quick commit
Some checks failed
CI/CD Pipeline / Code Quality Checks (push) Failing after 6m9s
CI/CD Pipeline / Security Scanning (push) Successful in 26s
CI/CD Pipeline / Tests (3.11) (push) Failing after 5m24s
CI/CD Pipeline / Tests (3.12) (push) Failing after 5m23s
CI/CD Pipeline / Build Docker Image (push) Has been skipped
CI/CD Pipeline / Deploy to Staging (push) Has been skipped
CI/CD Pipeline / Deploy to Production (push) Has been skipped
CI/CD Pipeline / Notification (push) Successful in 1s
Some checks failed
CI/CD Pipeline / Code Quality Checks (push) Failing after 6m9s
CI/CD Pipeline / Security Scanning (push) Successful in 26s
CI/CD Pipeline / Tests (3.11) (push) Failing after 5m24s
CI/CD Pipeline / Tests (3.12) (push) Failing after 5m23s
CI/CD Pipeline / Build Docker Image (push) Has been skipped
CI/CD Pipeline / Deploy to Staging (push) Has been skipped
CI/CD Pipeline / Deploy to Production (push) Has been skipped
CI/CD Pipeline / Notification (push) Successful in 1s
This commit is contained in:
75
.github/workflows/dependency-updates.yml
vendored
Normal file
75
.github/workflows/dependency-updates.yml
vendored
Normal file
@@ -0,0 +1,75 @@
|
||||
name: Dependency Updates
|
||||
|
||||
on:
|
||||
schedule:
|
||||
# Run weekly on Mondays at 9 AM UTC
|
||||
- cron: '0 9 * * 1'
|
||||
workflow_dispatch: # Allow manual triggering
|
||||
|
||||
jobs:
|
||||
update-dependencies:
|
||||
name: Update Dependencies
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install pip-tools
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install pip-tools
|
||||
|
||||
- name: Update dependencies
|
||||
run: |
|
||||
# Generate requirements files from pyproject.toml
|
||||
pip-compile --upgrade pyproject.toml --output-file requirements.txt
|
||||
pip-compile --upgrade --extra dev pyproject.toml --output-file requirements-dev.txt
|
||||
|
||||
- name: Check for security vulnerabilities
|
||||
run: |
|
||||
pip install safety
|
||||
safety check --file requirements.txt --json --output vulnerability-report.json || true
|
||||
safety check --file requirements-dev.txt --json --output vulnerability-dev-report.json || true
|
||||
|
||||
- name: Create Pull Request
|
||||
uses: peter-evans/create-pull-request@v5
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
commit-message: 'chore: update dependencies'
|
||||
title: 'Automated dependency updates'
|
||||
body: |
|
||||
## Automated Dependency Updates
|
||||
|
||||
This PR contains automated dependency updates generated by the dependency update workflow.
|
||||
|
||||
### Changes
|
||||
- Updated all dependencies to latest compatible versions
|
||||
- Checked for security vulnerabilities
|
||||
|
||||
### Security Scan Results
|
||||
Please review the uploaded security scan artifacts for any vulnerabilities.
|
||||
|
||||
### Testing
|
||||
- [ ] All tests pass
|
||||
- [ ] No breaking changes introduced
|
||||
- [ ] Security scan results reviewed
|
||||
|
||||
**Note**: This is an automated PR. Please review all changes carefully before merging.
|
||||
branch: automated/dependency-updates
|
||||
delete-branch: true
|
||||
|
||||
- name: Upload vulnerability reports
|
||||
uses: actions/upload-artifact@v3
|
||||
if: always()
|
||||
with:
|
||||
name: vulnerability-reports
|
||||
path: |
|
||||
vulnerability-report.json
|
||||
vulnerability-dev-report.json
|
||||
Reference in New Issue
Block a user