 14 insertions(+), 14 deletions(-)
      To https://github.com/voxpupuli/vox-pupuli-tasks
       ! [remote rejected] gh-actions-update-1655896430 -> gh-actions-update-1655896430 (shallow update not allowed)
      error: failed to push some refs to 'https://github.com/voxpupuli/vox-pupuli-tasks'
    Create Pull Request
      Warning: Could not create a pull request on voxpupuli/vox-pupuli-tasks, status code: [422]
    

    and a couple of questions:

    • Does the token for actions/[email protected] actually needs the workflow scope?
    • The action is marked as successful, even when the push failed. I think that should be changed?
    Needs More Information 
    opened by bastelfreak 6
Releases(v0.7.2)
  • v0.7.2(Dec 25, 2022)

    What's Changed

    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/42
    • Document required workaround for LFS-enabled repositories by @nicoddemus in https://github.com/saadmk11/github-actions-version-updater/pull/44
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/45
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/46
    • Try Git Safe Directory to Resolve fatal: not in a git directory by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/50
    • [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/saadmk11/github-actions-version-updater/pull/51
    • Release v0.7.2 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/52

    New Contributors

    • @pre-commit-ci made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/38
    • @nicoddemus made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/44

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.1...v0.7.2

    Source code(tar.gz)
    Source code(zip)
  • v0.7.1(Oct 29, 2022)

    What's Changed

    • ci: update checkout version by @kevinneville in https://github.com/saadmk11/github-actions-version-updater/pull/32
    • Handle Workflow File Not Found Error by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/33
    • Add Option to Specify Custom Workflow File/Directory Paths by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/34
    • Add GitHub Actions Version Updater by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/35
    • Update GitHub Action Versions by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/36

    New Contributors

    • @kevinneville made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/32

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.7.0...v0.7.1

    Source code(tar.gz)
    Source code(zip)
  • v0.7.0(Oct 22, 2022)

    What's Changed

    • Allow custom commit message and pull request title by @thehedgefrog in https://github.com/saadmk11/github-actions-version-updater/pull/12
    • Refactor Code and Use github-action-utils for logging by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/17
    • Add Option to Skip Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/18
    • Add Option to Use Commit SHA as a Version and FIx Latest Release Version Resolver by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/19
    • Add Option to Request Reviews for Generated Pull Request by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/24
    • Add Option to use Release Types (major, minor, patch) for Updates by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/26
    • Improve Documentation by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/27
    • Release v0.7.0 by @saadmk11 in https://github.com/saadmk11/github-actions-version-updater/pull/28

    New Contributors

    • @thehedgefrog made their first contribution in https://github.com/saadmk11/github-actions-version-updater/pull/12

    Full Changelog: https://github.com/saadmk11/github-actions-version-updater/compare/v0.5.6...v0.7.0

    Source code(tar.gz)
    Source code(zip)
  • v0.5.6(Apr 10, 2021)

  • v0.5.5(Apr 8, 2021)

Owner
Maksudul Haque
Web Developer, Open Source Contributor
Maksudul Haque
A Lynx that manages a group that puts the federation first.

Lynx Super Federation Management Group Lynx was created to manage your groups on telegram and focuses on the Lynx Federation. I made this to root out

Unknown 2 Nov 01, 2022
Convert three types of color in your clipboard and paste it to the color property (gamma correct)

ColorPaster [Blender Addon] Convert three types of color in your clipboard and paste it to the color property (gamma correct) How to Use Hover your mo

13 Oct 31, 2022
Learn Python Regular Expressions step by step from beginner to advanced levels

Python re(gex)? Learn Python Regular Expressions step by step from beginner to advanced levels with hundreds of examples and exercises The book also i

Sundeep Agarwal 1.3k Dec 28, 2022
Dev-meme - A repository that contains memes just for people like us

A repository that contains memes just for people like us. Coders are constantly

Padmashree Jha 4 Oct 31, 2022
Script to calculate the italian fiscal code of a person.

fiscal_code Hi! This is my first public repository, so please be kind if it is not well formatted or it contains errors. I started learning Python abo

FrancescoDiMuro 1 Nov 20, 2021
Xbox-Flood is for flood anything

Intruduction Installation Usage Installing Python 3 Wiki Getting Started Creating a Key Intruduction Xbox-Flood is for flooding messages (invitations

kayake 4 Feb 18, 2022
PyDy, short for Python Dynamics, is a tool kit written in the Python

PyDy, short for Python Dynamics, is a tool kit written in the Python programming language that utilizes an array of scientific programs to enable the study of multibody dynamics. The goal is to have

PyDy 307 Jan 01, 2023
Easy installer for running Amazon AVS Device SDK on Raspberry Pi

avs-device-sdk-pi Scripts to enable Alexa voice activation using Picovoice Porcupine If you like the work, find it useful and if you would like to get

4 Nov 14, 2022
A python script based on OpenCV-Python, you can automatically hang up the Destiny 2 Throne to get the Dawning Essence.

A python script based on OpenCV-Python, you can automatically hang up the Destiny 2 Throne to get the Dawning Essence.

1 Dec 19, 2021
MODeflattener deobfuscates control flow flattened functions obfuscated by OLLVM using Miasm.

MODeflattener deobfuscates control flow flattened functions obfuscated by OLLVM using Miasm.

Suraj Malhotra 138 Jan 07, 2023
Manjaro CN Repository

Manjaro CN Repository Automatically built packages based on archlinuxcn/repo and manjarocn/docker. Install Add manjarocn to /etc/pacman.conf: Please m

Manjaro CN 28 Jun 26, 2022
Gmvault: Backup and restore your gmail account

Gmvault: Backup and restore your gmail account Gmvault is a tool for backing up your gmail account and never lose email correspondence. Gmvault is ope

Guillaume Aubert 3.5k Jan 01, 2023
A script to add issues to a project in Github based on label or status.

Add Github Issues to Project (Beta) A python script to move Github issues to a next-gen (beta) Github Project Getting Started These instructions will

Kate Donaldson 3 Jan 16, 2022
Pixelarticons - Pixel Art Icons made simple for Flutter, powered by pixelarticons and fontify

Pixelarticons - Pixel Art Icons made simple for Flutter, powered by pixelarticons and fontify

lask 16 Dec 12, 2022
Tomador de ramos UC automatico para Windows, Linux y macOS

auto-ramos v2.0 Tomador de ramos UC automatico para Windows, Linux y macOS Funcion Este script de Python tiene como principal objetivo hacer que la to

Open Source eUC 13 Jun 29, 2022
Oblique Strategies for Python

Oblique Strategies for Python

Łukasz Langa 3 Feb 17, 2022
i3wm helper tool for workspaces on multiple monitors

i3screens A helper tool for managing i3wm workspaces on multiple monitors. Use-case You have a multi-monitor setup and want to have the "same" workspa

Sebastian Neef 1 Dec 05, 2022
A Python3 script to decode an encoded VBScript file, often seen with a .vbe file extension

vbe-decoder.py Decode one or multiple encoded VBScript files, often seen with a .vbe file extension. Usage usage: vbe-decoder.py [-h] [-o output] file

John Hammond 147 Nov 15, 2022
GWCelery is a simple and reliable package for annotating and orchestrating LIGO/Virgo alerts

GWCelery is a simple and reliable package for annotating and orchestrating LIGO/Virgo alerts, built from widely used open source components.

Min-A Cho Zeno 1 Nov 02, 2021
An extensive password manager built using Python, multiple implementations. Something to meet everyone's taste.

An awesome open-sourced password manager! Explore the docs » View Demo · Report Bug · Request Feature 🐍 Python Password Manager 🔐 An extensive passw

Sam R 7 Sep 28, 2021