Skip to content

Update pinned Python dependencies for the actions #40

Update pinned Python dependencies for the actions

Update pinned Python dependencies for the actions #40

name: Update pinned Python dependencies for the actions
on:
push:
branches: [main]
paths: ['repo/pyproject.toml']
schedule:
- cron: '21 9 * * 1'
workflow_dispatch:
permissions: {}
jobs:
update-dependencies:
runs-on: ubuntu-latest
permissions:
contents: write # for pushing a branch
pull-requests: write
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: '3.12'
- name: Install pip-tools
run: pip install -c build/build-constraints.txt pip-tools
- name: Update action-constraints.txt
id: update
run: |
pip-compile --strip-extras --upgrade --output-file action-constraints.txt repo/pyproject.toml
if git diff --quiet; then
echo "No dependency updates."
echo "updated=false" >> $GITHUB_OUTPUT
else
echo "updated=true" >> $GITHUB_OUTPUT
fi
- name: Push branch
id: push
if: steps.update.outputs.updated == 'true'
run: |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
git add action-constraints.txt
git commit -m "repo: Update pinned requirements"
SHA=$(sha256sum action-constraints.txt)
NAME="pin-requirements/${SHA:0:7}"
if git ls-remote --exit-code origin $NAME; then
echo "Branch $NAME exists, nothing to do."
echo "pushed=false" >> $GITHUB_OUTPUT
else
git push origin HEAD:$NAME
echo "Pushed branch $NAME."
echo "pushed=true" >> $GITHUB_OUTPUT
echo "branch=$NAME" >> $GITHUB_OUTPUT
fi
- name: Open pull request
if: steps.push.outputs.pushed == 'true'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
BRANCH: ${{ steps.push.outputs.branch }}
with:
script: |
await github.rest.pulls.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: "actions: Update pinned requirements",
body: "Note: close and reopen the PR to trigger CI.",
head: process.env.BRANCH,
base: "main",
})