Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: 👷 Add an automatic poetry update workflow #1480

Merged
merged 3 commits into from
Aug 9, 2024

Conversation

Anselmoo
Copy link
Owner

@Anselmoo Anselmoo commented Aug 9, 2024

All PR-Submissions:


  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open
    Pull Requests for the same
    update/change?

New ✨✨ Feature-Submissions:


  • Does your submission pass tests?
  • Have you lint your code locally prior to submission? Fixed:
  • This PR is for a new feature, not a bug fix.

Changes to ⚙️ Core-Features:


  • Have you added an explanation of what your changes do and why you'd like
    us to include them?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully run tests with your changes locally?

Summary by Sourcery

Add a GitHub Actions workflow to automate the weekly update of Poetry dependencies, including creating a new branch, committing changes, and opening a pull request with auto-merge enabled.

CI:

  • Introduce a new GitHub Actions workflow to automatically update Poetry dependencies on a weekly basis.

@Anselmoo Anselmoo enabled auto-merge August 9, 2024 20:02
Copy link

Review changes with SemanticDiff.

Copy link
Contributor

sourcery-ai bot commented Aug 9, 2024

Reviewer's Guide by Sourcery

This pull request adds a new GitHub Actions workflow to automate the weekly update of Poetry dependencies. The workflow is scheduled to run every Sunday at midnight and includes steps to set up the environment, update dependencies, create a new branch, commit the changes, and create a pull request with auto-merge enabled.

File-Level Changes

Files Changes
.github/workflows/weekly-poetry-bot.yml Introduced a new GitHub Actions workflow to automate the weekly update of Poetry dependencies, including setting up the environment, updating dependencies, and creating a pull request with auto-merge enabled.

Tips
  • Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
  • Continue your discussion with Sourcery by replying directly to review comments.
  • You can change your review settings at any time by accessing your dashboard:
    • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
    • Change the review language;
  • You can always contact us if you have any questions or feedback.

@github-actions github-actions bot added the github-actions Pull requests that update Github_actions code label Aug 9, 2024
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Anselmoo - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider adding more robust testing steps after updating dependencies to ensure no functionality is broken.
  • The weekly update schedule might be too frequent. Consider a monthly schedule to reduce potential noise in the repository.
  • Removing the auto-merge feature would allow for human oversight before merging dependency updates, which could prevent potential issues.
Here's what I looked at during the review
  • 🟡 General issues: 3 issues found
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.

Comment on lines +20 to +23
- name: Install Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 -
export PATH="$HOME/.local/bin:$PATH"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): Consider using the official Poetry GitHub Action for installation

The current method of installing Poetry using curl piped to bash can be a security risk. Using the official GitHub Action for Poetry (like snok/install-poetry@v1) is more secure and easier to maintain.

Suggested change
- name: Install Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 -
export PATH="$HOME/.local/bin:$PATH"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: latest
virtualenvs-create: true
virtualenvs-in-project: true

Anselmoo and others added 2 commits August 9, 2024 22:10
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Copy link

sonarqubecloud bot commented Aug 9, 2024

Copy link

codecov bot commented Aug 9, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (1117613) to head (964f462).

Additional details and impacted files
@@            Coverage Diff            @@
##              main     #1480   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           44        44           
  Lines         4467      4467           
=========================================
  Hits          4467      4467           
Flag Coverage Δ
unittests 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@Anselmoo Anselmoo merged commit 6c9eb69 into main Aug 9, 2024
44 checks passed
@Anselmoo Anselmoo deleted the feature/automatic-poetry-bot branch August 9, 2024 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
github-actions Pull requests that update Github_actions code size/M
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant