diff --git a/.github/workflows/binary-releases.yml b/.github/workflows/binary-releases.yml
index 3722a2da..54bf8f03 100644
--- a/.github/workflows/binary-releases.yml
+++ b/.github/workflows/binary-releases.yml
@@ -153,7 +153,7 @@ jobs:
           targets: ${{ matrix.job.target }}
       - name: Set up cross compiling
         if: matrix.job.cross
-        uses: taiki-e/install-action@63c295a1d121591e8dd1e152c88a8e9a9b1ecef5 # ratchet:taiki-e/install-action@v2
+        uses: taiki-e/install-action@0163f6cf65d9b9bb0e5d1f0e3ae19280a06be4b0 # ratchet:taiki-e/install-action@v2.18.9
         with:
           tool: cross
       - name: Configure cross compiling
diff --git a/.github/workflows/build-embedding.yml b/.github/workflows/build-embedding.yml
index 4be9fe64..7ad38375 100644
--- a/.github/workflows/build-embedding.yml
+++ b/.github/workflows/build-embedding.yml
@@ -70,7 +70,7 @@ jobs:
       ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # ratchet:aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # ratchet:aws-actions/configure-aws-credentials@v4.0.0
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -224,7 +224,7 @@ jobs:
       (contains(needs.get_commit_message.outputs.message, '[ec2 build]') || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, '00 - EC2 Build')) || (github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main')))) && always()
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # ratchet:aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # ratchet:aws-actions/configure-aws-credentials@v4.0.0
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 26f92a9b..495f32ed 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -64,7 +64,7 @@ jobs:
       ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # ratchet:aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # ratchet:aws-actions/configure-aws-credentials@v4.0.0
         with:
           aws-access-key-id: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
@@ -160,7 +160,7 @@ jobs:
             org.opencontainers.image.source="https://github.com/bentoml/OpenLLM"
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # ratchet:docker/build-push-action@v4
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # ratchet:docker/build-push-action@v5.0.0
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
@@ -221,7 +221,7 @@ jobs:
       (contains(needs.get_commit_message.outputs.message, '[ec2 build]') || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, '00 - EC2 Build')) || (github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main')))) && always()
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@50ac8dd1e1b10d09dac7b8727528b91bed831ac0 # ratchet:aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # ratchet:aws-actions/configure-aws-credentials@v4.0.0
         with:
           aws-access-key-id: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/clojure-frontend.yml b/.github/workflows/clojure-frontend.yml
index 1d80a22e..b64dc178 100644
--- a/.github/workflows/clojure-frontend.yml
+++ b/.github/workflows/clojure-frontend.yml
@@ -100,7 +100,7 @@ jobs:
             type=raw,value=sha-${{ env.GITHUB_SHA_SHORT }}
       - name: Build and push Clojure UI image
         id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # ratchet:docker/build-push-action@v4
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # ratchet:docker/build-push-action@v5.0.0
         with:
           context: openllm-contrib/clojure
           file: openllm-contrib/clojure/Dockerfile
diff --git a/tools/update-actions.sh b/tools/update-actions.sh
index 42f9c669..ceb35001 100755
--- a/tools/update-actions.sh
+++ b/tools/update-actions.sh
@@ -14,6 +14,11 @@ cd "$GIT_ROOT" || exit 1
     exit 1
 )
 
+docker version &>/dev/null || (
+  echo "docker is not healthy. Make sure to have docker running"
+  exit 1
+)
+
 [[ -z "${ACTIONS_TOKEN}" ]] && (
     echo "ACTIONS_TOKEN not found. Make sure to have ACTIONS_TOKEN set to run this job."
     exit 1