{"id":34645935,"url":"https://github.com/xiaolutech/devbox-update-action","last_synced_at":"2026-01-13T20:41:23.870Z","repository":{"id":330303160,"uuid":"1122200814","full_name":"xiaolutech/devbox-update-action","owner":"xiaolutech","description":"update your devbox config .","archived":false,"fork":false,"pushed_at":"2025-12-24T15:46:37.000Z","size":2100,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-26T05:23:59.232Z","etag":null,"topics":["devbox"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xiaolutech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-24T09:15:36.000Z","updated_at":"2025-12-25T12:32:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/xiaolutech/devbox-update-action","commit_stats":null,"previous_names":["xiaolutech/devbox-update-action"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/xiaolutech/devbox-update-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaolutech%2Fdevbox-update-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaolutech%2Fdevbox-update-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaolutech%2Fdevbox-update-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaolutech%2Fdevbox-update-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xiaolutech","download_url":"https://codeload.github.com/xiaolutech/devbox-update-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaolutech%2Fdevbox-update-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28399879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-13T14:36:09.778Z","status":"ssl_error","status_checked_at":"2026-01-13T14:35:19.697Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devbox"],"created_at":"2025-12-24T17:45:16.616Z","updated_at":"2026-01-13T20:41:23.865Z","avatar_url":"https://github.com/xiaolutech.png","language":"TypeScript","readme":"# Devbox Package Updater Action\n\nA GitHub Action that automatically checks and updates Devbox packages in your `devbox.json` and `devbox.lock` files.\n\n## Features\n\n- 🔍 **Automatic Package Discovery**: Scans your `devbox.json` for outdated packages\n- 🚀 **Smart Updates**: Uses the Devbox Search API for accurate version information\n- 📝 **Pull Request Creation**: Creates detailed pull requests with update summaries\n- 🔄 **Incremental Updates**: Intelligently handles multiple runs by updating existing PRs\n- 🛡️ **Error Handling**: Robust error handling with retry mechanisms\n- ⚡ **Fast \u0026 Reliable**: Built with TypeScript and comprehensive testing\n\n## Usage\n\n### Basic Usage\n\n```yaml\nname: Update Devbox Packages\non:\n  schedule:\n    - cron: '0 0 * * 1' # Weekly on Mondays\n  workflow_dispatch: # Manual trigger\n\njobs:\n  update-packages:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: write\n      pull-requests: write\n      metadata: read\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Install Devbox\n        uses: jetpack-io/devbox-install-action@v0.11.0\n        with:\n          enable-cache: true\n      \n      - name: Update Devbox Packages\n        uses: xiaolutech/devbox-update-action@v1\n        with:\n          token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n\u003e **⚠️ Important**: Make sure to include the `permissions` section in your workflow and enable \"Allow GitHub Actions to create and approve pull requests\" in your repository settings. See the [Permissions](#permissions) section for detailed setup instructions.\n\n### Advanced Configuration\n\n```yaml\n- name: Install Devbox\n  uses: jetpack-io/devbox-install-action@v0.11.0\n  with:\n    enable-cache: true\n\n- name: Update Devbox Packages\n  uses: xiaolutech/devbox-update-action@v1\n  with:\n    token: ${{ secrets.GITHUB_TOKEN }}\n    devbox-version: 'latest'\n    branch-prefix: 'devbox-updates'\n    pr-title: 'Update Devbox packages'\n    max-retries: 3\n    update-latest: true\n```\n\n## Inputs\n\n| Input | Description | Required | Default |\n|-------|-------------|----------|---------|\n| `token` | GitHub token for creating pull requests | Yes | `${{ github.token }}` |\n| `devbox-version` | Version of Devbox to install | No | `latest` |\n| `branch-prefix` | Prefix for update branch names | No | `devbox-updates` |\n| `pr-title` | Title template for pull requests | No | `Update Devbox packages` |\n| `max-retries` | Maximum number of retries for network operations | No | `3` |\n| `update-latest` | Whether to refresh lock files for packages marked as \"latest\" | No | `false` |\n\n## Outputs\n\n| Output | Description |\n|--------|-------------|\n| `changes` | Whether any package updates were found and applied |\n| `update-summary` | Summary of all package updates |\n| `pr-number` | Pull request number if created |\n| `pr-updated` | Whether an existing PR was updated |\n| `existing-pr-found` | Whether an existing update PR was found |\n| `error-message` | Error message if the action failed |\n\n## How It Works\n\n1. **Discovery**: Scans your `devbox.json` file for package dependencies\n2. **Version Check**: Queries the Devbox Search API for the latest versions\n3. **Update Detection**: Compares current versions with latest available versions\n4. **File Updates**: Updates `devbox.json` and regenerates `devbox.lock`\n5. **Pull Request**: Creates or updates a pull request with the changes\n\n### Handling \"latest\" Packages\n\nBy default, packages marked as `latest` (e.g., `nodejs@latest`) are not updated to preserve the user's intent to always use the latest version. However, you can enable lock file refreshing for these packages:\n\n- **`update-latest: false`** (default): Packages like `nodejs@latest` remain unchanged, and their lock files are not refreshed\n- **`update-latest: true`**: The action will regenerate lock files for `latest` packages to ensure they resolve to the actual latest versions, while keeping `devbox.json` unchanged\n\nThis is useful when you want to periodically refresh the resolved versions in your lock file without changing your package specifications.\n\n## Requirements\n\n- A repository with a `devbox.json` file\n- GitHub Actions enabled\n- Repository configured to allow GitHub Actions to create pull requests (see [Permissions](#permissions))\n- Node.js 22+ (for local development)\n\n### Permissions\n\nThis action requires the following GitHub permissions:\n\n- **`contents: write`** - To create and manage branches for pull requests\n- **`pull-requests: write`** - To create and update pull requests\n- **`metadata: read`** - To read repository information (usually granted by default)\n\n#### Workflow Configuration\n\nYou can configure these permissions in your workflow file:\n\n```yaml\njobs:\n  update-packages:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: write\n      pull-requests: write\n    steps:\n      # ... your steps\n```\n\n#### Repository Settings\n\n**Important**: If you encounter the error \"GitHub Actions is not permitted to create or approve pull requests\", you need to enable this feature in your repository settings:\n\n1. Go to your GitHub repository\n2. Click **Settings** tab\n3. Navigate to **Actions** → **General** in the left sidebar\n4. Scroll down to **Workflow permissions** section\n5. Select **Read and write permissions**\n6. ✅ Check **Allow GitHub Actions to create and approve pull requests**\n7. Click **Save**\n\n![GitHub Actions Permissions](https://docs.github.com/assets/cb-45061/images/help/repository/actions-workflow-permissions-repository.png)\n\n\u003e **Note**: This is a repository-level setting that must be enabled by repository administrators. Without this setting, the action will fail with permission errors even if the workflow has the correct permissions configured.\n\n## Troubleshooting\n\n### Common Issues\n\n#### \"GitHub Actions is not permitted to create or approve pull requests\"\n\nThis error occurs when the repository settings don't allow GitHub Actions to create PRs. See the [Permissions](#permissions) section for the complete setup guide.\n\n#### \"No commits between main and [branch-name]\"\n\nThis error indicates that the action created a branch but didn't commit any changes to it. This can happen when:\n\n1. **No actual updates were found**: The packages are already up to date\n2. **File update failed**: The action detected updates but failed to apply them\n3. **Git commit failed**: Files were updated but not committed to the branch\n\n**Solution**: Check the action logs for any errors during the \"File Updates\" phase. The action should automatically commit changes after updating files.\n\n#### \"Devbox is not installed or not available in PATH\"\n\nThe action requires Devbox to be installed to regenerate lock files. Make sure your workflow includes Devbox installation:\n\n```yaml\n- name: Install Devbox\n  uses: jetpack-io/devbox-install-action@v0.11.0\n  with:\n    enable-cache: true\n\n- name: Update Devbox Packages\n  uses: xiaolutech/devbox-update-action@v1\n  with:\n    token: ${{ secrets.GITHUB_TOKEN }}\n```\n\nThis action is built with TypeScript and uses:\n\n- **Testing**: Jest with fast-check for property-based testing\n- **Linting**: ESLint with TypeScript support\n- **Building**: Vercel's ncc for bundling\n\n### Building\n\n```bash\nnpm install\nnpm run build\n```\n\n### Testing\n\n```bash\nnpm test\n```\n\n### Important: Dist Directory\n\nThe `dist/` directory contains the compiled JavaScript code that GitHub Actions actually runs. This directory **must be committed** to the repository because:\n\n- GitHub Actions runs the compiled JavaScript, not the TypeScript source\n- All dependencies are bundled into `dist/index.js` for faster execution\n- The `action.yml` file references `dist/index.js` as the main entry point\n\nAlways run `npm run build` before committing changes to ensure the `dist/` directory is up to date.\n\n## License\n\nMIT License - see [LICENSE](LICENSE) file for details.\n\n## Contributing\n\nContributions are welcome! Please read our contributing guidelines and submit pull requests to our repository.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxiaolutech%2Fdevbox-update-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxiaolutech%2Fdevbox-update-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxiaolutech%2Fdevbox-update-action/lists"}