Dependabot now updates your Actions workflows
GitHub Actions makes it easy to automate all your software workflows, from continuous integration and delivery to issue triage and more. Whether you want to build a container, deploy a web service, or automate welcoming new users to your open source projects—there’s an action for that. Actions can be frequently updated with bug fixes and new features that might make your build faster, more reliable, and safer. To take advantage of updates to actions, you previously had to update your Actions workflow file manually. This led to some workflows using outdated versions of actions.
Now, Dependabot can keep the actions used in your workflow files updated automatically! Dependabot version updates will periodically check your workflow files and the Actions they use and see if new versions are available. If they are, Dependabot will send you a pull request that updates your workflow file to use the new version.
Dependabot creates pull requests that update the action to the latest released tag (e.g., v2), regardless of if you’re currently on a release tag, a pre-release tag, or a specific hash.
Dependabot version updates are fully configurable: you can control how often and when your workflow files are checked, who should be assigned to review the PR, and more.
To enable Dependabot version updates for GitHub Actions, check a
dependabot.yml configuration file into your repository.
You can also use Dependabot version updates on a variety of other package ecosystems and tools, from Ruby’s bundler to .NET’s nuget to elm, using the same configuration file you just created to update your Actions workflows.
Learn more about: