Update pinned Python dependencies for the actions #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update pinned Python dependencies for the actions | |
on: | |
push: | |
branches: [main] | |
paths: ['repo/pyproject.toml'] | |
schedule: | |
- cron: '21 9 * * 1' | |
workflow_dispatch: | |
permissions: {} | |
jobs: | |
update-dependencies: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # for pushing a branch | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 | |
with: | |
python-version: '3.12' | |
- name: Install pip-tools | |
run: pip install -c build/build-constraints.txt pip-tools | |
- name: Update action-constraints.txt | |
id: update | |
run: | | |
pip-compile --strip-extras --upgrade --output-file action-constraints.txt repo/pyproject.toml | |
if git diff --quiet; then | |
echo "No dependency updates." | |
echo "updated=false" >> $GITHUB_OUTPUT | |
else | |
echo "updated=true" >> $GITHUB_OUTPUT | |
fi | |
- name: Push branch | |
id: push | |
if: steps.update.outputs.updated == 'true' | |
run: | | |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config user.name "github-actions[bot]" | |
git add action-constraints.txt | |
git commit -m "repo: Update pinned requirements" | |
SHA=$(sha256sum action-constraints.txt) | |
NAME="pin-requirements/${SHA:0:7}" | |
if git ls-remote --exit-code origin $NAME; then | |
echo "Branch $NAME exists, nothing to do." | |
echo "pushed=false" >> $GITHUB_OUTPUT | |
else | |
git push origin HEAD:$NAME | |
echo "Pushed branch $NAME." | |
echo "pushed=true" >> $GITHUB_OUTPUT | |
echo "branch=$NAME" >> $GITHUB_OUTPUT | |
fi | |
- name: Open pull request | |
if: steps.push.outputs.pushed == 'true' | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
env: | |
BRANCH: ${{ steps.push.outputs.branch }} | |
with: | |
script: | | |
await github.rest.pulls.create({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
title: "actions: Update pinned requirements", | |
body: "Note: close and reopen the PR to trigger CI.", | |
head: process.env.BRANCH, | |
base: "main", | |
}) |