GitHub Actions Version Checker
Spot outdated uses: references in your GitHub Actions files without leaving the editor, and bump them with a single click.

What it does
The extension reads the uses: lines in your workflows and composite actions, asks GitHub for the latest release, and marks anything that has fallen behind. A quick fix rewrites the version for you.
- Checks
.github/workflows/*.yml and composite action files (action.yml)
- Re-checks whenever you open or save a file
- Updates to the latest major (
v4) or exact (v4.1.2) tag from the lightbulb menu
- Resolves SHA-pinned actions back to their version when a token is set
Outdated references get a yellow warning; ones already on the latest get a green check.
Installing
Search for "GitHub Actions Version Checker" in the VS Code Marketplace, or run:
ext install nx10.gha-version-checker
GitHub token (optional)
GitHub allows 60 unauthenticated API requests an hour, which is usually fine for a quick look. A token bumps that to 5,000 an hour, and it's needed to check SHA-pinned actions, since resolving a pin means listing the repo's tags.
Run GitHub Actions Version Checker: Set GitHub Token and paste a personal access token. It doesn't need any scopes (generate one here). The token goes into your OS keychain through VS Code's SecretStorage, not your settings file.
What gets checked
| Reference |
Behaviour |
v4 |
compared against the latest major |
v4.1.2 |
compared against the latest release |
| 40-character SHA |
resolved to its tag, then compared (needs a token) |
main or other branches |
left alone |
Commands
Available from the command palette:
| Command |
What it does |
| Check Versions |
re-check the active file |
| Set GitHub Token |
store a token in the OS keychain |
| Clear GitHub Token |
remove the stored token |
License
MIT