pip-tools will survive us all

Author: hynek

.github/workflows/update-dependencies.yml

@@ -0,0 +1,63 @@
+name: Update dependencies
+
+# Stolen from https://www.oddbird.net/2022/06/01/dependabot-single-pull-request/
+
+on:
+  workflow_dispatch: # Allow running on-demand
+  schedule:
+    # Runs every 1st of Month at 3:25 UTC
+    - cron: "25 3 1 * *"
+
+jobs:
+  upgrade:
+    name: Upgrade & Open Pull Request
+    runs-on: ubuntu-latest
+    env:
+      # This branch will receive updates each time the workflow runs
+      # It doesn't matter if it's deleted when merged, it'll be re-created
+      BRANCH_NAME: auto-dependency-upgrades
+    steps:
+      - uses: actions/checkout@v3
+
+      # START PYTHON DEPENDENCIES
+      - uses: actions/setup-python@v3
+        with:
+          python-version: "3.10"
+          cache: pip
+          cache-dependency-path: "**/pip-tools.txt"
+
+      - name: Upgrade Python dependencies
+        # ADD YOUR CUSTOM DEPENDENCY UPGRADE COMMANDS BELOW
+        run: |
+          pip install -U pip pip-tools
+          pip-compile --upgrade -o requirements/tools.txt requirements/tools.in
+      # END PYTHON DEPENDENCIES
+      - name: Detect changes
+        id: changes
+        run:
+          # This output boolean tells us if the dependencies have actually changed
+          echo "count=$(git status --porcelain=v1 2>/dev/null | wc -l)" >>$GITHUB_OUTPUT
+      - name: Commit & push changes
+        # Only push if changes exist
+        if: steps.changes.outputs.count > 0
+        run: |
+          git config user.name github-actions
+          git config user.email [email protected]
+          git add .
+          git commit -m "Automated dependency upgrades"
+          git push -f origin ${{ github.ref_name }}:${{ env.BRANCH_NAME }}
+      - name: Open pull request if needed
+        if: steps.changes.outputs.count > 0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # Only open a PR if the branch is not attached to an existing one
+        run: |
+          PR=$(gh pr list --head ${{ env.BRANCH_NAME }} --json number -q '.[0].number')
+          if [ -z $PR ]; then
+            gh pr create \
+            --head ${{ env.BRANCH_NAME }} \
+            --title "Automated dependency upgrades" \
+            --body "Full log: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          else
+            echo "Pull request already exists, won't create a new one."
+          fi

.gitignore

@@ -1,3 +0,0 @@
-__pypackages__
-build_and_inspect_python_package.egg-info
-.pdm-python

Justfile

@@ -0,0 +1,2 @@
+pip-tools
+wheel

pdm.lock

@@ -0,0 +1,24 @@
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    pip-compile --no-emit-index-url --output-file=requirements/pip-tools.txt requirements/pip-tools.in
+#
+build==1.0.3
+    # via pip-tools
+click==8.1.7
+    # via pip-tools
+packaging==23.2
+    # via build
+pip-tools==7.3.0
+    # via -r requirements/pip-tools.in
+pyproject-hooks==1.0.0
+    # via build
+wheel==0.41.2
+    # via
+    #   -r requirements/pip-tools.in
+    #   pip-tools
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
+# setuptools

pyproject.toml

@@ -0,0 +1,4 @@
+build
+check-wheel-contents
+twine
+wheel