Package Exports
- actions-up
- actions-up/package.json
Readme
Actions Up!
Actions Up scans your workflows and composite actions to discover every referenced GitHub Action, then checks for newer releases.
Interactively upgrade and pin actions to exact commit SHAs for secure, reproducible CI and low‑friction maintenance.
Features
- Auto-discovery - Scans all workflows (
.github/workflows/*.yml) and composite actions (.github/actions/*/action.yml) - SHA Pinning - Updates actions to use commit SHA instead of tags for better security
- Batch Updates - Update multiple actions at once
- Interactive Selection - Choose which actions to update
- Breaking Changes Detection - Warns about major version updates
- Fast & Efficient - Parallel processing with optimized API calls
Installation
npm install -g actions-upOr use directly with npx:
npx actions-upUsage
Interactive Mode (Default)
Run in your repository root:
actions-upThis will:
- Scan all
.github/workflows/*.ymland.github/actions/*/action.ymlfiles - Check for available updates
- Show an interactive list to select updates
- Apply selected updates with SHA pinning
Auto-Update Mode
Skip all prompts and update everything:
actions-up --yes
# or
actions-up -yWith GitHub Token
To avoid rate limits create a GitHub personal access token and set it as an environment variable:
GITHUB_TOKEN=ghp_xxxx actions-upExample
# Before
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
# After running actions-up
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0Configuration
Environment Variables
GITHUB_TOKEN- GitHub personal access token for API requests (optional but recommended)
Security
Actions Up promotes security best practices:
- SHA Pinning: Uses commit SHA instead of mutable tags
- Version Comments: Adds version as comment for readability
- No Auto-Updates: Full control over what gets updated
Contributing
See Contributing Guide.
License
MIT © Azat S.