Metadata-Version: 2.4
Name: bump-ghw
Version: 0.1.0
Summary: CLI tool to mange your github workflow step versions
Keywords: github,version control,sha,actions
Author: CoderJoshDK
Author-email: CoderJoshDK <74162303+CoderJoshDK@users.noreply.github.com>
License-Expression: MIT
License-File: LICENSE
Classifier: Development Status :: 4 - Beta
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Dist: githubkit>=0.14.0
Requires-Dist: requests>=2.32.5
Requires-Dist: typer>=0.20.0
Requires-Python: >=3.11
Project-URL: Homepage, https://github.com/CoderJoshDK/bump-ghw
Project-URL: Issues, https://github.com/CoderJoshDK/bump-ghw/issues
Project-URL: Repository, https://github.com/CoderJoshDK/bump-ghw.git
Description-Content-Type: text/markdown

# bump-ghw

Bump your github workflow versions! An easy to use local CLI to update your github action
yamls.

## Usage

```sh
uvx bump-ghw --gh-token $(gh auth token)
```

The easiest way to use the CLI is to authenticate through
[gh](https://cli.github.com/manual/gh_auth_login) cli and then use that provided token. This token
will have all the permissions required for this tool.

You can use this CLI without a token, just expect to get quickly rate limited.

## Rational

We follow [best practices and only output the commit SHA](https://blog.rafaelgss.dev/why-you-should-pin-actions-by-commit-hash) for specific versions.

bump-ghw is useful for those repos that don't have systems to automatically update
dependencies. But if possible, use renovate!

## Roadmap

This CLI tool is very much a WIP. The following are things I plan to implement into this
tool.

- [ ] Ability to convert tag pins into SHA pins (but not update).
- [ ] Update to but ask to increment major version
- [ ] [Support docker sources](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#example-using-a-docker-hub-action)
- [ ] [Support actions in a subdirectory](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#example-using-a-public-action-in-a-subdirectory)

### Internal TODOs

- [ ] Drop githubkit dependency (way too overkill for this tool)
- [ ] Cache responses

### Things to investigate

- Update to latest that is more than `N` days old.
