From 96072dbd21eecb95585b437739b05342beefa4a6 Mon Sep 17 00:00:00 2001
From: Alice Wong <alice.wong@thedatalab.org>
Date: Fri, 15 May 2026 15:15:15 +0100
Subject: [PATCH] Replace uvmirror check workflow by update workflow

Remove the uv mirror check workflow file and add a new uv mirror update
workflow, which would still check the uv mirror file but will also
update it if the check fails.
---
 .github/workflows/uvmirror-check.yml  | 24 ----------
 .github/workflows/uvmirror-update.yml | 66 +++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 24 deletions(-)
 delete mode 100644 .github/workflows/uvmirror-check.yml
 create mode 100644 .github/workflows/uvmirror-update.yml

diff --git a/.github/workflows/uvmirror-check.yml b/.github/workflows/uvmirror-check.yml
deleted file mode 100644
index 62d29df..0000000
--- a/.github/workflows/uvmirror-check.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-name: Check uvmirror
-
-permissions:
-  contents: read
-
-on:
-  push:
-  workflow_dispatch:
-
-jobs:
-  check-uvmirror:
-    runs-on: ubuntu-24.04
-
-    steps:
-      - uses: actions/checkout@v6
-      - uses: opensafely-core/setup-action@v1
-        with:
-          install-just: true
-          install-uv: true
-          cache: uv
-
-      - name: Ensure requirements.uvmirror.txt is consistent with uv.lock
-        run: just uvmirror && git diff -s --exit-code
diff --git a/.github/workflows/uvmirror-update.yml b/.github/workflows/uvmirror-update.yml
new file mode 100644
index 0000000..d9533bc
--- /dev/null
+++ b/.github/workflows/uvmirror-update.yml
@@ -0,0 +1,66 @@
+---
+name: Update uvmirror file
+
+env:
+ BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  check-uvmirror:
+    runs-on: ubuntu-24.04
+    outputs:
+      changed: ${{ steps.check_for_changes.outputs.changed }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: opensafely-core/setup-action@93841f27c28c75bf85b1a0a915e2391a06c6c8a6 # v1
+        with:
+          install-just: true
+          install-uv: true
+          cache: uv
+
+      - name: Ensure requirements.uvmirror is consistent with uv.lock
+        run: just uvmirror
+
+      - id: check_for_changes
+        run: echo "changed=$(git diff -s --exit-code requirements.uvmirror || echo 1)" >> "$GITHUB_OUTPUT"
+
+  update_uvmirror:
+
+    needs: check-uvmirror
+    if: ${{ (github.actor != 'dependabot[bot]') && (needs.check-uvmirror.outputs.changed ) }}
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3
+        id: generate-token
+        with:
+          app-id: ${{ vars.CREATE_PR_APP_ID }}
+          private-key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
+
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+          token: ${{ steps.generate-token.outputs.token }}
+
+      - uses: opensafely-core/setup-action@93841f27c28c75bf85b1a0a915e2391a06c6c8a6 # v1
+        with:
+          install-just: true
+          install-uv: true
+          cache: uv
+
+      - name: Ensure requirements.uvmirror is consistent with uv.lock
+        run: just uvmirror
+
+      - name: Commit uvmirror changes
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+        run: |
+          git add requirements.uvmirror
+          git -c user.name="opensafely-github-bot" -c user.email=opensafely-github-bot@users.noreply.github.com commit -m "Update uvmirror file"
+          git push origin ${{ env.BRANCH_NAME }}