Login/Register
How to automatically update versions of GitHub actions (with renovate)?
Asked Answered
Solved continuous-integrationgithub-actionsrenovate
N

2

0

I use renovate as App on GitHub and it successfully updates my package.json.

I would like to have a similar feature for the action files themselves under .github/workflows

For example a step

steps:
 - uses: actions/checkout@v3

should be updated to use current version of action:

steps:
- uses: actions/checkout@v4

=> Is renovate able to do so?

If yes: how to get it working/how to configure correctly to do so?

If no: is there another tool for it? Or do I need to do this manually? (Then I exchanged manual update of package.json with manual update of *.yml)

At

https://docs.renovatebot.com/modules/manager/github-actions/

It states

"Renovate supports updating Github Actions dependencies."

but I do not understand how to activate it.

Edit

Using renovate, my renovate action run through and had green state. Nevertheless, the version of an outdated action has not been updated.

After I understood, that the versions of actions should be updated by renovate with its default configuration, I had a closer look at the log of my renovate action:

INFO: Dependency extraction complete (repository=fraunhofer-isi/micat-next, baseBranch=main)
       "stats": {
         "managers": {
           "github-actions": {"fileCount": 9, "depCount": 33},
           "npm": {"fileCount": 1, "depCount": 57}
         },
         "total": {"fileCount": 10, "depCount": 90}
       }
 INFO: Workflows update rejection - aborting branch. (repository=fraunhofer-isi/micat-next, branch=renovate/actions-setup-node-4.x)

If I interpret this correctly, renovate correctly determined, that actions-setup-node should be updated (from version 2) to version 4.

However, the update somehow got rejected.

Related:

Using the latest version of a GitHub Action

https://github.com/renovatebot/renovate/discussions/28625

Nassi answered 24/4 at 16:41 Comment(2)
I assume you mean "GitHub" in the title, and not GitLab, right? For dependency updates like this one, the built-in method in GitHub is Dependabot.Tallyman
This works out of the box with Renovate. Did you check logs for why it doesn't detect your workflows?Talaria
N
0

Renovate should update the version of workflow actions by default. It does not need to be explicitly enabled in the renovate configuration file.

a) Try to uninstall the renovate GitHub app and install the recent version of the App. That fixed the permission issues for me.

b) You might want to check if the access token has the workflow permission.

User => Settings => Developer Settings => Personal access tokens => Tokens (classic)

enter image description here

If it does not have the permissions, renovate does not show an error. The renovate action runs through and shows a warning like

INFO: Workflows update rejection - aborting branch. (repository=..., branch=renovate/actions-setup-node-4.x)

c) Also check your renovate config file for syntax errors like trailing commas. If it has syntax errors, it might not be applied.

Also see:

https://docs.renovatebot.com/security-and-permissions/#global-permissions

https://github.com/renovatebot/renovate/discussions/19390

Nassi answered 2/5 at 7:50 Comment(0)
N
-1

As an alternative to renovate you could also use dependabot. Put a file dependabot.yml directly under .github folder:

# Set update schedule for GitHub Actions

version: 2
updates:

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      # Check for updates to GitHub Actions every week
      interval: "weekly"

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#example-dependabotyml-file-for-github-actions

Nassi answered 24/4 at 17:14 Comment(2)
Sounds like you came here to promote dependabot when asking a Renovate question 🤔Talaria
How did you come to this conclusion? Does not sound constructive to me.Nassi

© 2022 - 2024 — McMap. All rights reserved.