Note: GitHub Dependabot version updates are currently in beta and subject to change. To use the beta feature, check in a configuration file to tell GitHub Dependabot which dependencies to maintain for you. For details, see "Enabling and disabling version updates."
Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable GitHub Dependabot version updates for GitHub Actions, GitHub Dependabot will help ensure that references to actions in a repository's workflow.yml file are kept up to date. For each action in the file, Dependabot checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, Dependabot will send you a pull request that updates the reference in the workflow file to the latest version. For more information about GitHub Dependabot version updates, see "About GitHub Dependabot." For more information about configuring workflows for GitHub Actions, see "Configuring a workflow."
- Create a dependabot.yml configuration file. If you have already enabled GitHub Dependabot version updates for other ecosystems or package managers, simply open the existing dependabot.yml file.
- Set the
"/"to check for workflow files in
- Set a
schedule.intervalto specify how often to check for new versions.
- Check the dependabot.yml configuration file in to the
.githubdirectory of the repository. If you have edited an existing file, save your changes.
You can also enable GitHub Dependabot version updates on forks. For more information, see "Enabling and disabling version updates."
The example dependabot.yml file below configures version updates for GitHub Actions. The
directory must be set to
"/" to check for workflow files in
schedule.interval is set to
"daily". After this file has been checked in or updated, GitHub Dependabot checks for new versions of your actions. Dependabot will raise pull requests for version updates for any outdated actions that it finds. After the initial version updates, Dependabot will continue to check for outdated versions of actions once a day.
# Set update schedule for GitHub Actions version: 2 updates: - package-ecosystem: "github-actions" directory: "/" schedule: # Check for updates to GitHub Actions every weekday interval: "daily"
When enabling GitHub Dependabot version updates for actions, you must specify values for
schedule.interval. There are many more optional properties that you can set to further customize your version updates. For more information, see "Configuration options for dependency updates."