A GitHub Action that checks if your GitHub Actions dependencies are up to date and suggests updates. π
- Scans your workflow files for GitHub Actions dependencies
- Checks the latest available version for each action
- Identifies outdated actions and suggests updates
- Supports both version tags and branch references
- Provides detailed output with file locations and line numbers
Check out the article on dev.to about building this tool and lessons learned about version comparison in GitHub Actions.
The action checks each unique combination of owner/repo/version separately. This means:
- If you use the same action with different versions (e.g.,
actions/checkout@v3andactions/checkout@v4), each version will be checked independently - The status report will show whether each specific version is up to date
- If a version check fails (e.g., due to network issues or invalid version), you'll see a "version check failed" message
- For each version, the action first compares commit SHAs:
- If both versions point to the same commit, they are considered equal regardless of version numbers
- If commits differ, the action compares versions using semantic versioning rules
- For non-semver versions (like branches or custom tags), the action uses commit dates for comparison
- The report includes all locations where a specific version is used
- When the same commit is referenced by different version tags (e.g.,
v4andv4.2.2), the action will show your current version as up to date
- β up to date: The version you're using is the latest available or points to the same commit as the latest version
β οΈ update available: A newer version is available (shows current and latest version with their SHAs)- β version check failed: Could not compare versions (e.g., due to network issues or invalid version)
- name: Checkout repository
uses: actions/checkout@v4
- name: Check GitHub Actions Versions
uses: mateuszgorniak/github-actions-versioner@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}| Name | Description | Required | Default |
|---|---|---|---|
token |
GitHub token for API access | Yes | - |
workflow_path |
Path to workflow files. Can be either absolute (starting with /) or relative to the workspace root. |
No | ${{ github.workspace }}/.github/workflows |
| Name | Description |
|---|---|
status |
Status of the check |
outdated_actions |
List of outdated actions |
The action handles paths in the following way:
- If an absolute path is provided (starting with
/), it is used as is - If a relative path is provided, it is joined with the workspace root
- If no path is provided, it defaults to
${{ github.workspace }}/.github/workflows
Found 5 workflow files
Found 12 action dependencies
Found 8 unique actions
Dependency Report:
actions/checkout@v3 (workflow1.yml:1) - β version check failed - could not compare versions
actions/checkout@v4 (workflow2.yml:2) - β
up to date
actions/setup-node@v3 (workflow1.yml:3) - β οΈ update available: v3 (abc123) -> v4.2.2 (def456)
actions/cache@v2 (workflow2.yml:3) - β οΈ update available: v2 (123abc) -> v3 (456def)
We're proud to be used by various organizations and projects. Here are some of them:
- [Your organization/project name here] - Add your organization or project by submitting a PR!
-
Install dependencies:
npm install
-
Build the project:
npm run build
-
Run tests:
npm test -
Package the action:
npm run package
This project is licensed under the MIT License - see the LICENSE file for details.
For detailed information about security and privacy, please refer to:
- Security Policy - Information about security measures, vulnerability reporting, and supported versions
- Privacy Policy - Details about data collection, processing, and retention
This action is provided "as is" without warranty of any kind, either express or implied. The maintainers of this action are not responsible for any damages or liabilities that may arise from its use.
If you find this project useful and would like to support its development, you can:
- Sponsor me on GitHub - Support the project with a monthly contribution
- Star the repository - Help increase the project's visibility
Your support helps maintain and improve the project. Thank you! π