Skip to content
Update Deps

Update Deps #72

Sign in to view logs

Update Deps

Update Deps #72

Workflow file for this run

.github/workflows/auto_updates.yml at 3a896b7
# This is a workflow for updating Python dependencies with Poetry.
# Major version updates are handled separately, by Dependabot.
# It will also update the pre-commit hooks to use latest tags.
---
name: Update Deps
on:
workflow_dispatch:
# Run every Monday at 1435 UTC
schedule:
- cron: '35 14 * * 1'
jobs:
workflow-auto-updates:
name: Update dependencies and hooks
runs-on: ubuntu-latest
strategy:
matrix:
# It's only one Python version specified in a "matrix", but on purpose to stay DRY
python-version: ["3.12"]
defaults:
run:
shell: bash
steps:
- name: Checkout the repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# This GPG key is for the `phylum-bot` account and used in order to ensure commits are signed/verified
- name: Import GPG key for bot account
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
with:
gpg_private_key: ${{ secrets.PHYLUM_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PHYLUM_BOT_GPG_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: Install poetry
run: pipx install poetry==1.7.1
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Set up Python
uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Install the project with poetry
run: |
poetry env use python${{ matrix.python-version }}
poetry check --lock
poetry lock --no-update --no-cache
poetry install --verbose --no-root --sync --with qa
# Update hooks before dependencies because otherwise `pre-commit` may be updated and used before it can be trusted
#
# NOTE: Specific repos are specified for update since the autoupdated/frozen version here may not always be the
# latest version. This is the case for `poetry`, which has described the limitations of `pre-commit` here:
# https://python-poetry.org/docs/pre-commit-hooks/#why-does-pre-commit-autoupdate-not-update-to-the-latest-version
- name: Update pre-commit hooks
run: |
poetry run pre-commit autoupdate --freeze \
--repo https://github.com/pre-commit/pre-commit-hooks \
--repo https://github.com/psf/black \
--repo https://github.com/charliermarsh/ruff-pre-commit \
--repo https://github.com/dosisod/refurb \
--repo https://github.com/jendrikseipp/vulture \
--repo https://github.com/adrienverge/yamllint
- name: Update Python dependencies
run: |
poetry update -vv --lock
poetry check --lock
- name: Commit changes
id: commit
continue-on-error: true
# NOTE: The git user name and email used for commits is already configured,
# by the crazy-max/ghaction-import-gpg action.
run: |
git commit -a -m "build: bump \`poetry.lock\` dependencies and \`pre-commit\` hooks"
git push --force origin HEAD:workflow-auto-updates
- name: Create Pull Request
if: ${{ steps.commit.outcome == 'success' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
# This PAT is for the `phylum-bot` account and only has the `public_repo` scope to limit privileges.
github-token: ${{ secrets.GH_RELEASE_PAT }}
script: |
const response = await github.rest.pulls.create({
owner: context.repo.owner,
repo: context.repo.repo,
head: "workflow-auto-updates",
base: context.ref,
title: "build: bump `poetry.lock` dependencies and `pre-commit` hooks",
body: "Bump dependencies in `poetry.lock` and hooks in `.pre-commit-config.yaml`.",
});
console.log(response);