From 8f3e71b0d701bab22f7ddd0f0187016e318dc402 Mon Sep 17 00:00:00 2001 From: Alex Baker Date: Wed, 1 Jul 2026 15:29:07 -0400 Subject: [PATCH 1/2] ci(deps): automate dependency updates --- .github/dependabot.yml | 42 ++++++++++++++++++++++++++++++ .github/workflows/pypi-publish.yml | 14 +++++----- .github/workflows/test.yml | 21 +++++++++------ 3 files changed, 62 insertions(+), 15 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3c1c914 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,42 @@ +version: 2 + +updates: + - package-ecosystem: "uv" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "America/New_York" + versioning-strategy: "lockfile-only" + cooldown: + default-days: 7 + groups: + python-minor-and-patch: + patterns: + - "*" + update-types: + - "minor" + - "patch" + commit-message: + prefix: "chore(deps)" + prefix-development: "chore(deps-dev)" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "America/New_York" + cooldown: + default-days: 7 + groups: + actions-minor-and-patch: + patterns: + - "*" + update-types: + - "minor" + - "patch" + commit-message: + prefix: "chore(ci)" diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 2429254..07b9729 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -11,18 +11,18 @@ jobs: outputs: new_release: ${{ steps.check_release.outputs.new_release }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 with: fetch-depth: 0 # Shallow clones should be disabled for semantic-release to function correctly - name: Install UV - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@v8 with: enable-cache: true python-version: "3.13" - name: Install deps - run: uv sync --dev + run: uv sync --locked --all-groups - name: Check if a new release is needed id: check_release @@ -47,18 +47,18 @@ jobs: pull-requests: write # Required for semantic-release to comment on PRs in release id-token: write # Required for trusted publishing steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 with: fetch-depth: 0 # Shallow clones should be disabled for semantic-release to function correctly - name: Install UV - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@v8 with: enable-cache: true python-version: "3.13" - name: Install deps - run: uv sync --dev + run: uv sync --locked --all-groups - name: Build next version run: uv run semantic-release -v version --no-changelog --no-commit --no-tag @@ -80,4 +80,4 @@ jobs: run: uv run semantic-release -v publish - name: Publish to PyPI - run: uv publish \ No newline at end of file + run: uv publish diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8435761..628b183 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,16 +14,19 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - name: Install UV - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@v8 with: enable-cache: true python-version: "3.13" + - name: Install dependencies + run: uv sync --locked --all-groups + - name: Run Linters - run: uv tool run tox -e lint + run: uv run --locked tox -e lint test: runs-on: ubuntu-latest @@ -31,16 +34,18 @@ jobs: matrix: python-version: - "3.9" - - "3.13" + - "3.14" steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v7 - name: Install UV - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@v8 with: enable-cache: true python-version: ${{ matrix.python-version }} - - name: Run Tests - run: uv tool run tox -e test + - name: Install dependencies + run: uv sync --locked --all-groups + - name: Run Tests + run: uv run --locked tox -e test From de108139475bf4b865c5d69cec68b31e47df23ab Mon Sep 17 00:00:00 2001 From: Alex Baker Date: Wed, 1 Jul 2026 15:30:57 -0400 Subject: [PATCH 2/2] ci: pin setup-uv v8.2.0 --- .github/workflows/pypi-publish.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 07b9729..1bc8427 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -16,7 +16,7 @@ jobs: fetch-depth: 0 # Shallow clones should be disabled for semantic-release to function correctly - name: Install UV - uses: astral-sh/setup-uv@v8 + uses: astral-sh/setup-uv@v8.2.0 with: enable-cache: true python-version: "3.13" @@ -52,7 +52,7 @@ jobs: fetch-depth: 0 # Shallow clones should be disabled for semantic-release to function correctly - name: Install UV - uses: astral-sh/setup-uv@v8 + uses: astral-sh/setup-uv@v8.2.0 with: enable-cache: true python-version: "3.13" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 628b183..0babcfe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v7 - name: Install UV - uses: astral-sh/setup-uv@v8 + uses: astral-sh/setup-uv@v8.2.0 with: enable-cache: true python-version: "3.13" @@ -39,7 +39,7 @@ jobs: - uses: actions/checkout@v7 - name: Install UV - uses: astral-sh/setup-uv@v8 + uses: astral-sh/setup-uv@v8.2.0 with: enable-cache: true python-version: ${{ matrix.python-version }}