This Python script checks for outdated GitHub Actions in your GitHub Enterprise or organization using Actions reports generated by stoe/action-reporting-cli.
- Python 3
requests
library (install withpip3 install requests
)- JSON reports generated by stoe/action-reporting-cli
# Generate Actions reports containing all Actions used in your GitHub Enterprise or organization
npx @stoe/action-reporting-cli -e <myEnterprise> -t <token> --uses --unique=true --json report.json
# OR
npx @stoe/action-reporting-cli -o <myOrg> -t <token> --uses --unique=true --json report.json
# Process reports generated by action-reporting-cli
python3 actions-version-check.py -e <myEnterprise>
# OR
python3 actions-version-check.py -o <myOrg>
# Read generated CSV file
cat actions-version-check_<timestamp>.csv
# Read generated JSON file
cat actions-version-check_<timestamp>.json | jq
# Read generated text file with unused allowed actions patterns, if `-o` or `-e` is used
# Note that if you have allowed actions patterns defined on Enterprise level, all orgs will have the same patterns
cat unused-allowed-actions-patterns_myEnterprise_<timestamp>.txt
# OR
cat unused-allowed-actions-patterns_myOrg_<timestamp>.txt
-r, --report
: Path toreport.json
generated by stoe/action-reporting-cli. Default isreport.json
.-ru, --report-unique
: Path toreport-unique.json
generated by stoe/action-reporting-cli. Default isreport-unique.json
.-c, --csv
: Path to CSV file to write the results to. Default isactions-version-check_<timestamp>.csv
.-j, --json
: Path to JSON file to write the results to. Default isactions-version-check_<timestamp>.json
.-ar, --allowed-actions-report
: Path to text file containing allowed actions patterns that appear to not match any action usage. Default isunused-allowed-actions-patterns_<timestamp>.txt
.-u, --include-up-to-date
: Include actions that are not used anywhere in outdated versions in the report.-e, --enterprise
: Compare used actions to actions allowed in GitHub Enterprise<enterprise slug>
to identify unused allowed actions patterns, requires token with admin:enterprise scope in env varACTIONS_VERSION_CHECK_TOKEN
.-o, --org
: Compare used actions to actions allowed in GitHub organization<org name>
to identify unused allowed actions patterns, requires token with admin:org scope in env varACTIONS_VERSION_CHECK_TOKEN
.
ACTIONS_VERSION_CHECK_TOKEN
: Token withadmin:enterprise
oradmin:org
scope for comparing allowed actions. (Required if-e
or-o
is used.)