Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates

License

NotificationsYou must be signed in to change notification settings

saadmk11/github-actions-version-updater

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

GitHub release (latest by date)GitHubGitHub MarketplaceGitHub starsGitHub Workflow Status

GitHub Actions Version Updater is a GitHub Action that is used toUpdate All GitHub Actions in a Repositoryand create apull request with the updates (if enabled).It is an automated dependency updater similar to GitHub'sDependabot but for GitHub Actions.

How Does It Work?

  • GitHub Actions Version Updater first goes through all theworkflowsin a repository andchecks for updates for each of the action used in those workflows.

  • If an update is found and if that action isnot ignored then the workflows are updatedwith thenew version of the action being used.

  • If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub. (If enabled)

  • Finally, a pull request is created with the newly created branch. (If enabled)

Supported Version Fetch Sources

  • release-tag (default): Usesspecific release tag fromthe latest release to update a GitHub Action. (e.g.actions/checkout@v1.2.3)

  • release-commit-sha: Uses thelatest release tag commit SHA to update a GitHub Action. (e.g.actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f)

  • default-branch-sha: Usesdefault branch (e.g:main,master)latest commit SHA to update a GitHub Action. (e.g.actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f)

You can useupdate_version_with input option to select one of them. (e.g.update_version_with: 'default-branch-sha')

Release Types

  • all (default): Actions withany new release will be updated.
  • major: Actions with only newmajor release will be updated.
  • minor: Actions with only newminor release will be updated.
  • patch: Actions with only newpatch release will be updated.

You can userelease_types input option to select one/all of them. (e.g."major, minor")

Usage

We recommend running this action on ascheduleevent or aworkflow_dispatch event.

To integrateGitHub Actions Version Updater on your repository, create aYAML fileinside.github/workflows/ directory (e.g:.github/workflows/updater.yaml) add the following lines into the file:

name:GitHub Actions Version Updater# Controls when the action will run.on:schedule:# Automatically run on every Sunday    -cron:'0 0 * * 0'jobs:build:runs-on:ubuntu-lateststeps:      -uses:actions/checkout@v4with:# [Required] Access token with `workflow` scope.token:${{ secrets.WORKFLOW_SECRET }}      -name:Run GitHub Actions Version Updateruses:saadmk11/github-actions-version-updater@v0.9.0with:# [Required] Access token with `workflow` scope.token:${{ secrets.WORKFLOW_SECRET }}

Workflow input options

These are the inputs that can be provided on the workflow.

NameRequiredDescriptionDefaultExample
tokenYesGitHub Access Token withworkflow scope (The Token needs to be added to the actions secrets)null${{ secrets.WORKFLOW_SECRET }}
committer_usernameNoName of the user who will commit the changes to GitHub"github-actions[bot]""Test User"
committer_emailNoEmail Address of the user who will commit the changes to GitHub"github-actions[bot]@users.noreply.github.com""test@test.com"
commit_messageNoCommit message for the commits created by the action"Update GitHub Action Versions""Custom Commit Message"
pull_request_titleNoTitle of the pull requests generated by the action"Update GitHub Action Versions""Custom PR Title"
pull_request_branch (Experimental)NoThe pull request branch name. (If provided, the action will force push to the branch)"gh-actions-update-""github/actions-update"
ignoreNoA comma separated string of GitHub Actions to ignore updates fornull"actions/checkout@v2, actions/cache@v2"
skip_pull_requestNoIf"true", the action will only check for updates and if any update is found the job will fail and update the build summary with the diff (Options: "true", "false")"false""true"
update_version_withNoUse The Latest Release Tag/Commit SHA or Default Branch Commit SHA to update the actions (options: "release-tag", "release-commit-sha", "default-branch-sha"')"release-tag""release-commit-sha"
release_typesNoA comma separated string of release types to use when updating the actions. By default, all release types are used to update the actions. Only Applicable for"release-tag", "release-commit-sha" (Options: "major", "minor", "patch"[one or many seperated by comma])"all""minor, patch"
pull_request_user_reviewersNoA comma separated string (usernames) which denotes the users that should be added as reviewers to the pull requestnull"octocat, hubot, other_user"
pull_request_team_reviewersNoA comma separated string (team slugs) which denotes the teams that should be added as reviewers to the pull requestnull"justice-league, other_team"
pull_request_labelsNoA comma separated string (label names) which denotes the labels which will be added to the pull requestnull"dependencies, automated"
extra_workflow_locationsNoA comma separated string of file or directory paths to look for workflows. By default, only the workflow files in the.github/workflows directory are checked updatesnull"path/to/directory, path/to/workflow.yaml"

Workflow with all options

name:GitHub Actions Version Updater# Controls when the action will run.on:# can be used to run workflow manuallyworkflow_dispatch:schedule:# Automatically run on every Sunday    -cron:'0 0 * * 0'jobs:build:runs-on:ubuntu-lateststeps:      -uses:actions/checkout@v4with:# [Required] Access token with `workflow` scope.token:${{ secrets.WORKFLOW_SECRET }}      -name:Run GitHub Actions Version Updateruses:saadmk11/github-actions-version-updater@v0.9.0with:# [Required] Access token with `workflow` scope.token:${{ secrets.WORKFLOW_SECRET }}committer_username:'Test'committer_email:'test@test.com'commit_message:'Commit Message'pull_request_title:'Pull Request Title'ignore:'actions/checkout@v2, actions/cache@v2'skip_pull_request:'false'update_version_with:'release-tag'release_types:"minor, patch"pull_request_user_reviewers:"octocat, hubot, other_user"pull_request_team_reviewers:"justice-league, other_team"pull_request_labels:"dependencies, automated"extra_workflow_locations:"path/to/directory, path/to/workflow.yaml"# [Experimental]pull_request_branch:"actions-update"

Important Note

GitHub does not allow updating workflow files inside a workflow run.The token generated by GitHub in every workflow (${{secrets.GITHUB_TOKEN}}) does not havepermission to update a workflow. That's why you need to create aPersonal Access Token

For Personal Access Token (Classic):

You need to create a classic Personal Access Token with these scopes:

  • repo (To Push Changes to the Repository and Create Pull Requests)
  • workflow (To Update GitHub Action workflow files)

For Fine-grained Personal Access Token:

You need to create a Fine-grained Personal Access Token with these Repository permissions:

  • Contents: Read and write (To Push Changes to the Repository)
  • Workflows: Read and write (To Update GitHub Action workflow files)
  • Pull requests: Read and write (To Create Pull Requests)
  • Metadata: Read-only (Required by Above Permissions)

After creating the token, you need to add it to your repository actions secrets and use it in the workflow.To know more about how to pass a secret to GitHub actions you canRead GitHub Docs

A note about Git Large File Storage (LFS)

If your repository usesGit LFS, you will need to manually remove the LFS-related hook files, otherwise the actionwill fail because Git will not be able to create a branch because the lfs executable is not installed inside thecontainer used by this action.

To work around this, just remove the hook files manually as an extra stepbefore this action executes:

# ...jobs:build:runs-on:ubuntu-lateststeps:      -uses:actions/checkout@v4with:token:${{ secrets.WORKFLOW_SECRET }}lfs:false      -name:Remove LFS hooks# This repository uses Git LFS, but it not being# in the container causes the action to fail to create a new branch.# Removing the hooks manually is harmless and works around this issue.run:|          rm .git/hooks/post-checkout          rm .git/hooks/pre-push      -name:Run GitHub Actions Version Updateruses:saadmk11/github-actions-version-updater@v0.9.0with:# ...

Outputs

Output NameDescription
GHA_UPDATE_PR_NUMBERThe number of the created pull request.

Example Workflow

name:GitHub Actions Version Updater# Controls when the action will run.on:# can be used to run workflow manuallyworkflow_dispatch:schedule:# Automatically run on every Sunday    -cron:'0 0 * * 0'jobs:build:runs-on:ubuntu-lateststeps:      -uses:actions/checkout@v4with:# [Required] Access token with `workflow` scope.token:${{ secrets.WORKFLOW_SECRET }}      -name:Run GitHub Actions Version Updateruses:saadmk11/github-actions-version-updater@v0.9.0# Required to get the PR numberid:gha-updatewith:# [Required] Access token with `workflow` scope.token:${{ secrets.WORKFLOW_SECRET }}skip_pull_request:'false'      -name:Get PR Numberrun:echo "The PR Number is ${{ steps.gha-update.outputs.GHA_UPDATE_PR_NUMBER }}"

Alternative

You can also useDependabot to update your GitHub Actions.

GitHub Actions Version Updater in Action

GitHub Actions Version Updater Demo

License

The code in this project is released under theMIT License.

[8]ページ先頭
©2009-2025 Movatter.jp