Dependency updates #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency updates | |
| on: | |
| schedule: | |
| - cron: "0 6 * * *" # daily 6am UTC | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| update: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up mise | |
| uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 | |
| with: | |
| cache: true | |
| experimental: true | |
| - name: Update matrix latest pins | |
| working-directory: py | |
| run: python3 scripts/update-matrix-latest.py | |
| - name: Upgrade lockfile | |
| working-directory: py | |
| run: uv lock --upgrade | |
| - name: Determine labels | |
| id: labels | |
| working-directory: py | |
| run: | | |
| python3 << 'PYEOF' >> "$GITHUB_OUTPUT" | |
| import subprocess, sys | |
| if sys.version_info >= (3, 11): | |
| import tomllib | |
| else: | |
| try: | |
| import tomllib | |
| except ModuleNotFoundError: | |
| import tomli as tomllib | |
| diff = subprocess.check_output(["git", "diff", "--", "pyproject.toml", "uv.lock"], text=True) | |
| if not diff: | |
| print("changed=false") | |
| raise SystemExit(0) | |
| # Read pyproject.toml to find provider SDK packages from the matrix table | |
| with open("pyproject.toml", "rb") as f: | |
| pyproject = tomllib.load(f) | |
| matrix = pyproject.get("tool", {}).get("braintrust", {}).get("matrix", {}) | |
| # Extract the base package name from provider-related matrix requirement strings. | |
| # Exclude pure test/infra pins that do not affect cassette coverage. | |
| provider_matrix = { | |
| key: versions | |
| for key, versions in matrix.items() | |
| if key not in {"pytest-matrix", "braintrust-core"} | |
| } | |
| provider_pkgs = set() | |
| for _prefix, versions in provider_matrix.items(): | |
| for req in versions.values(): | |
| # req looks like "openai==1.92.0" or "pydantic-ai==1.82.0" | |
| pkg = req.split("==")[0].split(">=")[0].split("<=")[0].strip() | |
| provider_pkgs.add(pkg) | |
| # Check if any provider package changed in the lockfile diff | |
| needs_rerecord = any(pkg in diff for pkg in provider_pkgs) | |
| print("changed=true") | |
| print(f"needs_rerecord={str(needs_rerecord).lower()}") | |
| PYEOF | |
| - name: Get date | |
| id: date | |
| run: echo "date=$(date +%Y-%m-%d)" >> "$GITHUB_OUTPUT" | |
| - name: Open PR | |
| if: steps.labels.outputs.changed == 'true' | |
| uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 | |
| with: | |
| title: "chore(deps): daily dependency update" | |
| body: | | |
| Automated daily dependency update via `python scripts/update-matrix-latest.py && uv lock --upgrade`. | |
| ${{ steps.labels.outputs.needs_rerecord == 'true' && '⚠️ **Provider SDK packages changed.** A human needs to re-record cassettes locally before merging.' || '✅ Only test infrastructure deps changed. Safe to merge if CI passes.' }} | |
| branch: deps/daily-update-${{ steps.date.outputs.date }} | |
| labels: | | |
| dependencies | |
| ${{ steps.labels.outputs.needs_rerecord == 'true' && 'needs-cassette-rerecord' || 'auto-merge-candidate' }} |