github-actions-version-updater icon indicating copy to clipboard operation
github-actions-version-updater copied to clipboard

Published 20 hours ago verified publisher icon saadmk11

Feature Request: be able to scan actions defined within a composite actions

Open jdsantosadam opened this issue 2 years ago • 2 comments

Since composite actions are a alternative method to make the workflows more reusable, i think it would be good to add a way to check if the actions defined within have a new version.

Today, a composite action can be defined in two ways:

  • In a public repository Then, can be used in a workflow like another Github Action in the marketplace (ex: uses: actions/checkout@v3). For this case, the version updater will work without problems.

  • In a private repository For this case, you need to checkout the repo that contains the composite action using a PAT token. Then in the step, the action need be specified specified without the version (@x.x.x). The version of the composite action is determined by the ref input of the checkouted step of the composite action repo.

The problem is, in both cases, there is no way to check the versions of the actions used in the composite actions. Our projects uses a lot of these composite actions in the workflows. We used this approach because Github Actions does not support using reusable workflows from private repositores, only composite actions. There is a way to add this feature? Maybe scan the composite action file, instead of the workflow itself...

Thanks in advance.

jdsantosadam avatar Dec 15 '22 20:12 jdsantosadam

Can you please provide a sample/example workflow file of your use case?

saadmk11 avatar Dec 16 '22 08:12 saadmk11

I have an example:

# .github/actions/setup-poetry/action.yml (lines 1-25)
name: 'Setup Poetry'
description: 'Install and cache Poetry using pipx'
runs:
  using: "composite"
  steps:
    - name: Set pipx environment variables
      run: |
        echo "PIPX_HOME=${HOME}/.cache/pipx" >> $GITHUB_ENV
        echo "PIPX_BIN_DIR=${HOME}/.local/bin" >> $GITHUB_ENV
      shell: bash

    - name: Cache pipx poetry installation and binaries
      uses: actions/cache@v3
      with:
        path: |
          ${{ env.PIPX_HOME }}
          ${{ env.PIPX_BIN_DIR }}
        key: 1-${{ runner.os }}-pipx-poetry-${{ env.POETRY_VERSION }}

    - name: Install poetry
      run: |
        if ! pipx list | grep -q "package poetry ${{ env.POETRY_VERSION }}"; then
          pipx install poetry==${{ env.POETRY_VERSION }}
        fi
      shell: bash

This is then used like so:

# .github/workflows/lint.yml (lines 25-26)
- name: Setup Poetry
  uses: ./.github/actions/setup-poetry
  env:
     POETRY_VERSION: '1.6.1'

I've run github-actions-version-updater on my repo, but as you can see it didn't update actions/cache@v3.

Qu4tro avatar Oct 24 '23 18:10 Qu4tro