Update pinned Python dependencies for the actions #143
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update pinned Python dependencies for the actions | |
| on: | |
| push: | |
| branches: [main] | |
| paths: ['repo/pyproject.toml'] | |
| schedule: | |
| - cron: '21 9 * * 1' | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| update-dependencies: | |
| name: Update pinned Python dependencies | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # for pushing a branch | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: true # for pushing a new branch later | |
| - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 | |
| with: | |
| python-version: '3.14' | |
| - name: Install pip-tools | |
| run: pip install -c build/build-constraints.txt pip-tools | |
| - name: Update action-constraints.txt | |
| id: update | |
| run: | | |
| pip-compile --strip-extras --upgrade --output-file action-constraints.txt repo/pyproject.toml | |
| if git diff --quiet; then | |
| echo "No dependency updates." | |
| echo "updated=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "updated=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Push branch | |
| id: push | |
| if: steps.update.outputs.updated == 'true' | |
| run: | | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config user.name "github-actions[bot]" | |
| git add action-constraints.txt | |
| git commit -m "repo: Update pinned requirements" | |
| SHA=$(sha256sum action-constraints.txt) | |
| NAME="pin-requirements/${SHA:0:7}" | |
| if git ls-remote --exit-code origin $NAME; then | |
| echo "Branch $NAME exists, nothing to do." | |
| echo "pushed=false" >> $GITHUB_OUTPUT | |
| else | |
| git push origin HEAD:$NAME | |
| echo "Pushed branch $NAME." | |
| echo "pushed=true" >> $GITHUB_OUTPUT | |
| echo "branch=$NAME" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Open pull request | |
| if: steps.push.outputs.pushed == 'true' | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| env: | |
| BRANCH: ${{ steps.push.outputs.branch }} | |
| with: | |
| script: | | |
| await github.rest.pulls.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: "actions: Update pinned requirements", | |
| body: "Note: close and reopen the PR to trigger CI.", | |
| head: process.env.BRANCH, | |
| base: "main", | |
| }) |