A GitHub action that monitors a list of PHP extensions and opens PRs if newer versions exist. Monitors a dependencies.yml file that defines the current (known) tags and the (GitHub) repository and will check to see if updates are available.
Optionally, this can be used to also update version variables declared in a bash script based on those versions that are updated in dependencies.yml. Currently, an example of the expected syntax can be found in ./fixtures/PHP_EXTENSION_VERSIONS.
Required The path to your dependencies.yml file. A valid dependencies.yml file is required and the action expects that you define the path to the file.
An optional additional file to update version numbers on based on updated versions in dependencies.yml. See ./fixtures/PHP_EXTENSION_VERSIONS for a current example of a valid output-file. In the future, additional use cases may be added.
The name of default branch of the repository running the GitHub Action. Defaults to main -- if your repository is using master or some other pattern for the repository's default branch, you must define this value.
Whether to run the action without actually pushing any changes to the repository. If left at the default (false), a PR will be created. If you would like to evaluate the output of the changes first, you can run the script with dry-run set to true and you will see output similar this test run
A full example yml file is illustrated below:
name: Package Updater
on:
schedule:
- cron: '0 * * * *'
permissions:
contents: write
pull-requests: write
jobs:
updater:
runs-on: ubuntu-latest
name: Run Package Updater
steps:
- uses: actions/checkout@v4
- uses: pantheon-systems/action-package-updater@v1
with:
dependencies-yml: ./dependencies.ymlThis action is designed to be run on a cron schedule. In the example above, we're running the action once daily at midnight. For more information about the schedule trigger, refer to the Events that trigger workflows documentation.
The dependencies.yml file expects a specific schema and validates that schema as part of the action run. An example dependencies.yml file can be referenced below:
dependencies:
yq:
current_tag: v4.34.2
repo: mikefarah/yq
pr_note: "This note will be appended to any new pull request."
The current_tag value will be updated as part of the action and must match how those tags or releases exist in the repository. Similarly, a repository with the <author>/<project> defined in the repo field must already exist.
The action updater checks GitHub by default, which works if the GH release exists and is mirrored wherever you're sourcing your PHP extensions from. However, if you're sourcing from PECL, you can use the optional source key in dependencies.yml to explicitly check the PECL API. When sourcing from PECL, the vendor name in the repo is not used (since the vendor is PECL).
dependencies:
imagick:
current_tag: 3.5.1
repo: imagick
source: peclCurrently, the action supports GitHub and PECL projects exclusively. In the future, we may add support for additional sources.