CI: add lockfile update action to manually trigger for dependabot PRs (…

…#3647) I tested it [here](#3646) and it works if you do the dumb thing and trigger on push, but it seems to not run actions on unsigned commits by default. I'm hoping that if we trigger the action manually it'll inherit the clicker's permissions and re-run the action. In either case, I think whatever we adopt should supercede the cron job one as we want to never be out of sync between the pyproject and lockfile.
xdslproject · Dec 16, 2024 · a2505b3 · a2505b3
1 parent 91c2790
commit a2505b3
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 38 deletions.
diff --git a/.github/workflows/update-bot.yml b/.github/workflows/update-bot.yml
diff --git a/.github/workflows/update-lockfile-bot.yml b/.github/workflows/update-lockfile-bot.yml
@@ -0,0 +1,32 @@
+name: Update Lockfile Bot
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          enable-cache: true
+          cache-dependency-glob: "uv.lock"
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install the package locally and update lockfile
+        run: |
+          # Install all default extras.
+          XDSL_VERSION_OVERRIDE="0+dynamic" make venv
+
+      - uses: EndBug/add-and-commit@v9
+        with:
+          add: uv.lock