latte
831eed8dbc
Some checks failed
CI/CD Pipeline / Code Quality Checks (push) Failing after 6m9s
CI/CD Pipeline / Security Scanning (push) Successful in 26s
CI/CD Pipeline / Tests (3.11) (push) Failing after 5m24s
CI/CD Pipeline / Tests (3.12) (push) Failing after 5m23s
CI/CD Pipeline / Build Docker Image (push) Has been skipped
CI/CD Pipeline / Deploy to Staging (push) Has been skipped
CI/CD Pipeline / Deploy to Production (push) Has been skipped
CI/CD Pipeline / Notification (push) Successful in 1s
75 lines
2.4 KiB
YAML
75 lines
2.4 KiB
YAML
name: Dependency Updates
|
|
|
|
on:
|
|
schedule:
|
|
# Run weekly on Mondays at 9 AM UTC
|
|
- cron: '0 9 * * 1'
|
|
workflow_dispatch: # Allow manual triggering
|
|
|
|
jobs:
|
|
update-dependencies:
|
|
name: Update Dependencies
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: "3.11"
|
|
|
|
- name: Install pip-tools
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install pip-tools
|
|
|
|
- name: Update dependencies
|
|
run: |
|
|
# Generate requirements files from pyproject.toml
|
|
pip-compile --upgrade pyproject.toml --output-file requirements.txt
|
|
pip-compile --upgrade --extra dev pyproject.toml --output-file requirements-dev.txt
|
|
|
|
- name: Check for security vulnerabilities
|
|
run: |
|
|
pip install safety
|
|
safety check --file requirements.txt --json --output vulnerability-report.json || true
|
|
safety check --file requirements-dev.txt --json --output vulnerability-dev-report.json || true
|
|
|
|
- name: Create Pull Request
|
|
uses: peter-evans/create-pull-request@v5
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
commit-message: 'chore: update dependencies'
|
|
title: 'Automated dependency updates'
|
|
body: |
|
|
## Automated Dependency Updates
|
|
|
|
This PR contains automated dependency updates generated by the dependency update workflow.
|
|
|
|
### Changes
|
|
- Updated all dependencies to latest compatible versions
|
|
- Checked for security vulnerabilities
|
|
|
|
### Security Scan Results
|
|
Please review the uploaded security scan artifacts for any vulnerabilities.
|
|
|
|
### Testing
|
|
- [ ] All tests pass
|
|
- [ ] No breaking changes introduced
|
|
- [ ] Security scan results reviewed
|
|
|
|
**Note**: This is an automated PR. Please review all changes carefully before merging.
|
|
branch: automated/dependency-updates
|
|
delete-branch: true
|
|
|
|
- name: Upload vulnerability reports
|
|
uses: actions/upload-artifact@v3
|
|
if: always()
|
|
with:
|
|
name: vulnerability-reports
|
|
path: |
|
|
vulnerability-report.json
|
|
vulnerability-dev-report.json |