Automated AUR package updates from a single GitHub repo. Fork it, drop in your packages, let CI handle the rest.
Packages
| Package | Version | Strategy | Updated | Status |
|---|---|---|---|---|
| No packages configured | — | — | — | — |
Auto-generated by CI after each run.
How it works
graph LR
A[GitHub Actions<br/>on schedule] -->|for each package| B[check-all.sh<br/>run strategy<br/>compare versions]
B -->|new version found| C[update-pkg.sh<br/>clone AUR repo<br/>sed pkgver<br/>updpkgsums<br/>makepkg --printsrcinfo<br/>git push to AUR]
B -->|check failed| D[create GitHub Issue<br/>with error details]
C -->|update failed| D
C -->|done| E[update-readme.sh<br/>commit badges + status table]
Each package has a YAML config pointing to an upstream source. When a new version is detected, aurtomator clones the existing AUR repo, bumps pkgver, regenerates checksums and .SRCINFO, and pushes. It does not generate PKGBUILDs or modify anything else. If anything fails, a GitHub Issue is opened automatically.
Quick start
- Fork this repo (or use as template)
- Enable Actions and Issues in your fork's Settings (why?)
- Run
./scripts/setup.sh(detailed guide) - Add a package:
cp packages/example.yml.sample packages/<name>.yml - Validate:
./scripts/validate-pkg.sh <name> - Push and let CI handle the rest
The setup script configures your identity (git author for AUR commits), SSH access, and GitHub Secrets. If you use gh CLI, secrets are set automatically. Without it, the script prints manual instructions. GPG commit signing is optional.
See docs/SETUP.md for the full setup guide.
Strategies
13 built-in version detection strategies:
| Strategy | Source | Use for |
|---|---|---|
github-release |
GitHub Releases API | GitHub-hosted projects with releases |
github-tag |
GitHub Tags API | GitHub projects without releases |
github-nightly |
GitHub Releases API | Nightly/prerelease builds (4 patterns) |
gitlab-tag |
GitLab Tags API | Any GitLab instance |
gitea-tag |
Gitea/Forgejo API | Codeberg, self-hosted Gitea |
git-latest |
git clone --bare |
-git packages, any git repo |
pypi |
PyPI JSON API | Python packages |
npm |
npm registry | Node.js packages |
crates |
crates.io API | Rust crates |
repology |
Repology API | Universal fallback (120+ repos) |
archpkg |
Arch repos API | Rebuild triggers, dependency tracking |
webpage-scrape |
URL + regex | Anything not covered above |
kde-tarball |
download.kde.org | KDE/Plasma packages |
See docs/WORKFLOW.md for strategy details, YAML examples, and how to write custom strategies.
Limitations
aurtomator only updates pkgver, checksums, and .SRCINFO. It does not build packages or check dependencies. The following are detected and blocked automatically:
- Split packages --
pkgname=(...)arrays pkgver()with wrong strategy -- usegit-latestfor VCS packages- Mixed SKIP/real checksums --
updpkgsumsis all-or-nothing - Source URLs returning HTML -- detected via Content-Type check
Packages with patches in source=() trigger a warning but are not blocked.
See docs/SUPPORTED-PACKAGES.md for the full breakdown including safe/unsafe failure modes and comparison with other tools.
Resource usage
All packages run in a single workflow -- one Arch container, one SSH/GPG setup, one run. A version check is one HTTP request per package. This keeps GitHub Actions minutes usage minimal.
Documentation
- Setup guide -- first-time configuration, prerequisites, troubleshooting
- Supported packages -- what works, what doesn't, safety rules
- Workflow reference -- strategies, update process, CI pipeline, local testing, custom strategies
Alternatives
| Tool | Best for | Approach |
|---|---|---|
| nvchecker | Version detection only | Python, 42+ sources, no AUR push |
| lilac | Large repos (archlinuxcn) | Full build bot, needs own infra |
| aur-auto-update | Centralized service | Requires bot co-maintainer on AUR |
| Renovate | Multi-ecosystem | Enterprise-grade, heavy config |
| aurtomator | Individual maintainers | Fork and go, bash, zero dependencies beyond Arch |
License
BSD-3-Clause