Skip to content

Enhancement: Automate GitHub Actions dependency updates #12

New issue
New issue
Open
Task
Open
Enhancement: Automate GitHub Actions dependency updates#12
Task
Assignees
warengonzaga
Labels
dependenciesAutomated dependency updates (PRs)deploymentDeployment and infrastructure-related (Issues/PRs)maintainerMaintainer expertise required (Issues/PRs)security-improvementSecurity improvements (Issues/PRs)
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Dec 13, 2025

Context

Currently, the action uses semantic version tags for external GitHub Actions dependencies (e.g., aquasecurity/trivy-action@0.33.1, docker/build-push-action@v5).

Enhancement Goal

Explore and implement automated tooling to keep GitHub Actions dependencies up to date, considering:

  • Dependabot: Native GitHub solution for dependency updates
  • Renovate: Third-party option with advanced configuration capabilities

Both tools can be configured to:

  • Automatically detect outdated action versions
  • Open pull requests with updates
  • Optionally pin to commit SHAs for enhanced supply-chain security

Background

This enhancement was identified during security scanning feature development to improve long-term maintainability and security posture of the action's dependencies.

References

Priority

Low - future enhancement; timing to be determined by maintainer.

Metadata

Metadata

Assignees

Labels

dependenciesAutomated dependency updates (PRs)deploymentDeployment and infrastructure-related (Issues/PRs)maintainerMaintainer expertise required (Issues/PRs)security-improvementSecurity improvements (Issues/PRs)

Type

Task

Projects

Workbench

Status

Ready

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions