Merge pull request #1586 from atsign-foundation/cpswan-automate-requi…

…rements.txt build(deps): automate requirements.txt
atsign-foundation · Oct 2, 2023 · 514f6eb · 514f6eb
2 parents a59d664 + 05c0cd6
commit 514f6eb
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 233 deletions.
diff --git a/.github/workflows/update_python_requirements.yml b/.github/workflows/update_python_requirements.yml
@@ -0,0 +1,51 @@
+name: Bump requirements.txt
+on:
+  pull_request:
+    paths:
+      - 'tools/pyproject.toml'
+  workflow_dispatch:
+
+permissions:
+  pull-requests: write
+
+jobs:
+  bump_requirements:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout this repo
+      if: ${{ github.actor == 'dependabot[bot]' }}
+      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.ref }}
+        token: ${{ secrets.MY_GITHUB_TOKEN }}
+
+    - name: Set up Python
+      if: ${{ github.actor == 'dependabot[bot]' }}
+      uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0
+      with:
+          python-version: '3.11'
+
+    - name: Install Poetry
+      if: ${{ github.actor == 'dependabot[bot]' }}
+      uses: abatilo/actions-poetry@192395c0d10c082a7c62294ab5d9a9de40e48974 # v2.3.0
+      with:
+        poetry-version: '1.6.1'
+
+    - name: Bump Python dependencies
+      if: ${{ github.actor == 'dependabot[bot]' }}
+      run: |
+        cd tools
+        poetry update
+        poetry export --format requirements.txt --output requirements.txt
+        git config --global user.name 'dependabot[bot]'
+        git config --global user.email 'dependabot[bot]@users.noreply.github.com'
+        git add requirements.txt
+        if [ -z "$(git status --porcelain)" ]; then 
+          echo 'No changes to commit on this run'
+          exit 0
+        else
+          git commit -m "build(deps): Bump requirements.txt"
+          git push
+        fi
diff --git a/.gitignore b/.gitignore
@@ -31,3 +31,10 @@ doc/api/
 */certs/*
 .vscode/
 storage
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+poetry.lock