fix: adhering to new script convention

Author: dotkas

.gitignore

@@ -1,3 +1,4 @@
 .idea/
 .DS_Store
 .venv/
+*.pyc

actions/README.md

@@ -0,0 +1,60 @@
+# Update GitHub Actions :arrows_counterclockwise:
+
+This GitHub Action scans `.github` workflows, finds `uses:` entries that match configured prefixes, compares them to the
+latest GitHub releases, and updates them when newer versions exist.
+
+## :rocket: Usage
+
+```yaml
+name: Update GitHub Actions
+on:
+  schedule:
+    - cron: '0 2 * * 1'
+  workflow_dispatch:
+
+jobs:
+  update-actions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Update GitHub Actions
+        uses: alchemaxinc/update-deps/actions@v1
+        with:
+          token: ${{ github.token }}
+          base-branch: 'main'
+          branch-prefix: 'update-actions'
+          pr-title: 'Update GitHub Actions'
+          commit-message: 'Update GitHub Actions'
+          file-glob: '.github/**/*.yml'
+          prefixes: 'actions'
+```
+
+## :computer: Local CLI
+
+```bash
+python cli.py --root /path/to/repo --file-glob '.github/**/*.yml' --prefixes 'actions'
+```
+
+## :gear: Inputs
+
+| Input            | Description                                         | Required           | Default                 |
+|------------------|-----------------------------------------------------|--------------------|-------------------------|
+| `base-branch`    | Base branch for the pull request                    | :white_check_mark: | `main`                  |
+| `token`          | GitHub token for authentication                     | :x:                | `${{ github.token }}`   |
+| `branch-prefix`  | Prefix for the update branch                        | :x:                | `update-actions`        |
+| `pr-title`       | Title for the pull request                          | :x:                | `Update GitHub Actions` |
+| `commit-message` | Commit message for the update                       | :x:                | `Update GitHub Actions` |
+| `file-glob`      | Glob for workflow files (relative to repo root)     | :x:                | `.github/**/*.yml`      |
+| `prefixes`       | Comma-separated list of action prefixes to include  | :x:                | `actions`               |
+| `auto-merge`     | Wether automatic merge should be enabled for the PR | :x:                | `false`                 |
+
+## :warning: Prerequisites
+
+- Workflow files must be under `.github` and match the configured `file-glob`
+- The action requires write permissions to create branches and pull requests
+- GitHub CLI must be available in the runner environment
+
+## :test_tube: Tests
+
+```bash
+python -m unittest discover -s tests
+```

actions/action.yml

@@ -0,0 +1,121 @@
+name: 'Update GitHub Actions'
+
+description: 'Update GitHub Actions used in .github workflow files'
+
+inputs:
+  token:
+    required: false
+    description: 'GitHub token'
+    default: ${{ github.token }}
+
+  base-branch:
+    required: true
+    description: 'Base branch for PR'
+    default: 'main'
+
+  branch-prefix:
+    required: false
+    description: 'Branch prefix'
+    default: 'update-actions'
+
+  pr-title:
+    required: false
+    description: 'Title for the pull request'
+    default: 'Update GitHub Actions'
+
+  commit-message:
+    required: false
+    description: 'The commit message for the update'
+    default: 'Update GitHub Actions'
+
+  file-glob:
+    required: false
+    description: 'Glob for workflow files (relative to repo root)'
+    default: '.github/**/*.yml'
+
+  prefixes:
+    required: false
+    description: 'Comma-separated list of action prefixes to include'
+    default: 'actions'
+
+  auto-merge:
+    required: false
+    description: 'Whether a successful PR should be automatically merged'
+    default: 'false'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout and setup
+      uses: alchemaxinc/composite-toolbox/checkout-and-setup@v1
+      with:
+        token: ${{ inputs.token }}
+
+    - name: Setup Python
+      uses: actions/setup-python@v5
+      env:
+        PYTHON_VERSION: '3.14'
+      with:
+        python-version: ${{ env.PYTHON_VERSION }}
+        cache-dependency-path: ${{ github.action_path }}/requirements.txt
+
+    - name: Install dependencies
+      shell: bash
+      run: python -m pip install -r ${{ github.action_path }}/requirements.txt
+
+    - name: Update action versions
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.token }}
+      run: |
+        python ${{ github.action_path }}/cli.py \
+          --root "$GITHUB_WORKSPACE" \
+          --file-glob "${{ inputs.file-glob }}" \
+          --prefixes "${{ inputs.prefixes }}"
+
+    - name: Check for changes
+      id: check_changes
+      uses: alchemaxinc/composite-toolbox/check-changes@v1
+      with:
+        files: '.github'
+
+    - name: Create Pull Request
+      id: open-pr
+      if: steps.check_changes.outputs.has_changes == 'true'
+      uses: alchemaxinc/composite-toolbox/create-pr@v1
+      with:
+        token: ${{ inputs.token }}
+        base-branch: ${{ inputs.base-branch }}
+        branch-prefix: ${{ inputs.branch-prefix }}
+        files: '.github'
+        commit-message: ${{ inputs.commit-message }}
+        pr-title: ${{ inputs.pr-title }}
+        pr-body: |
+          # :arrows_counterclockwise: GitHub Actions Update
+
+          This pull request automatically updates GitHub Actions used in `.github` workflows.
+
+          ## :warning: Important Notes
+
+          - :robot: This PR was **automatically generated**
+          - :mag: Please **review all changes** carefully before merging
+          - :test_tube: Ensure all tests pass and functionality works as expected
+          - :books: Check for any breaking changes or release notes for updated actions
+
+          ## :rocket: Next Steps
+
+          1. Review the action changes above
+          2. Run tests locally or wait for CI/CD to complete
+          3. Merge when everything looks good!
+
+          ---
+
+          *Generated by the GitHub Actions Update action* :sparkles:
+
+    - name: Auto-merge Pull Request
+      if: inputs.auto-merge == 'true' && steps.open-pr.outcome == 'success'
+      uses: alchemaxinc/composite-toolbox/merge-pr@v1
+      with:
+        token: ${{ inputs.token }}
+        merge-method: 'squash'
+        pull-request-number: ${{ steps.open-pr.outputs.pr_number }}

actions/cli.py

@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+import argparse
+import os
+from pathlib import Path
+
+from update_actions.updater import update_actions
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(
+        description="Update GitHub Action uses entries to latest releases."
+    )
+    parser.add_argument(
+        "--root",
+        default=os.environ.get("GITHUB_WORKSPACE", "."),
+        help="Repository root to scan (default: GITHUB_WORKSPACE or .)",
+    )
+    parser.add_argument(
+        "--file-glob",
+        default=".github/**/*.yml",
+        help="Glob (relative to root) for workflow files.",
+    )
+    parser.add_argument(
+        "--prefixes",
+        default="actions",
+        help="Comma-separated list of action prefixes to include.",
+    )
+    parser.add_argument(
+        "--dry-run",
+        action="store_true",
+        help="Print planned updates without modifying files.",
+    )
+    return parser.parse_args()
+
+
+def main() -> int:
+    args = parse_args()
+    root = Path(args.root).resolve()
+    prefixes = [p.strip() for p in args.prefixes.split(",") if p.strip()]
+    return update_actions(
+        root=root,
+        file_glob=args.file_glob,
+        prefixes=prefixes,
+        dry_run=args.dry_run,
+    )
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

actions/requirements.txt

@@ -0,0 +1,2 @@
+PyYAML==6.0.1
+semver==3.0.2

actions/tests/test_github_api.py

@@ -0,0 +1,28 @@
+import unittest
+from unittest import mock
+
+from update_actions import github_api
+
+
+class TestGithubApi(unittest.TestCase):
+    def test_fetch_release_tags_filters_prerelease(self):
+        completed = mock.Mock()
+        completed.returncode = 0
+        completed.stdout = "v1\tfalse\nv2\ttrue\n1.2.3\tfalse\n"
+        completed.stderr = ""
+        with mock.patch("subprocess.run", return_value=completed) as run:
+            tags = github_api.fetch_release_tags("actions/checkout")
+        run.assert_called_once()
+        self.assertEqual(tags, ["v1", "1.2.3"])
+
+    def test_fetch_release_tags_handles_error(self):
+        completed = mock.Mock()
+        completed.returncode = 1
+        completed.stdout = ""
+        completed.stderr = "boom"
+        with mock.patch("subprocess.run", return_value=completed):
+            self.assertEqual(github_api.fetch_release_tags("actions/checkout"), [])
+
+
+if __name__ == "__main__":
+    unittest.main()

actions/tests/test_scanner.py

@@ -0,0 +1,57 @@
+import tempfile
+import unittest
+from pathlib import Path
+
+from update_actions import scanner
+
+
+class TestScanner(unittest.TestCase):
+    def test_find_uses_nested(self):
+        data = {
+            "jobs": {
+                "build": {
+                    "steps": [
+                        {"uses": "actions/checkout@v4"},
+                        {"run": "echo hi"},
+                    ],
+                    "other": [{"steps": [{"uses": "actions/cache@v3"}]}],
+                }
+            }
+        }
+        self.assertEqual(
+            scanner.find_uses(data),
+            ["actions/checkout@v4", "actions/cache@v3"],
+        )
+
+    def test_find_uses_in_file_invalid_yaml(self):
+        with tempfile.TemporaryDirectory() as tmpdir:
+            path = Path(tmpdir) / "bad.yml"
+            path.write_text(":::not yaml", encoding="utf-8")
+            uses, text = scanner.find_uses_in_file(path)
+            self.assertEqual(uses, [])
+            self.assertEqual(text, ":::not yaml")
+
+    def test_apply_updates(self):
+        text = """
+        steps:
+          - uses: actions/checkout@v3
+          - uses: org/tool@1.2.3 # comment
+        """
+        upgrades = {("actions/checkout", "v3"): "v4"}
+        updated = scanner.apply_updates(text, upgrades)
+        self.assertIn("actions/checkout@v4", updated)
+        self.assertIn("org/tool@1.2.3", updated)
+
+    def test_collect_workflow_files(self):
+        with tempfile.TemporaryDirectory() as tmpdir:
+            root = Path(tmpdir)
+            (root / ".github/workflows").mkdir(parents=True)
+
+            target = root / ".github/workflows" / "ci.yml"
+            target.write_text("name: ci", encoding="utf-8")
+            files = scanner.collect_workflow_files(root, ".github/**/*.yml")
+            self.assertEqual(files, [target])
+
+
+if __name__ == "__main__":
+    unittest.main()

actions/tests/test_updater.py

@@ -0,0 +1,69 @@
+import tempfile
+import unittest
+from pathlib import Path
+from unittest import mock
+
+from update_actions import updater
+
+
+class TestUpdater(unittest.TestCase):
+    def test_update_actions_writes_updates(self):
+        with tempfile.TemporaryDirectory() as tmpdir:
+            root = Path(tmpdir)
+            workflow_dir = root / ".github/workflows"
+            workflow_dir.mkdir(parents=True)
+            workflow = workflow_dir / "ci.yml"
+            workflow.write_text(
+                """
+                jobs:
+                  build:
+                    steps:
+                      - uses: actions/checkout@v3
+                """,
+                encoding="utf-8",
+            )
+
+            with mock.patch(
+                "update_actions.updater.fetch_release_tags",
+                return_value=["v2", "v4"],
+            ):
+                updater.update_actions(
+                    root=root,
+                    file_glob=".github/**/*.yml",
+                    prefixes=["actions"],
+                    dry_run=False,
+                )
+
+            updated = workflow.read_text(encoding="utf-8")
+            self.assertIn("actions/checkout@v4", updated)
+
+    def test_update_actions_dry_run_no_write(self):
+        with tempfile.TemporaryDirectory() as tmpdir:
+            root = Path(tmpdir)
+            workflow_dir = root / ".github/workflows"
+            workflow_dir.mkdir(parents=True)
+            workflow = workflow_dir / "ci.yml"
+            original = """
+            jobs:
+              build:
+                steps:
+                  - uses: actions/checkout@v3
+            """
+            workflow.write_text(original, encoding="utf-8")
+
+            with mock.patch(
+                "update_actions.updater.fetch_release_tags",
+                return_value=["v4"],
+            ):
+                updater.update_actions(
+                    root=root,
+                    file_glob=".github/**/*.yml",
+                    prefixes=["actions"],
+                    dry_run=True,
+                )
+
+            self.assertEqual(workflow.read_text(encoding="utf-8"), original)
+
+
+if __name__ == "__main__":
+    unittest.main()