Check and update GitHub Action versions in workflow files.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
github-actions-version-check
A CLI tool to check and update GitHub Action versions in workflow files.
It scans .github/workflows, detects outdated uses: references, and can optionally rewrite them in place.
✨ Features
- Detect outdated GitHub Actions (
uses: owner/repo@ref) - Supports semantic version comparison
- Safe updates within the same major version by default
- Optional major upgrades (
--allow-major) - In-place rewriting (
--fix) - Pre-commit integration
- XDG-compliant cache (with TTL) to reduce GitHub API calls
- Works without a token (but supports
GITHUB_TOKENfor higher limits)
📦 Installation
Using uv (recommended)
uvx github-actions-version-check
Using pipx
pipx install github-actions-version-check
🚀 Usage
Check workflows
github-actions-version-check
Exit codes:
0→ everything is up to date2→ outdated refs found1→ error
Check a specific directory
github-actions-version-check /path/to/repo
Fix outdated versions
github-actions-version-check --fix
Allow major upgrades
github-actions-version-check --fix --allow-major
Show version
github-actions-version-check --version
⚙️ Configuration
Environment variables
| Variable | Description |
|---|---|
GITHUB_TOKEN |
Optional GitHub token to avoid rate limits |
GITHUB_ACTIONS_VERSION_CHECK_CACHE_TTL_DAYS |
Cache TTL (default: 7 days) |
GITHUB_ACTIONS_VERSION_CHECK_NO_CACHE |
Disable cache |
🧠 How it works
- Scans
.github/workflows/*.ymland.yaml - Extracts
uses:lines - Resolves latest versions via GitHub API
- Compares semantic versions
- Optionally rewrites outdated refs
Supported patterns
uses: actions/checkout@v4
uses: owner/repo@v1.2.3
Limitations
- Only simple
uses:lines are supported - Multiline YAML (
|,>) is not parsed - SHA-pinned actions are skipped
🔌 Pre-commit integration
repos:
- repo: https://github.com/<owner>/github-actions-version-check
rev: vX.Y.Z
hooks:
- id: github-actions-version-check
args: [--fix]
🗂 Cache
Stored in:
$XDG_CACHE_HOME/github_actions_version_check/github-api.json
Fallback:
~/.cache/github_actions_version_check/github-api.json
🛠 Development
uv sync
uv run pytest
uv run mypy
📄 License
MIT
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file github_actions_version_check-1.0.0.tar.gz.
File metadata
- Download URL: github_actions_version_check-1.0.0.tar.gz
- Upload date:
- Size: 33.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5d1b0763b765187af3675be30231afdf72085d89454117b3827670394acb7b4b
|
|
| MD5 |
cf965bb8a24c73daf4e755273475630b
|
|
| BLAKE2b-256 |
4c7f27df830e1b8681fc44ae347a654110bef4cde43ab3f36adb21cd00ee8d12
|
Provenance
The following attestation bundles were made for github_actions_version_check-1.0.0.tar.gz:
Publisher:
release-and-publish.yml on ilyachch/github-actions-version-check
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
github_actions_version_check-1.0.0.tar.gz -
Subject digest:
5d1b0763b765187af3675be30231afdf72085d89454117b3827670394acb7b4b - Sigstore transparency entry: 1397863003
- Sigstore integration time:
-
Permalink:
ilyachch/github-actions-version-check@91b74cd7248ca1c9c227b984928aadd2f1c4f15e -
Branch / Tag:
refs/heads/main - Owner: https://github.com/ilyachch
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-and-publish.yml@91b74cd7248ca1c9c227b984928aadd2f1c4f15e -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file github_actions_version_check-1.0.0-py3-none-any.whl.
File metadata
- Download URL: github_actions_version_check-1.0.0-py3-none-any.whl
- Upload date:
- Size: 13.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
97b04784ddb0bf2f17d413bcd9808f85919fa31361e525f3ef6f488ce69cf4da
|
|
| MD5 |
c9b16ccae8cfa87c7a6acc749a0da70d
|
|
| BLAKE2b-256 |
b08d921b2328e3e34e0e72e23998c5413d7f91b9c1e87a925f54c5c2a06b89a3
|
Provenance
The following attestation bundles were made for github_actions_version_check-1.0.0-py3-none-any.whl:
Publisher:
release-and-publish.yml on ilyachch/github-actions-version-check
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
github_actions_version_check-1.0.0-py3-none-any.whl -
Subject digest:
97b04784ddb0bf2f17d413bcd9808f85919fa31361e525f3ef6f488ce69cf4da - Sigstore transparency entry: 1397863047
- Sigstore integration time:
-
Permalink:
ilyachch/github-actions-version-check@91b74cd7248ca1c9c227b984928aadd2f1c4f15e -
Branch / Tag:
refs/heads/main - Owner: https://github.com/ilyachch
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release-and-publish.yml@91b74cd7248ca1c9c227b984928aadd2f1c4f15e -
Trigger Event:
workflow_dispatch
-
Statement type:
