Important
This is a Proof of Concept (PoC) GitHub Action. Use at your own risk in production environments.
A GitHub Action that monitors and updates RHDH plugins in your RHDH GitOps repository. This action checks for new plugin versions and creates pull requests to keep your RHDH installation up to date.
- π Automatic Plugin Updates: Monitors RHDH plugin versions from the GitHub Container Registry
- π― Flexible PR Strategies: Create
separatePRs per plugin or a singlejointPR for all updates - π Safe Updates: Preserves YAML formatting and validates plugin definitions
- π GitOps Integration: Works seamlessly with GitOps-based RHDH deployments
- βοΈ Configurable: Customize PR limits, config paths, and update strategies
- π Detailed Logging: Optional verbose mode for debugging
Add this workflow to your GitOps repository at .github/workflows/update-rhdh-plugins.yaml:
name: Update RHDH Plugins
on:
schedule:
# Run daily at 2 AM UTC
- cron: "0 2 * * *"
workflow_dispatch:
jobs:
update-plugins:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "charts/rhdh/values.yaml"
github-token: ${{ secrets.GITHUB_TOKEN }}Create individual pull requests for each plugin update:
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "charts/rhdh/values.yaml"
github-token: ${{ secrets.GITHUB_TOKEN }}
update-pr-strategy: "separate"Create a single pull request containing all plugin updates:
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "charts/rhdh/values.yaml"
github-token: ${{ secrets.GITHUB_TOKEN }}
update-pr-strategy: "joint"If your dynamic plugins configuration is at a different YAML path:
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "dynamic-plugins.yaml"
config-location: "plugins.dynamic"
github-token: ${{ secrets.GITHUB_TOKEN }}Limit the number of pull requests created in a single run:
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "charts/rhdh/values.yaml"
github-token: ${{ secrets.GITHUB_TOKEN }}
update-pr-strategy: "separate"
pr-creation-limit: "3"For debugging or detailed information:
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "charts/rhdh/values.yaml"
github-token: ${{ secrets.GITHUB_TOKEN }}
verbose: "1"Specify custom tag prefixes to filter plugin versions:
- name: Update RHDH plugins
uses: thepetk/rhdh-plugin-gitops-updater@v1
with:
config-path: "charts/rhdh/values.yaml"
github-token: ${{ secrets.GITHUB_TOKEN }}
tag-prefixes: |
next__
v1__
stable__| Input | Description | Required | Default |
|---|---|---|---|
config-path |
Path to the dynamic plugins config YAML file (e.g., charts/rhdh/values.yaml) |
Yes | - |
config-location |
Location of the dynamic plugins config inside the YAML file | No | global.dynamic.plugins |
github-token |
GitHub token for API access and PR creation | Yes | - |
update-pr-strategy |
PR creation strategy: separate or joint |
No | separate |
pr-creation-limit |
Maximum number of PRs to create (0 for unlimited, only applies with separate strategy) |
No | 0 |
tag-prefixes |
Tag prefixes to consider when checking for plugin updates (newline-separated list) | No | next__ |
verbose |
Enable verbose logging (0 = normal, 1 = debug) | No | 0 |
- Discovery: The action reads your dynamic plugins configuration file and identifies all RHDH plugins
- Version Check: For each plugin, it queries the GitHub Container Registry for the latest version
- Comparison: Compares current versions with the latest available versions
- PR Creation: Creates pull requests based on your chosen strategy:
- Separate: One PR per plugin update
- Joint: Single PR with all updates
- Formatting Preservation: Updates are made via string replacement to preserve your YAML formatting
The action works with RHDH dynamic plugins defined in the following format:
global:
dynamic:
plugins:
- disabled: false
package: oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/backstage-plugin-name:next__1.0.0!backstage-plugin-name
- disabled: false
package: oci://ghcr.io/redhat-developer/rhdh-plugin-export-overlays/another-plugin:next__2.0.0!another-pluginThe action uses tag prefixes to filter which plugin versions to consider for updates. By default, it looks for tags with the next__ prefix (e.g., next__1.0.0). You can customize this behavior using the tag-prefixes input to match your versioning scheme.
The action supports dual versions to track two separate version components in a single tag. This is useful when you need to track both the RHDH plugin version and the underlying Backstage core version, for example.
Nested versions use double underscores (__) to separate the primary and secondary version components:
{prefix}__{primary_version}__{secondary_version}
Examples:
next__1.42.5__0.1.0- primary version:1.42.5, secondary version:0.1.0stable__2.10.15__1.5.3- primary version:2.10.15, secondary version:1.5.3
The action requires the following permissions:
jobs:
update-plugins:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
packages: read
steps:
# ...-
Clone the repository:
git clone https://github.com/thepetk/rhdh-plugin-gitops-updater.git cd rhdh-plugin-gitops-updater -
Install dependencies:
make install
-
Run tests:
make test -
Run linting:
make ruff
-
Run type checking:
make ty
You can run the updater script directly:
export GITHUB_TOKEN="your-token"
export GITHUB_REPOSITORY="owner/repo"
export DYNAMIC_PLUGINS_CONFIG_YAML_FILE_PATH="charts/rhdh/values.yaml"
export UPDATE_PR_STRATEGY="separate"
uv run main.pyContributions are welcome! Please feel free to submit a Pull Request or open an issue you may have noticed.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.