To enable automated, regular scans of GitHub Action workflows, it's possible to run Proaction as a GitHub Action itself. This will create automated pull requests to the repo where there are changes available.
To enable this, you'll need a Personal Access Token with
By default, the
GITHUB_TOKEN secret doesn't have the workflow scope and, as a result, cannot create pull requests to any files in the
To start, create a secret in the repo named
PROACTION_TOKEN and provide the Personal Access Token value created above. Then, create a file named
.github/workflows/proaction.yaml with the following content:
This workflow will run daily and create pull requests with any updates found.
All inputs are optional. It not set, sane defaults will be applied.
|A reference to the specific workflow file(s) to scan|