Dependabot now updates your Actions workflows
GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a…
GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a web service, or automate welcoming new users to your open source projects—there’s an action for that. Actions can be frequently updated with bug fixes and new features that might make your build faster, more reliable, and safer. To take advantage of updates to actions, you previously had to update your Actions workflow file manually. This led to some workflows using outdated versions of actions.
Now, Dependabot can keep the actions used in your workflow files updated automatically! Dependabot version updates will periodically check your workflow files and the Actions they use and see if new versions are available. If they are, Dependabot will send you a pull request that updates your workflow file to use the new version.
Dependabot creates pull requests that update the action to the latest released tag (e.g., v2), regardless of if you’re currently on a release tag, a pre-release tag, or a specific hash.
Dependabot version updates are fully configurable: you can control how often and when your workflow files are checked, who should be assigned to review the PR, and more.
To enable Dependabot version updates for GitHub Actions, check a dependabot.yml
configuration file into your repository.
You can also use Dependabot version updates on a variety of other package ecosystems and tools, from Ruby’s bundler to .NET’s nuget to elm, using the same configuration file you just created to update your Actions workflows.
Learn more about:
Tags:
Written by
Related posts
That’s a wrap: GitHub Innovation Graph in 2024
Discover the latest trends and insights on public software development activity on GitHub with the release of Q2 & Q3 2024 data for the Innovation Graph.
Seven years of open source: A more secure and diverse ecosystem
Explore insights into open source community growth, innovation, and inclusivity with an updated survey dataset.
GitHub Availability Report: December 2024
In December, we experienced two incidents that resulted in degraded performance across GitHub services.