From 3d6b2fd6aee4b19ddf09d907470448b0d29f59b5 Mon Sep 17 00:00:00 2001 From: mogres Date: Thu, 5 Mar 2026 08:04:21 -0800 Subject: [PATCH 1/4] * use native gh CLI for requirements actions * update UV setup to version 7 * update Dependabot configuration --- .github/actions/dependencies/action.yml | 4 ++-- .github/actions/uv/action.yml | 4 ++-- .github/dependabot.yml | 16 ++++++++++++- .github/workflows/make-requirements.yml | 31 ++++++++++++++++--------- 4 files changed, 39 insertions(+), 16 deletions(-) diff --git a/.github/actions/dependencies/action.yml b/.github/actions/dependencies/action.yml index c9ed6162d..71ca20603 100644 --- a/.github/actions/dependencies/action.yml +++ b/.github/actions/dependencies/action.yml @@ -3,8 +3,8 @@ description: Install UV and dependencies runs: using: composite steps: - - name: Install uv - uses: astral-sh/setup-uv@v4 + - name: Set up uv + uses: astral-sh/setup-uv@v7 - name: Install dependencies shell: bash diff --git a/.github/actions/uv/action.yml b/.github/actions/uv/action.yml index 07d45b0d6..121fc243f 100644 --- a/.github/actions/uv/action.yml +++ b/.github/actions/uv/action.yml @@ -3,7 +3,7 @@ description: Install UV runs: using: composite steps: - - name: Set up UV - uses: astral-sh/setup-uv@v3 + - name: Set up uv + uses: astral-sh/setup-uv@v7 with: enable-cache: true \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 42baa2574..54c633a0d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,4 +16,18 @@ updates: groups: actions: patterns: - - "github-actions" + - "*" + + - package-ecosystem: "uv" + directory: "/" + schedule: + interval: "monthly" + commit-message: + prefix: "deps(dependabot):" + open-pull-requests-limit: 1 + rebase-strategy: "auto" + groups: + python-all: + patterns: + - "*" + diff --git a/.github/workflows/make-requirements.yml b/.github/workflows/make-requirements.yml index 7e60bed13..36a7d0ebd 100644 --- a/.github/workflows/make-requirements.yml +++ b/.github/workflows/make-requirements.yml @@ -64,6 +64,9 @@ jobs: open-PR: needs: [make-requirements] runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - uses: actions/checkout@v4 - name: Download linux requirements files @@ -93,14 +96,20 @@ jobs: run: echo "timestamp=$(date +'%Y-%m-%d_%H-%M')" >> $GITHUB_OUTPUT - name: Create Pull Request - uses: peter-evans/create-pull-request@v8 - with: - base: main - title: admin/requirements-update_${{ steps.timestamp.outputs.timestamp }} - body: Updating requirements.txt. - - Due to some [challenges](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs), - with getting this PR to trigger the tests, please manually close and re-open this PR. - branch: admin/requirements-update_${{ steps.timestamp.outputs.timestamp }} - commit-message: Updating requirements.txt after change to `uv.lock` was pushed to `main` - delete-branch: true \ No newline at end of file + env: + GH_TOKEN: ${{ secrets.WORKFLOW_PAT }} + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git remote set-url origin https://x-access-token:${{ secrets.WORKFLOW_PAT }}@github.com/${{ github.repository }} + BRANCH="admin/requirements-update_${{ steps.timestamp.outputs.timestamp }}" + git checkout -b "$BRANCH" + git add requirements/ + git diff --cached --quiet && echo "No changes to commit" && exit 0 + git commit -m "Updating requirements.txt after change to \`uv.lock\` was pushed to \`main\`" + git push origin "$BRANCH" + gh pr create \ + --base main \ + --head "$BRANCH" \ + --title "admin/requirements-update_${{ steps.timestamp.outputs.timestamp }}" \ + --body "Updating requirements.txt." \ No newline at end of file From 83ea9501324922efdb2f04bed227456e94d2f207 Mon Sep 17 00:00:00 2001 From: mogres Date: Thu, 5 Mar 2026 11:40:04 -0800 Subject: [PATCH 2/4] remove unnecessary permissions for open-PR job in make-requirements.yml --- .github/workflows/make-requirements.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/make-requirements.yml b/.github/workflows/make-requirements.yml index 36a7d0ebd..a13804a47 100644 --- a/.github/workflows/make-requirements.yml +++ b/.github/workflows/make-requirements.yml @@ -64,9 +64,6 @@ jobs: open-PR: needs: [make-requirements] runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write steps: - uses: actions/checkout@v4 - name: Download linux requirements files From 44721749361dd427aa2dbb464b743716be0978b1 Mon Sep 17 00:00:00 2001 From: mogres Date: Fri, 13 Mar 2026 18:09:51 -0700 Subject: [PATCH 3/4] Make timestamp unique using the run ID --- .github/workflows/make-requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/make-requirements.yml b/.github/workflows/make-requirements.yml index a13804a47..383bca2d8 100644 --- a/.github/workflows/make-requirements.yml +++ b/.github/workflows/make-requirements.yml @@ -90,7 +90,7 @@ jobs: - name: Get timestamp id: timestamp - run: echo "timestamp=$(date +'%Y-%m-%d_%H-%M')" >> $GITHUB_OUTPUT + run: echo "timestamp=$(date +'%Y-%m-%d_%H-%M')_${{ github.run_id }}" >> $GITHUB_OUTPUT - name: Create Pull Request env: From 9e045c142e14dab87ef172b71fc6a9e2be18d3cb Mon Sep 17 00:00:00 2001 From: mogres Date: Fri, 13 Mar 2026 18:10:13 -0700 Subject: [PATCH 4/4] Avoid expanding the WORKFLOW_PAT --- .github/workflows/make-requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/make-requirements.yml b/.github/workflows/make-requirements.yml index 383bca2d8..86b7816e6 100644 --- a/.github/workflows/make-requirements.yml +++ b/.github/workflows/make-requirements.yml @@ -98,7 +98,7 @@ jobs: run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - git remote set-url origin https://x-access-token:${{ secrets.WORKFLOW_PAT }}@github.com/${{ github.repository }} + git remote set-url origin https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }} BRANCH="admin/requirements-update_${{ steps.timestamp.outputs.timestamp }}" git checkout -b "$BRANCH" git add requirements/