From ecb1fd7b80511a3e99ba2a5fdcf9ac0acdf1b334 Mon Sep 17 00:00:00 2001 From: Jonathan Gangi Date: Tue, 20 Aug 2024 10:35:04 -0300 Subject: [PATCH 1/2] Use the GH actions to update dependencies This commit adds a new action named `pip-compile` which will daily attempt to update the dependencies and open a new MR when necessary. The advantage of doing this is that we can easily group the dependencies without having to rely on complex iterations with dependabot. This approach is the very same used in neighbor projects, such as pubtools-ami: https://github.com/release-engineering/pubtools-ami/blob/main/.github/workflows/pip-compile.yml Refers to SPSTRAT-355 --- .github/workflows/pip-compile.yml | 41 +++++++++++++++++++++++++++++++ tox.ini | 4 +-- 2 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/pip-compile.yml diff --git a/.github/workflows/pip-compile.yml b/.github/workflows/pip-compile.yml new file mode 100644 index 0000000..f4c64b7 --- /dev/null +++ b/.github/workflows/pip-compile.yml @@ -0,0 +1,41 @@ +on: + workflow_dispatch: {} + schedule: + - cron: "20 20 * * 0" + + name: "pip-compile: create PR" + jobs: + pip_compile: + name: pip-compile + runs-on: ubuntu-latest + steps: + - name: Setup Python + uses: actions/setup-python@v2 + with: + python-version: "3.8" + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y libkrb5-dev + + - name: Install tox + run: pip install tox + + - name: pip-compile + uses: technote-space/create-pr-action@v2 + with: + EXECUTE_COMMANDS: tox -e pip-compile + COMMIT_MESSAGE: 'chore: scheduled pip-compile' + COMMIT_NAME: 'GitHub Actions' + COMMIT_EMAIL: 'noreply@github.com' + GITHUB_TOKEN: ${{ secrets.PIP_COMPILE_TOKEN }} + PR_BRANCH_PREFIX: deps/ + PR_BRANCH_NAME: 'pip-compile' + PR_TITLE: 'chore: scheduled pip-compile' + PR_BODY: '## Update dependencies + + This is a scheduled update of Python dependencies within this repo managed by pip-compile. + + This change will be submitted automatically within a few days if all checks have + succeeded.' diff --git a/tox.ini b/tox.ini index e734164..767bdd2 100644 --- a/tox.ini +++ b/tox.ini @@ -19,8 +19,8 @@ basepython = python3.8 skip_install = true deps = pip-tools commands = - pip-compile --generate-hashes --reuse-hashes --output-file=requirements.txt - pip-compile --generate-hashes --reuse-hashes --output-file=requirements-test.txt setup.py requirements-test.in + pip-compile -U --generate-hashes --reuse-hashes --output-file=requirements.txt + pip-compile -U --generate-hashes --reuse-hashes --output-file=requirements-test.txt setup.py requirements-test.in [testenv:docs] use_develop=true From cfa00a52b2cb9f8800c36dcd80c63eb41da1732c Mon Sep 17 00:00:00 2001 From: Jonathan Gangi Date: Tue, 20 Aug 2024 10:37:18 -0300 Subject: [PATCH 2/2] Disable dependabot Let's rely in our own GH actions to do it by using our internal bot. Refers to SPSTRAT-355 --- .github/dependabot.yml | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 1ece9d6..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: 2 -updates: -- package-ecosystem: pip - directory: / - schedule: - interval: monthly - allow: - - dependency-type: all