Update GitHub Actions to latest versions or use versionRef.
dotgithub update [orgRepoRef] [options]The update command updates tracked GitHub Actions to newer versions. You can update all actions at once or specify a particular action to update. The command resolves version references to specific commit SHAs for reproducibility.
[orgRepoRef]- GitHub repository reference (e.g.,actions/checkout). If not provided, updates all actions
--output <outputDir>- Output directory for generated TypeScript files (uses config default if not specified)-t, --token <token>- GitHub token (overrides env GITHUB_TOKEN)--latest- Use the latest git tag with semver parsing instead of versionRef--no-sha- Use the original ref instead of resolving to SHA
dotgithub updateUpdates all tracked actions to their latest versions based on their versionRef.
dotgithub update actions/checkoutUpdates only the checkout action to its latest version.
dotgithub update actions/checkout --latestUpdates to the latest available version, ignoring the stored versionRef.
dotgithub update actions/checkout --no-shaUpdates the version reference but doesn't resolve to a specific commit SHA.
dotgithub update --output ./custom-actionsUpdates actions and outputs to a custom directory.
- Identifies actions - Finds actions to update (all or specific)
- Resolves versions - Determines the latest version based on versionRef or --latest
- Downloads metadata - Fetches updated action.yml files
- Regenerates files - Creates new TypeScript files with updated types
- Updates configuration - Saves new version references and SHAs
The command uses different strategies for version resolution:
- Follows the stored versionRef pattern (e.g.,
v4→v4.1.2) - Maintains semantic versioning compatibility
- Preserves major version boundaries
- Finds the absolute latest version available
- Ignores versionRef constraints
- May include breaking changes
dotgithub update- Updates within versionRef constraints
- Maintains compatibility
- Safe for production use
dotgithub update --latest- Updates to absolute latest
- May include breaking changes
- Requires testing
dotgithub update actions/checkout- Updates only specific actions
- Allows gradual migration
- Reduces risk
The command shows detailed update information:
✅ Successfully updated 2 action(s):
actions/checkout: v4.1.0 → v4.1.1
Generated: src/actions/actions/checkout.ts
actions/setup-node: v4.0.0 → v4.1.0
Generated: src/actions/actions/setup-node.ts
The command handles various error scenarios:
If some actions fail to update:
✅ Successfully updated 1 action(s):
actions/checkout: v4.1.0 → v4.1.1
❌ Failed to update 1 action(s):
actions/invalid-action: Repository not found
No actions needed updating.
Requires GitHub token for:
- Accessing private repositories
- Higher rate limits
- Resolving version references
Set via:
- Environment variable:
GITHUB_TOKEN - Command option:
--token <token>
- Test after updates - Verify workflows still work
- Update incrementally - Update one action at a time for major changes
- Use version control - Commit changes after successful updates
- Monitor breaking changes - Check action changelogs for breaking changes
- Backup before major updates - Use
--latestcarefully
Use this command to:
- Security updates - Get latest security patches
- Bug fixes - Receive bug fixes and improvements
- Feature updates - Access new functionality
- Maintenance - Keep dependencies current
- Compatibility - Update for new GitHub Actions features
- dotgithub list - See current versions
- dotgithub add - Add new actions
- dotgithub remove - Remove outdated actions
- dotgithub regenerate - Regenerate without updating
- dotgithub add - Add GitHub Actions to your project
- dotgithub list - List tracked actions
- dotgithub remove - Remove actions from tracking
- Configuration Guide - Understanding dotgithub.json