Skip to content

Weekly dependency upgrade #17

Weekly dependency upgrade

Weekly dependency upgrade #17

Workflow file for this run

name: Weekly dependency upgrade
on:
schedule:
- cron: '0 7 * * 1' # Monday 7am UTC
workflow_dispatch:
jobs:
upgrade:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Install uv
uses: astral-sh/setup-uv@d31148d669074a8d0a63714ba94f3201e7020bc3 # v8.3.0
- name: Upgrade all dependencies
run: uv lock --upgrade
- name: Open PR if lockfile changed
id: create-pr
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
with:
commit-message: "chore: uv lock --upgrade"
branch: chore/uv-upgrade
delete-branch: true
title: "chore: weekly dependency upgrade"
body: |
Automated weekly `uv lock --upgrade`. Auto-merges when CI
passes (branch protection catches any regression).
Check the Security tab after merging — Dependabot alerts for packages
bumped here will auto-close once the new versions land on main.
labels: dependencies
- name: Enable auto-merge on the PR
if: steps.create-pr.outputs.pull-request-number
run: gh pr merge --auto --squash "$PR_NUM"
env:
PR_NUM: ${{ steps.create-pr.outputs.pull-request-number }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}