Keeping your actions up to date with Dependabot

You can use Dependabot de GitHub to keep the actions you use updated to the latest versions.

About Actualizaciones de versión para el Dependabot de GitHub for actions

Actions are often updated with bug fixes and new features to make automated processes more reliable, faster, and safer. When you enable Actualizaciones de versión para el Dependabot de GitHub for GitHub Actions, Dependabot de GitHub will help ensure that references to actions in a repository's workflow.yml file are kept up to date. For each action in the file, Dependabot de GitHub checks the action's reference (typically a version number or commit identifier associated with the action) against the latest version. If a more recent version of the action is available, Dependabot de GitHub will send you a pull request that updates the reference in the workflow file to the latest version. For more information about Actualizaciones de versión para el Dependabot de GitHub, see "About Actualizaciones de versión para el Dependabot de GitHub." For more information about configuring workflows for GitHub Actions, see "Learn GitHub Actions."

Note: Workflow runs triggered by Dependabot de GitHub pull requests run as if they are from a forked repository, and therefore use a read-only GITHUB_TOKEN. These workflow runs cannot access any secrets. See "Keeping your GitHub Actions and workflows secure: Preventing pwn requests" for strategies to keep these workflows secure.

Enabling Actualizaciones de versión para el Dependabot de GitHub for actions

  1. Crea un archivo de configuración dependabot.yml. If you have already enabled Actualizaciones de versión para el Dependabot de GitHub for other ecosystems or package managers, simply open the existing dependabot.yml file.
  2. Specify "github-actions" as a package-ecosystem to monitor.
  3. Set the directory to "/" to check for workflow files in .github/workflows.
  4. Set a schedule.interval to specify how often to check for new versions.
  5. Revisa el archivo de configuración dependabot.yml en el directorio .github del repositorio. If you have edited an existing file, save your changes.

You can also enable Actualizaciones de versión para el Dependabot de GitHub on forks. For more information, see "Enabling and disabling version updates."

Example dependabot.yml file for GitHub Actions

The example dependabot.yml file below configures version updates for GitHub Actions. The directory must be set to "/" to check for workflow files in .github/workflows. The schedule.interval is set to "daily". After this file has been checked in or updated, Dependabot de GitHub checks for new versions of your actions. Dependabot de GitHub will raise pull requests for version updates for any outdated actions that it finds. After the initial version updates, Dependabot de GitHub will continue to check for outdated versions of actions once a day.

# Set update schedule for GitHub Actions

version: 2
updates:

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      # Check for updates to GitHub Actions every weekday
      interval: "daily"

Configuring Actualizaciones de versión para el Dependabot de GitHub for actions

When enabling Actualizaciones de versión para el Dependabot de GitHub for actions, you must specify values for package-ecosystem, directory, and schedule.interval. There are many more optional properties that you can set to further customize your version updates. For more information, see "Configuration options for dependency updates."

Further reading

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.