name: Sync requirements for Python dependency PRs on: pull_request: types: [opened, synchronize] permissions: contents: write pull-requests: read jobs: sync-python-dep-requirements: if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} runs-on: ubuntu-slim steps: - name: Fetch Dependabot metadata id: dependabot-metadata uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 - name: Checkout source code if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }} uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false - name: Setup Python if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }} uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: 'pyproject.toml' - name: Install uv run: pip install uv==0.11.17 - name: Sync requirements if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }} run: ./scripts/uv-pip-compile.sh - name: Push changes to remote PRs if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'pip' }} run: | git config user.name 'github-actions[bot]' git config user.email '41898282+github-actions[bot]@users.noreply.github.com' git add requirements git diff --cached --quiet && exit 0 git commit --signoff "build(deps) sync pinned requirements for Dependabot pip PRs" git push origin "HEAD:refs/heads/${GITHUB_EVENT_PULL_REQUEST_HEAD_REF}" env: GITHUB_EVENT_PULL_REQUEST_HEAD_REF: ${{github.event.pull_request.head.ref}}