README
ΒΆ
= Updatecli
image:https://www.updatecli.io/images/updatecli.png[alt=Updatecli,float="right",align="center",width=200,height=200]
link:https://matrix.to/#/#Updatecli_community:gitter.im[image:https://img.shields.io/matrix/updatecli:matrix.org[]]
link:https://github.com/updatecli/updatecli/blob/main/LICENSE[image:https://img.shields.io/github/license/updatecli/updatecli[GitHub]]
link:https://goreportcard.com/report/github.com/updatecli/updatecli[image:https://goreportcard.com/badge/github.com/updatecli/updatecli[Go Report Card]]
link:https://github.com/updatecli/updatecli/releases[image:https://img.shields.io/github/downloads/updatecli/updatecli/total[GitHub Releases]]
link:https://github.com/updatecli/updatecli/releases[image:https://img.shields.io/github/downloads/updatecli/updatecli/latest/total[GitHub Releases]]
link:https://img.shields.io/github/actions/workflow/status/updatecli/updatecli/go.yaml?branch=main[image:https://img.shields.io/github/actions/workflow/status/updatecli/updatecli/go.yaml?branch=main[GitHub Workflow Status]]
link:https://api.securityscorecards.dev/projects/github.com/updatecli/updatecli[image:https://api.securityscorecards.dev/projects/github.com/updatecli/updatecli/badge[OpenSSF Scorecard]]
link:https://bestpractices.coreinfrastructure.org/projects/6731[image:https://bestpractices.coreinfrastructure.org/projects/6731/badge[OpenSSF Best Practices]]
_"Automatically open a PR on your Git repository when a file update is needed"_
Updatecli is a universal declarative update policy engine. Designed to be used from everywhere, each Updatecli "run" detects if a file needs to be updated using a tailored update policy then apply changes.
You describe your update strategy in a policy then you enforce it using Updatecli.
Every Updatecli policy is a YAML (or Go template) file that runs through three stages:
1. *Sources* β Fetch the new value to apply (e.g. latest Docker image tag, newest Helm chart version, latest GitHub release).
2. *Conditions* β Verify that all prerequisites are met before making any change (optional but recommended).
3. *Targets* β Apply the change to the right file or service, and open a pull request if an SCM is configured.
== What Can You Update?
Updatecli ships with 30+ built-in integrations. Here are the most common scenarios:
* π *File formats* β
Update values in YAML, JSON, TOML, XML, HCL, CSV, Dockerfiles, and `.tool-versions` files,
or any text file with pattern matching.
* π³ *Container images* β
Track Docker image tags and digests from Docker Hub or any OCI-compliant registry.
* π¦ *Package registries* β
Helm charts (including OCI), npm, PyPI, Maven, Cargo (Rust crates), Go modules,
and Terraform providers/modules.
* π·οΈ *Git & releases* β
GitHub/GitLab releases, Git tags and branches.
* β *Languages & runtimes* β
Jenkins LTS/weekly releases, Eclipse Temurin (JDK), Go language versions,
Bazel modules and registry.
* βοΈ *Cloud* β
AWS AMIs.
* π§ *Custom logic* β
Shell scripts and HTTP endpoints, for anything not covered above.
Find the full list and documentation on link:https://www.updatecli.io/docs/prologue/introduction/[www.updatecli.io].
== Feature
[cols="1,1,3,1", options="header"]
|===
| SCM Platform | Supported | Capabilities | Plugin
| GitHub
| β
| Clone, branch, commit, push, Pull Requests, releases
| `github`
| GitLab
| β
| Clone, branch, commit, push, Merge Requests, releases
| `gitlab`
| Gitea
| β
| Clone, branch, commit, push, Pull Requests, releases
| `gitea`
| Forgejo
| β
| Compatible through Gitea API support
| `gitea`
| Bitbucket Cloud
| β
| Clone, branch, commit, push, Pull Requests
| `bitbucket`
| Bitbucket Server / Stash
| β
| Clone, branch, commit, push, Pull Requests
| `stash`
| Azure DevOps
| β
| Clone, branch, commit, push, Pull Requests
| `azuredevops`
| Generic Git Repository
| β
| Clone, branch, commit, push
| `git`
|===
* *Declarative* β Define your update policy once in YAML; Updatecli handles detection and application.
* *30+ integrations* β Docker, Helm, GitHub releases, npm, PyPI, Terraform, AWS AMIs, and more β out of the box.
* *Any CI/CD* β Runs as a single binary. Drop it into GitHub Actions, Jenkins, GitLab CI, or any shell.
* *Safe by default* β Use `--dry-run` to preview every change before it is applied.
* *Extensible* β Add custom logic via shell scripts or HTTP, or contribute a new Go plugin.
== Why
There are already many projects out there to continuously update your files, but they all have an opinionated way of doing it and they often want you to adopt a new platform.
Building and distributing software is a difficult task and good practices constantly evolve.
Updatecli was built to work independently of the underlying dependencies to update, wherever you need it and combining whatever workflow you are using, as you can see in the following section.
== Demo
link:https://asciinema.org/a/CR5DIxyTLnvtt8NllEeYAx83U[image:https://asciinema.org/a/CR5DIxyTLnvtt8NllEeYAx83U.svg[Asciinema]]
**The Quick-start is available on link:https://www.updatecli.io/docs/prologue/quick-start/[www.updatecli.io/docs/prologue/quick-start]**
== Installation
Updatecli is a Go binary available for Linux, MacOS and Windows from the link:https://github.com/updatecli/updatecli/releases[release page] or installed via link:https://www.updatecli.io/docs/prologue/installation/[other methods].
**Verify File Checksum Signature**
Instead of signing all release assets, Updatecli signs the checksums file containing the different release assets checksum.
You can download/copy the three files 'checksums.txt.sig' and 'checksums.txt' from the latest https://github.com/updatecli/updatecli/releases/latest[release].
Once you have the three files locally, you can execute the following command
```
cosign verify-blob --certificate-identity-regexp "https://github.com/updatecli/updatecli" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' --bundle checksums.txt.sig checksums.txt
```
A successful output looks like
```
Verified OK
```
Now you can verify the assets checksum integrity.
**Verify File Checksum Integrity**
Before verifying the file integrity, you should first verify the checksum file signature.
Once you've download both the checksums.txt and your binary, you can verify the integrity of your file by running:
```
sha256sum --ignore-missing -c checksums.txt
```
**Verify Container signature**
```
cosign verify --certificate-identity-regexp "https://github.com/updatecli/updatecli" --certificate-oidc-issuer "https://token.actions.githubusercontent.com" ghcr.io/updatecli/updatecli:v0.116.3
```
== Documentation
The documentation of Updatecli is available at link:https://www.updatecli.io/docs/prologue/introduction/[www.updatecli.io], but you can also look at the `examples` section to get an overview.
=== Example
This example is copy of the quickstart. You can also find it on link:https://www.updatecli.io/docs/prologue/quick-start/[www.updatecli.io/docs/prologue/quick-start]
We define an update strategy in "updatecli.yaml" then we run `updatecli apply --config updatecli.yaml`.
Our objective is to know if the Jenkins project published a new stable version, if they build an appropriated docker image specifically for jdk11 and automatically update our infrastructure accordingly.
[cols="2a,2a"]
|===
|```
## updatecli.yaml
name: Update Jenkins Version
scms:
default:
kind: github
spec:
user: olblak
email: me@olblak.com
owner: olblak
repository: charts
token: mySecretTokenWhichShouldNeverUsedThisWay
username: olblak
branch: main
sources:
jenkins:
name: Get latest Jenkins version
kind: jenkins
spec:
release: weekly
conditions:
docker:
name: "Test if Docker Image jenkins/jenkins is Published on DockerHub"
kind: dockerimage
spec:
image: jenkins/jenkins
architecture: amd64
targets:
bumpJenkins:
name: Update values.yaml to the latest Jenkins version
scmID: default
kind: yaml
spec:
file: charts/jenkins/values.yaml
key: $.jenkins.controller.imageTag
actions:
default:
title: Open a GitHub pull request with new Jenkins version
kind: github/pullrequest
scmID: default
target:
- bumpJenkins
spec:
automerge: true
mergemethod: squash
labels:
- dependencies
```
|What it says:
. Sources: +
What's the latest jenkins weekly version? +
=> 2.335 +
. Conditions: +
Is there a docker image "jenkins/jenkins" from Dockerhub with the tag "2.335" +
=> Yes then proceed otherwise abort +
. Targets: +
Do we have to update the key "jenkins.controller.imageTag" from file "./charts/jenkins/values.yaml" located on the GitHub repository olblak/charts to "2.335"? +
=> If yes then execute the action `default` opening a GitHub pull request to the "main" branch
|===
More information link:https://www.updatecli.io/docs/prologue/introduction/[here]
---
== Roadmap
We use the GitHub milestone link:https://github.com/updatecli/updatecli/milestone/73[**Next**] to prioritize our effort. As our requirements evolve we regularly add plugins or improve existing ones.
If you ever need a specific integration, feel free to either:
1. Contribute it, we are more than happy to help. link:https://github.com/updatecli/updatecli/blob/main/CONTRIBUTING.adoc[Link]
2. Comment on existing issues as we may prioritize issues affecting other users. link:https://github.com/updatecli/updatecli/issues[Link]
3. Sponsor financially the project link:https://github.com/sponsors/olblak[link]
4. Feel free to reach out to mailto:contact@updatecli.io[contact@updatecli.io,role=email] to see how we can help you.
== Contributing
As a community-oriented project, all contributions are greatly appreciated!
Here is a non-exhaustive list of possible contributions:
* βοΈ this repository.
* Propose a new feature request.
* Highlight an existing feature request with :thumbsup:.
* Contribute to any repository in the link:https://github.com/updatecli/[updatecli] organization
* Share the love
More information available at link:https://github.com/updatecli/updatecli/blob/main/CONTRIBUTING.adoc[CONTRIBUTING]
== Conferences
* 2026
** Devoxx (FR) - Industrialisez la maintenance de vos stacks Dev et Ops link:https://www.youtube.com/watch?v=RC489sMFrF0[Video]
* 2025
** FOSDEM (BE) - Continuously Update Everything two years later link:https://fosdem.org/2025/schedule/event/fosdem-2025-6076-continuously-update-everything-two-years-later[Event]
** Incontro DevOps (IT) - Automate or stagnate: surviving the era of continuous updates link:https://www.youtube.com/watch?v=kVOYFFbbCho[Video]
** OSX (FR) - Updatecli: how to keep your applications up-to-date without losing your mind link:https://www.youtube.com/watch?v=Z-RPVbUPYiI[Video]
* 2024
** DevOps Days 15 year anniversary celebration (BE) - Continuously Update Everything link:https://www.youtube.com/watch?v=PlEm-YinALk[Video]
* 2023
** FOSDEM (BE) - Cloud Native Dependencies link:https://fosdem.org/2023/schedule/event/continuous_update_everything/[Video]
** CIVO Cloud (UK) - Onward a Continuously Updated Kubernetes Marketplace link:https://www.youtube.com/watch?v=B2wmA627E4w[Video]
* 2022
** CDcon (US) - Dependency Management: Where the Fork are We? link:https://youtu.be/157bsLD-0mM[Video]
== Links
* link:https://github.com/updatecli/updatecli/blob/main/ADOPTERS.md[ADOPTERS]
* link:https://github.com/updatecli/updatecli/blob/main/CONTRIBUTING.adoc[CONTRIBUTING]
* link:https://www.updatecli.io/docs/prologue/introduction/[DOCUMENTATION]
* link:https://github.com/updatecli/updatecli/blob/main/LICENSE[LICENSE]
== Thanks to you
=== Contributors β€οΈ
link:https://github.com/updatecli/updatecli/graphs/contributors"[image:https://contrib.rocks/image?repo=updatecli/updatecli[]]
=== Sponsors β€οΈ
link:https://www.prefect.io/[image:https://avatars.githubusercontent.com/u/41086007?v=4[alt=PrefectHQ,height=200, width=200]]
Documentation
ΒΆ
There is no documentation for this package.
Source Files
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
plugins/autodiscovery/plugin
Plugin implements the Updatecli plugin system.
|
Plugin implements the Updatecli plugin system. |
|
plugins/utils/redact
package redact provides function utilities to redact sensitive information.
|
package redact provides function utilities to redact sensitive information. |
Click to show internal directories.
Click to hide internal directories.