name: Dependency Updates on: schedule: # Run weekly on Mondays at 9 AM UTC - cron: '0 9 * * 1' workflow_dispatch: # Allow manual triggering jobs: update-dependencies: name: Update Dependencies runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Python uses: actions/setup-python@v4 with: python-version: "3.11" - name: Install pip-tools run: | python -m pip install --upgrade pip pip install pip-tools - name: Update dependencies run: | # Generate requirements files from pyproject.toml pip-compile --upgrade pyproject.toml --output-file requirements.txt pip-compile --upgrade --extra dev pyproject.toml --output-file requirements-dev.txt - name: Check for security vulnerabilities run: | pip install safety safety check --file requirements.txt --json --output vulnerability-report.json || true safety check --file requirements-dev.txt --json --output vulnerability-dev-report.json || true - name: Create Pull Request uses: peter-evans/create-pull-request@v5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'chore: update dependencies' title: 'Automated dependency updates' body: | ## Automated Dependency Updates This PR contains automated dependency updates generated by the dependency update workflow. ### Changes - Updated all dependencies to latest compatible versions - Checked for security vulnerabilities ### Security Scan Results Please review the uploaded security scan artifacts for any vulnerabilities. ### Testing - [ ] All tests pass - [ ] No breaking changes introduced - [ ] Security scan results reviewed **Note**: This is an automated PR. Please review all changes carefully before merging. branch: automated/dependency-updates delete-branch: true - name: Upload vulnerability reports uses: actions/upload-artifact@v3 if: always() with: name: vulnerability-reports path: | vulnerability-report.json vulnerability-dev-report.json