# Install actions-up with Homebrew

Tool to update GitHub Actions to latest versions with SHA pinning. Version 1.16.0 via Homebrew; verified 2026-07-03.

## Install

```sh
sudo av install brew:actions-up
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install actions-up
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:actions-up
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/actions-up>
- **Version:** 1.16.0
- **Source summary:** Tool to update GitHub Actions to latest versions with SHA pinning
- **Homepage:** <https://github.com/azat-io/actions-up>
- **Repository:** <https://github.com/azat-io/actions-up>
- **Upstream docs:** <https://github.com/azat-io/actions-up#readme>
- **License:** MIT
- **Source archive:** <https://registry.npmjs.org/actions-up/-/actions-up-1.16.0.tgz>
- **Last updated:** 2026-07-03T15:04:32Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- actions-up (cli)
- actions-up (alias)

## Dependencies

- node

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.16.0
- Package-manager updated: 2026-07-03
- Local data: ok
- Upstream repository: https://github.com/azat-io/actions-up
- info: No cached GitHub release or tag data was available.
## Project history and usage

Actions Up is an interactive CLI for finding newer GitHub Actions references in workflow and composite-action YAML, then updating them with SHA pinning by default.

### Project history

The project was created in August 2025 and released v0.1.0 the same day. Its README positions the tool around secure and reproducible CI by replacing mutable action tags with exact commit SHAs unless the user chooses to preserve tag-style references.

### Adoption history

The README supports quick npx use, global npm installation, per-project dev dependency installation, and Homebrew installation, which puts it in the common JavaScript CLI plus package-manager distribution pattern.

### How it is used

Actions Up scans .github/workflows, .github/actions, root action.yml/action.yaml files, and reusable workflow calls. Users can run interactive mode, --yes auto-update mode, --dry-run, --json report mode, recursive scans, custom directories, update modes, exclusions, and CI checks.

### Why package nerds care

It is notable in package-manager culture because it overlaps dependency-update bots while staying local and interactive: users can inspect updates, pin SHAs, and generate CI reports without adopting a hosted bot workflow.

### Timeline

- 2025: Repository created.
- 2025: v0.1.0 release published.
- 2026: v1.15.0 release published on June 29.

### Related projects

- The README compares Actions Up with Dependabot, Renovate, and pinact.

### Sources

- GitHub repository and releases API for creation and release chronology.
- Official README for project positioning, usage, install paths, and related tools.


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** actions-up
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [Developer build packages](https://www.automicvault.com/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [node](https://www.automicvault.com/pkg/brew/node/) - Runtime dependency declared by Homebrew.
- [gabo](https://www.automicvault.com/pkg/brew/gabo/) - Shares av.db curated category or tags: ci-cd, cli, developer-tools, github-actions.
- [actionlint](https://www.automicvault.com/pkg/brew/actionlint/) - Shares av.db curated category or tags: ci, ci-cd, cli, developer-tools, github-actions.
- [act](https://www.automicvault.com/pkg/brew/act/) - Shares av.db curated category or tags: ci-cd, cli, developer-tools, github-actions.
- [codecov-cli](https://www.automicvault.com/pkg/brew/codecov-cli/) - Shares av.db curated category or tags: ci, ci-cd, cli, developer-tools.
- [gama](https://www.automicvault.com/pkg/brew/gama/) - Shares av.db curated category or tags: ci-cd, cli, developer-tools, github-actions.
- [gitlab-ci-linter](https://www.automicvault.com/pkg/brew/gitlab-ci-linter/) - Shares av.db curated category or tags: ci, ci-cd, cli, developer-tools.
- [gitlab-ci-local](https://www.automicvault.com/pkg/brew/gitlab-ci-local/) - Shares av.db curated category or tags: ci, ci-cd, cli, developer-tools.
- [gitlab-runner](https://www.automicvault.com/pkg/brew/gitlab-runner/) - Shares av.db curated category or tags: ci, ci-cd, cli, developer-tools.
- [pinact](https://www.automicvault.com/pkg/brew/pinact/) - Local package facts share a topical domain. Shared terms: actions, ci, cli, dependency, developer.

## Combined YAML source

View the package source record on GitHub. [combined/actions-up.yml](https://github.com/automic-vault/db/blob/main/combined/actions-up.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
