name: Dependency Updates

on:
  schedule:
    - cron: '0 9 * * 1'
  workflow_dispatch:

jobs:
  update-dependencies:
    name: Update Dependencies
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: "3.11"

      - name: Install pip-tools
        run: |
          python -m pip install --upgrade pip
          pip install pip-tools

      - name: Update dependencies
        run: |
          pip-compile --upgrade pyproject.toml --output-file requirements.txt
          pip-compile --upgrade --extra dev pyproject.toml --output-file requirements-dev.txt

      - name: Check for security vulnerabilities
        run: |
          pip install safety
          safety check --file requirements.txt --json --output vulnerability-report.json || true
          safety check --file requirements-dev.txt --json --output vulnerability-dev-report.json || true

      - name: Upload vulnerability reports
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: vulnerability-reports
          path: |
            vulnerability-report.json
            vulnerability-dev-report.json