Dependabot now updates your Actions workflows
GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a…
GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a web service, or automate welcoming new users to your open source projects—there’s an action for that. Actions can be frequently updated with bug fixes and new features that might make your build faster, more reliable, and safer. To take advantage of updates to actions, you previously had to update your Actions workflow file manually. This led to some workflows using outdated versions of actions.
Now, Dependabot can keep the actions used in your workflow files updated automatically! Dependabot version updates will periodically check your workflow files and the Actions they use and see if new versions are available. If they are, Dependabot will send you a pull request that updates your workflow file to use the new version.
Dependabot creates pull requests that update the action to the latest released tag (e.g., v2), regardless of if you’re currently on a release tag, a pre-release tag, or a specific hash.
Dependabot version updates are fully configurable: you can control how often and when your workflow files are checked, who should be assigned to review the PR, and more.
To enable Dependabot version updates for GitHub Actions, check a dependabot.yml
configuration file into your repository.
You can also use Dependabot version updates on a variety of other package ecosystems and tools, from Ruby’s bundler to .NET’s nuget to elm, using the same configuration file you just created to update your Actions workflows.
Learn more about:
Tags:
Written by
Related posts
Announcing GitHub Secure Open Source Fund: Help secure the open source ecosystem for everyone
Applications for the new GitHub Secure Open Source Fund are now open! Applications will be reviewed on a rolling basis until they close on January 7 at 11:59 pm PT. Programming and funding will begin in early 2025.
Software is a team sport: Building the future of software development together
Microsoft and GitHub are committed to empowering developers around the world to innovate, collaborate, and create solutions that’ll shape the next generation of technology.
Does GitHub Copilot improve code quality? Here’s what the data says
Findings in our latest study show that the quality of code written with GitHub Copilot is significantly more functional, readable, reliable, maintainable, and concise.