-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: 👷 Add an automatic poetry update workflow #1480
Conversation
Review changes with SemanticDiff. |
Reviewer's Guide by SourceryThis pull request adds a new GitHub Actions workflow to automate the weekly update of Poetry dependencies. The workflow is scheduled to run every Sunday at midnight and includes steps to set up the environment, update dependencies, create a new branch, commit the changes, and create a pull request with auto-merge enabled. File-Level Changes
Tips
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @Anselmoo - I've reviewed your changes - here's some feedback:
Overall Comments:
- Consider adding more robust testing steps after updating dependencies to ensure no functionality is broken.
- The weekly update schedule might be too frequent. Consider a monthly schedule to reduce potential noise in the repository.
- Removing the auto-merge feature would allow for human oversight before merging dependency updates, which could prevent potential issues.
Here's what I looked at during the review
- 🟡 General issues: 3 issues found
- 🟡 Security: 1 issue found
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.
- name: Install Poetry | ||
run: | | ||
curl -sSL https://install.python-poetry.org | python3 - | ||
export PATH="$HOME/.local/bin:$PATH" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 suggestion (security): Consider using the official Poetry GitHub Action for installation
The current method of installing Poetry using curl piped to bash can be a security risk. Using the official GitHub Action for Poetry (like snok/install-poetry@v1
) is more secure and easier to maintain.
- name: Install Poetry | |
run: | | |
curl -sSL https://install.python-poetry.org | python3 - | |
export PATH="$HOME/.local/bin:$PATH" | |
- name: Install Poetry | |
uses: snok/install-poetry@v1 | |
with: | |
version: latest | |
virtualenvs-create: true | |
virtualenvs-in-project: true |
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1480 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 44 44
Lines 4467 4467
=========================================
Hits 4467 4467
Flags with carried forward coverage won't be shown. Click here to find out more. |
All PR-Submissions:
Pull Requests for the same
update/change?
New ✨✨ Feature-Submissions:
Changes to ⚙️ Core-Features:
us to include them?
Summary by Sourcery
Add a GitHub Actions workflow to automate the weekly update of Poetry dependencies, including creating a new branch, committing changes, and opening a pull request with auto-merge enabled.
CI: