Dependency Updates #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Updates | |
| on: | |
| schedule: | |
| # Run weekly on Mondays at 3 AM UTC | |
| - cron: '0 3 * * 1' | |
| workflow_dispatch: # Allow manual triggering | |
| jobs: | |
| check-dependencies: | |
| name: Check for Dependency Updates | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install pip-tools pip-check-updates | |
| python -m pip install -e ".[dev]" | |
| - name: Check for outdated packages | |
| id: check-outdated | |
| run: | | |
| echo "=== Checking for outdated packages ===" | |
| pip list --outdated --format=json > outdated.json | |
| if [ -s outdated.json ] && [ "$(cat outdated.json)" != "[]" ]; then | |
| echo "outdated=true" >> $GITHUB_OUTPUT | |
| echo "Found outdated packages:" | |
| cat outdated.json | python -m json.tool | |
| else | |
| echo "outdated=false" >> $GITHUB_OUTPUT | |
| echo "All packages are up to date!" | |
| fi | |
| - name: Generate dependency update report | |
| if: steps.check-outdated.outputs.outdated == 'true' | |
| run: | | |
| echo "# Dependency Update Report" > dependency-report.md | |
| echo "" >> dependency-report.md | |
| echo "Generated on: $(date)" >> dependency-report.md | |
| echo "" >> dependency-report.md | |
| echo "## Outdated Packages" >> dependency-report.md | |
| echo "" >> dependency-report.md | |
| python << 'EOF' | |
| import json | |
| import sys | |
| try: | |
| with open('outdated.json', 'r') as f: | |
| outdated = json.load(f) | |
| if outdated: | |
| print("| Package | Current Version | Latest Version | Type |", file=open('dependency-report.md', 'a')) | |
| print("|---------|----------------|----------------|------|", file=open('dependency-report.md', 'a')) | |
| for pkg in outdated: | |
| name = pkg['name'] | |
| current = pkg['version'] | |
| latest = pkg['latest_version'] | |
| pkg_type = pkg.get('latest_filetype', 'wheel') | |
| print(f"| {name} | {current} | {latest} | {pkg_type} |", file=open('dependency-report.md', 'a')) | |
| else: | |
| print("No outdated packages found.", file=open('dependency-report.md', 'a')) | |
| except Exception as e: | |
| print(f"Error processing outdated packages: {e}") | |
| sys.exit(1) | |
| EOF | |
| echo "" >> dependency-report.md | |
| echo "## Security Advisory Check" >> dependency-report.md | |
| echo "" >> dependency-report.md | |
| # Check for security advisories | |
| python -m pip install safety | |
| safety check --json --output safety-check.json || true | |
| if [ -f safety-check.json ]; then | |
| python << 'EOF' | |
| import json | |
| try: | |
| with open('safety-check.json', 'r') as f: | |
| safety_data = json.load(f) | |
| if safety_data and len(safety_data) > 0: | |
| print("⚠️ **Security vulnerabilities found!**", file=open('dependency-report.md', 'a')) | |
| print("", file=open('dependency-report.md', 'a')) | |
| for vuln in safety_data: | |
| pkg = vuln.get('package_name', 'Unknown') | |
| version = vuln.get('analyzed_version', 'Unknown') | |
| vuln_id = vuln.get('vulnerability_id', 'Unknown') | |
| print(f"- **{pkg}** (v{version}): {vuln_id}", file=open('dependency-report.md', 'a')) | |
| else: | |
| print("✅ No security vulnerabilities found.", file=open('dependency-report.md', 'a')) | |
| except Exception as e: | |
| print("❓ Could not check security advisories.", file=open('dependency-report.md', 'a')) | |
| EOF | |
| fi | |
| echo "" >> dependency-report.md | |
| echo "---" >> dependency-report.md | |
| echo "*This report was automatically generated by the dependency-updates workflow.*" >> dependency-report.md | |
| - name: Create Pull Request for dependency updates | |
| if: steps.check-outdated.outputs.outdated == 'true' | |
| uses: peter-evans/create-pull-request@v5 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: | | |
| chore: dependency update report | |
| Automated dependency analysis found outdated packages. | |
| Review the dependency-report.md file for details. | |
| title: "🔄 Dependency Update Report - $(date +'%Y-%m-%d')" | |
| body: | | |
| ## 🔄 Automated Dependency Update Report | |
| This PR contains an automated analysis of outdated dependencies in the project. | |
| ### 📋 What's Included | |
| - List of outdated packages with current and latest versions | |
| - Security vulnerability check results | |
| - Recommendations for updates | |
| ### 🔍 Review Required | |
| Please review the `dependency-report.md` file and decide which dependencies should be updated. | |
| ### ⚠️ Important Notes | |
| - This PR does NOT automatically update dependencies | |
| - Manual review and testing is required before updating | |
| - Consider the impact of major version changes | |
| - Run full test suite after any updates | |
| ### 🤖 Automation | |
| This PR was automatically created by the dependency-updates workflow. | |
| --- | |
| **Generated on:** $(date) | |
| branch: automated/dependency-updates | |
| delete-branch: true | |
| draft: false | |
| assignees: unseriousAI | |
| labels: dependencies,automated,review-required | |
| - name: Upload dependency reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dependency-reports | |
| path: | | |
| dependency-report.md | |
| outdated.json | |
| safety-check.json | |
| retention-days: 30 | |
| - name: Summary | |
| if: always() | |
| run: | | |
| if [ "${{ steps.check-outdated.outputs.outdated }}" == "true" ]; then | |
| echo "📊 Dependency update report generated and PR created" | |
| echo "🔍 Review the PR for detailed information about outdated packages" | |
| else | |
| echo "✅ All dependencies are up to date!" | |
| fi |