{"id":14065339,"url":"https://github.com/saadmk11/github-actions-version-updater","last_synced_at":"2025-04-04T14:08:37.867Z","repository":{"id":39659301,"uuid":"355245107","full_name":"saadmk11/github-actions-version-updater","owner":"saadmk11","description":"A GitHub Action that Updates All GitHub Actions in a Repository and Creates a Pull Request with the Updates","archived":false,"fork":false,"pushed_at":"2025-03-03T21:27:10.000Z","size":157,"stargazers_count":93,"open_issues_count":16,"forks_count":17,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-28T13:09:42.637Z","etag":null,"topics":["action","actions","dependencies","dependency","dependency-management","dependency-manager","github-actions","github-api","hacktoberfest","python","python3","update","update-checker","updater","upgrade","upgrade-tool"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/github-actions-version-updater","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saadmk11.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-06T15:47:08.000Z","updated_at":"2025-02-11T15:20:14.000Z","dependencies_parsed_at":"2023-02-19T15:31:43.058Z","dependency_job_id":"f34b1daf-0e45-4749-a71b-cff37cf048af","html_url":"https://github.com/saadmk11/github-actions-version-updater","commit_stats":{"total_commits":188,"total_committers":12,"mean_commits":"15.666666666666666","dds":"0.19148936170212771","last_synced_commit":"70836b4e54a00bab1eee59184cbc74803b72d98f"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saadmk11%2Fgithub-actions-version-updater","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saadmk11%2Fgithub-actions-version-updater/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saadmk11%2Fgithub-actions-version-updater/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saadmk11%2Fgithub-actions-version-updater/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saadmk11","download_url":"https://codeload.github.com/saadmk11/github-actions-version-updater/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247157275,"owners_count":20893219,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","actions","dependencies","dependency","dependency-management","dependency-manager","github-actions","github-api","hacktoberfest","python","python3","update","update-checker","updater","upgrade","upgrade-tool"],"created_at":"2024-08-13T07:04:26.334Z","updated_at":"2025-04-04T14:08:37.851Z","avatar_url":"https://github.com/saadmk11.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"## GitHub Actions Version Updater\n\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/saadmk11/github-actions-version-updater?style=flat-square)](https://github.com/saadmk11/github-actions-version-updater/releases/latest)\n[![GitHub](https://img.shields.io/github/license/saadmk11/github-actions-version-updater?style=flat-square)](https://github.com/saadmk11/github-actions-version-updater/blob/main/LICENSE)\n[![GitHub Marketplace](https://img.shields.io/badge/Get%20It-on%20Marketplace-orange?style=flat-square)](https://github.com/marketplace/actions/github-actions-version-updater)\n[![GitHub stars](https://img.shields.io/github/stars/saadmk11/github-actions-version-updater?color=success\u0026style=flat-square)](https://github.com/saadmk11/github-actions-version-updater/stargazers)\n![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/saadmk11/github-actions-version-updater/changelog-ci.yaml?label=Changelog%20CI\u0026style=flat-square)\n\n**GitHub Actions Version Updater** is a GitHub Action that is used to **Update All GitHub Actions** in a Repository\nand create a **pull request** with the updates (if enabled).\nIt is an automated dependency updater similar to GitHub's **Dependabot** but for GitHub Actions.\n\n### How Does It Work?\n\n* GitHub Actions Version Updater first goes through all the **workflows**\n in a repository and **checks for updates** for each of the action used in those workflows.\n\n* If an update is found and if that action is **not ignored** then the workflows are updated\n with the **new version** of the action being used.\n\n* If at least one workflow file is updated then a new branch is created with the changes and pushed to GitHub. (If enabled)\n\n* Finally, a pull request is created with the newly created branch. (If enabled)\n\n### Supported Version Fetch Sources\n\n- **`release-tag` (default):** Uses **specific release tag** from **the latest release** to update a GitHub Action. (e.g. `actions/checkout@v1.2.3`)\n\n- **`release-commit-sha`:** Uses the **latest release tag commit SHA** to update a GitHub Action. (e.g. `actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f`)\n\n- **`default-branch-sha`:** Uses **default branch** (e.g: `main`, `master`) **latest commit SHA** to update a GitHub Action. (e.g. `actions/checkout@c18e2a1b1a95d0c5c63af210857e8718a479f56f`)\n\nYou can use `update_version_with` input option to select one of them. (e.g. `update_version_with: 'default-branch-sha'`)\n\n### Release Types\n\n- **`all` (default):** Actions with **any** new release will be updated.\n- **`major`:** Actions with only new **major** release will be updated.\n- **`minor`:** Actions with only new **minor** release will be updated.\n- **`patch`:** Actions with only new **patch** release will be updated.\n\nYou can use `release_types` input option to select one/all of them. (e.g. `\"major, minor\"`)\n\n### Usage\n\nWe recommend running this action on a [`schedule`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#schedule)\nevent or a [`workflow_dispatch`](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch) event.\n\nTo integrate `GitHub Actions Version Updater` on your repository, create a `YAML` file\ninside `.github/workflows/` directory (e.g: `.github/workflows/updater.yaml`) add the following lines into the file:\n\n```yaml\nname: GitHub Actions Version Updater\n\n# Controls when the action will run.\non:\n schedule:\n # Automatically run on every Sunday\n - cron: '0 0 * * 0'\n\njobs:\n build:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v4\n with:\n # [Required] Access token with `workflow` scope.\n token: ${{ secrets.WORKFLOW_SECRET }}\n\n - name: Run GitHub Actions Version Updater\n uses: saadmk11/github-actions-version-updater@v0.8.1\n with:\n # [Required] Access token with `workflow` scope.\n token: ${{ secrets.WORKFLOW_SECRET }}\n```\n\n### Workflow input options\n\nThese are the inputs that can be provided on the workflow.\n\n| Name | Required | Description | Default | Example |\n|--------------------------------------|----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------|--------------------------------------------|\n| `token` | Yes | GitHub Access Token with `workflow` scope (The Token needs to be added to the actions secrets) | `null` | `${{ secrets.WORKFLOW_SECRET }}` |\n| `committer_username` | No | Name of the user who will commit the changes to GitHub | \"github-actions[bot]\" | \"Test User\" |\n| `committer_email` | No | Email Address of the user who will commit the changes to GitHub | \"github-actions[bot]@users.noreply.github.com\" | \"test@test.com\" |\n| `commit_message` | No | Commit message for the commits created by the action | \"Update GitHub Action Versions\" | \"Custom Commit Message\" |\n| `pull_request_title` | No | Title of the pull requests generated by the action | \"Update GitHub Action Versions\" | \"Custom PR Title\" |\n| `pull_request_branch` (Experimental) | No | The pull request branch name. (If provided, the action will force push to the branch) | \"gh-actions-update-\u003ctimestamp\u003e\" | \"github/actions-update\" |\n| `ignore` | No | A comma separated string of GitHub Actions to ignore updates for | `null` | \"actions/checkout@v2, actions/cache@v2\" |\n| `skip_pull_request` | No | If **\"true\"**, the action will only check for updates and if any update is found the job will fail and update the build summary with the diff (**Options:** \"true\", \"false\") | \"false\" | \"true\" |\n| `update_version_with` | No | Use The Latest Release Tag/Commit SHA or Default Branch Commit SHA to update the actions (**options:** \"release-tag\", \"release-commit-sha\", \"default-branch-sha\"') | \"release-tag\" | \"release-commit-sha\" |\n| `release_types` | No | A comma separated string of release types to use when updating the actions. By default, all release types are used to update the actions. Only Applicable for **\"release-tag\", \"release-commit-sha\"** (**Options:** \"major\", \"minor\", \"patch\" **[one or many seperated by comma]**) | \"all\" | \"minor, patch\" |\n| `pull_request_user_reviewers` | No | A comma separated string (usernames) which denotes the users that should be added as reviewers to the pull request | `null` | \"octocat, hubot, other_user\" |\n| `pull_request_team_reviewers` | No | A comma separated string (team slugs) which denotes the teams that should be added as reviewers to the pull request | `null` | \"justice-league, other_team\" |\n| `pull_request_labels` | No | A comma separated string (label names) which denotes the labels which will be added to the pull request | `null` | \"dependencies, automated\" |\n| `extra_workflow_locations` | No | A comma separated string of file or directory paths to look for workflows. By default, only the workflow files in the `.github/workflows` directory are checked updates | `null` | \"path/to/directory, path/to/workflow.yaml\" |\n\n#### Workflow with all options\n\n```yaml\nname: GitHub Actions Version Updater\n\n# Controls when the action will run.\non:\n # can be used to run workflow manually\n workflow_dispatch:\n schedule:\n # Automatically run on every Sunday\n - cron: '0 0 * * 0'\n\njobs:\n build:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v4\n with:\n # [Required] Access token with `workflow` scope.\n token: ${{ secrets.WORKFLOW_SECRET }}\n\n - name: Run GitHub Actions Version Updater\n uses: saadmk11/github-actions-version-updater@v0.8.1\n with:\n # [Required] Access token with `workflow` scope.\n token: ${{ secrets.WORKFLOW_SECRET }}\n committer_username: 'Test'\n committer_email: 'test@test.com'\n commit_message: 'Commit Message'\n pull_request_title: 'Pull Request Title'\n ignore: 'actions/checkout@v2, actions/cache@v2'\n skip_pull_request: 'false'\n update_version_with: 'release-tag'\n release_types: \"minor, patch\"\n pull_request_user_reviewers: \"octocat, hubot, other_user\"\n pull_request_team_reviewers: \"justice-league, other_team\"\n pull_request_labels: \"dependencies, automated\"\n extra_workflow_locations: \"path/to/directory, path/to/workflow.yaml\"\n # [Experimental]\n pull_request_branch: \"actions-update\"\n```\n\n### Important Note\n\nGitHub does not allow updating workflow files inside a workflow run.\nThe token generated by GitHub in every workflow (`${{secrets.GITHUB_TOKEN}}`) does not have\npermission to update a workflow. That's why you need to create a [Personal Access Token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token)\n\n**For Personal Access Token (Classic):**\n\nYou need to create a classic Personal Access Token with these scopes:\n\n- `repo` (To Push Changes to the Repository and Create Pull Requests)\n- `workflow` (To Update GitHub Action workflow files)\n\n**For Fine-grained Personal Access Token:**\n\nYou need to create a Fine-grained Personal Access Token with these Repository permissions:\n\n- `Contents: Read and write` (To Push Changes to the Repository)\n- `Workflows: Read and write` (To Update GitHub Action workflow files)\n- `Pull requests: Read and write` (To Create Pull Requests)\n- `Metadata: Read-only` (Required by Above Permissions)\n\nAfter creating the token, you need to add it to your repository actions secrets and use it in the workflow.\nTo know more about how to pass a secret to GitHub actions you can [Read GitHub Docs](https://docs.github.com/en/actions/reference/encrypted-secrets)\n\n### A note about Git Large File Storage (LFS)\n\nIf your repository uses [Git LFS](https://git-lfs.github.com/), you will need to manually remove the LFS-related hook files, otherwise the action\nwill fail because Git will not be able to create a branch because the lfs executable is not installed inside the\ncontainer used by this action.\n\nTo work around this, just remove the hook files manually as an extra step **before** this action executes:\n\n```yaml\n# ...\njobs:\n build:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v4\n with:\n token: ${{ secrets.WORKFLOW_SECRET }}\n lfs: false\n\n - name: Remove LFS hooks\n # This repository uses Git LFS, but it not being\n # in the container causes the action to fail to create a new branch.\n # Removing the hooks manually is harmless and works around this issue.\n run: |\n rm .git/hooks/post-checkout\n rm .git/hooks/pre-push\n\n - name: Run GitHub Actions Version Updater\n uses: saadmk11/github-actions-version-updater@v0.8.1\n with:\n # ...\n```\n\n### Outputs\n\n| Output Name | Description |\n| ----------- |-----------------------------------------|\n| `GHA_UPDATE_PR_NUMBER` | The number of the created pull request. |\n\n#### Example Workflow\n\n```yaml\nname: GitHub Actions Version Updater\n\n# Controls when the action will run.\non:\n # can be used to run workflow manually\n workflow_dispatch:\n schedule:\n # Automatically run on every Sunday\n - cron: '0 0 * * 0'\n\njobs:\n build:\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v4\n with:\n # [Required] Access token with `workflow` scope.\n token: ${{ secrets.WORKFLOW_SECRET }}\n\n - name: Run GitHub Actions Version Updater\n uses: saadmk11/github-actions-version-updater@v0.8.1\n # Required to get the PR number\n id: gha-update\n with:\n # [Required] Access token with `workflow` scope.\n token: ${{ secrets.WORKFLOW_SECRET }}\n skip_pull_request: 'false'\n - name: Get PR Number\n run: echo \"The PR Number is ${{ steps.gha-update.outputs.GHA_UPDATE_PR_NUMBER }}\"\n```\n\n### Alternative\n\nYou can also use [Dependabot](https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-dependabot) to update your GitHub Actions.\n\n\n### GitHub Actions Version Updater in Action\n\n![GitHub Actions Version Updater Demo](https://user-images.githubusercontent.com/24854406/113888349-15dbdc00-97e4-11eb-91a6-622828455d1f.gif)\n\n\n### License\n\nThe code in this project is released under the [MIT License](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaadmk11%2Fgithub-actions-version-updater","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaadmk11%2Fgithub-actions-version-updater","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaadmk11%2Fgithub-actions-version-updater/lists"}