Skip to content

bennettoxford/update-dependencies-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github/workflows
.github/workflows
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

OpenSAFELY Update Dependencies Action

This repo provides a GitHub Action for ensuring that dependencies are kept up to date.

It is written as a "composite run steps" action.

Usage

You can invoke this action from a Github workflow file (e.g. .github/workflows/dependencies.yaml):

name: Update python dependencies

on:
  workflow_dispatch:
  schedule:
    - cron:  "0 23 * * *"
env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
  update-dependencies:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: "opensafely-core/setup-action@v1"
      with:
        python-version: "3.11"
        install-just: true
    - uses: bennettoxford/update-dependencies-action@v1
      with:
        update_command: "just update-dependencies"

Action inputs

Name Description Required Default
update_command Command to update the dependencies yes just update-dependencies
on_changes_command A command to run if changes are detected no None
token The token that the action will use to create and update the pull request no GITHUB_TOKEN
commit_message Commit message if changes found no "chore: update-dependencies"
pr_title Pull request title no "Update dependencies"
automerge Enable automerge on PRs created with the action no true

Workflows triggered by pull requests

Pull requests created by actions using the default GITHUB_TOKEN cannot trigger other workflows.

Workarounds

  1. Use an on_changes_command

This can run tests, checks etc that would usually run when a PR is opened, to ensure that the PR is only opened if the checks pass. The PR itself will still not trigger the checks.

  1. Use an alternative token

Alternatively, you can pass a token that is allowed to create further workflows and pass it as the token input to this action.

For example, to create and use a GitHub App token:

  update-dependencies:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: "opensafely-core/setup-action@v1"
      with:
        python-version: "3.11"
        install-just: true 
    
    - uses: actions/create-github-app-token@v1
      id: generate-token
      with:
        app-id: <GitHub APP ID>
        private-key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}

    - uses: bennettoxford/update-dependencies-action@v1
      with:
        token: ${{ steps.generate-token.outputs.token }}

<GitHub APP ID> and secrets.CREATE_PR_APP_PRIVATE_KEY are the app ID and private token for an installed GitHub App that has the following repository permissions:

  • content: read and write
  • pull-requests: read and write

See the create-pull-request docs for other options.

Releasing a new version

Existing workflow files reference this repo using the v1 tag. If you make backwards compatible changes to this repo you'll need to update the v1 tag:

make tag-release

Breaking changes should use a new version tag so that tests for existing repos continue to pass.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages