Check Action Versions
Version updated for https://github.com/nerdalytics/check-action-versions to version v1.0.3.
- This action is used across all versions by 3 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The “Check Action Versions” GitHub Action automates the process of auditing and updating actions referenced in workflow files to ensure they use the latest strict-semver releases. It scans workflows, identifies outdated actions, and creates a tracking issue and pull request to update uses: references with the latest commit SHAs, ensuring compliance with SHA-pinning requirements. This action simplifies maintaining up-to-date dependencies and enhances workflow security and reliability.
What’s Changed
Docs
Full README overhaul. No behavior changes.
- Quickstart now SHA-pins the action itself, matching the form this action writes for every other entry in consumer workflow files and satisfying any repo or organization enforcing SHA-pinning on
uses:references. - Updating the pin: new dedicated section explaining how to resolve the commit SHA for the latest release (GitHub UI and
ghCLI one-liner). - GPG setup: complete caller-side YAML example. Notes that the GPG path is implemented but not yet validated end-to-end in production.
- Troubleshooting: headings now match real log output. New entry for the org-policy error (“Actions must be pinned to a full-length commit SHA”).
- Versioning: simplified to exact semver releases. The floating
v1tag has been retired; consumers should pin by commit SHA as described in Quickstart. - Removed the “Security design notes” section (the framing was confusing; the useful content is implicit elsewhere).
- Brand-voice pass throughout: shorter sentences, fewer em dashes, less marketing cadence.
Consumer impact
For repos already pinned to v1.0.2’s SHA: the next scheduled run of this action opens a PR rewriting the pin to v1.0.3’s SHA and comment. No manual action needed.
For new consumers: see Quickstart in the new README.