DEV Community

loading...

GitHub Actions Version Updater, Similar to GitHub's Dependabot, but for GitHub Actions

Maksudul Haque
Web Developer, Python, Django, Open Source Contributor
Updated on ・3 min read

GitHub Actions Version Updater is GitHub Action that Updates Other GitHub Actions in a Repository and creates a pull request with those updates. It is an automated dependency updater similar to GitHub's Dependabot, but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows
    in a repository and checks for updates for each of the actions used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated
    with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

GitHub repository:

GitHub logo saadmk11 / github-actions-version-updater

GitHub Actions Version Updater Updates All GitHub Action Versions in a Repository and Creates a Pull Request with the Changes.

GitHub Actions Version Updater

GitHub release (latest by date) GitHub GitHub Marketplace GitHub stars GitHub Workflow Status

GitHub Actions Version Updater is GitHub Action that is used to update other GitHub Actions in a Repository and create a pull request with the updates. It is an automated dependency updater similar to GitHub's Dependabot but for GitHub Actions.

How Does It Work:

  • GitHub Actions Version Updater first goes through all the workflows in a repository and checks for updates for each of the action used in those workflows.

  • If an update is found and if that action is not ignored then the workflows are updated with the latest release of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub.

  • Finally, a pull request is created with the newly created branch.

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub

Marketplace:

https://github.com/marketplace/actions/github-actions-version-updater

Usage:

We recommend running this action on a schedule event or a workflow_dispatch event.

To integrate GitHub Actions Version Updater on your repository, create a YAML file inside .github/workflows/ directory (.github/workflows/updater.yaml) add the following into the file:

name: GitHub Actions Version Updater

# Controls when the action will run. 
on:
  # can be used to run workflow manually
  workflow_dispatch:
  schedule:
    # Automatically run on every Sunday
    - cron:  '0 0 * * 0'

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}

      - name: Run GitHub Actions Version Updater
        uses: saadmk11/github-actions-version-updater@v0.5.6
        with:
          # Access token with `workflow` scope is required
          token: ${{ secrets.WORKFLOW_SECRET }}
          # Do not update these actions (Optional)
          # You need to add JSON array inside a string
          # because GitHub Actions does not yet allow `Lists` as input
          ignore: '["actions/checkout@v2", "actions/cache@v2"]'
Enter fullscreen mode Exit fullscreen mode

Important Note:

GitHub does not allow updating workflow files inside a workflow run. The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not have permission to update a workflow. That's why you need to create a Personal Access Token
with repo and workflow scope and pass it to the action.

To know more about how to pass a secret to GitHub actions you can Read GitHub Docs

GitHub Actions Version Updater in Action:

GitHub Actions Version Updater Demo

Pull Request Created by GitHub Actions Version Updater:

GitHub Actions Version Updater Pull Request

Pull Request File Changes:

GitHub Actions Version Updater Pull Request Changes

Conclusion

I think this will be really helpful for Open Source Maintainers to manage GitHub actions dependencies. If anyone is interested please try GitHub Actions Version Updater out and leave some feedback :)

If you have any questions you can reach out to me on Twitter @saad_mk11

Discussion (0)