From 392697a01c058033014179877804ce1d64d59962 Mon Sep 17 00:00:00 2001 From: eavanvalkenburg Date: Mon, 22 Jun 2026 17:25:28 +0200 Subject: [PATCH] Python: track dependency maintenance PR creation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../python-dependency-maintenance.yml | 144 +++++++++++++----- 1 file changed, 105 insertions(+), 39 deletions(-) diff --git a/.github/workflows/python-dependency-maintenance.yml b/.github/workflows/python-dependency-maintenance.yml index 6aab41b13f..81aef256e7 100644 --- a/.github/workflows/python-dependency-maintenance.yml +++ b/.github/workflows/python-dependency-maintenance.yml @@ -8,7 +8,6 @@ on: permissions: contents: write issues: write - pull-requests: write concurrency: group: python-dependency-maintenance @@ -320,46 +319,113 @@ jobs: git push --force-with-lease --set-upstream origin "${BRANCH}" echo "has_changes=true" >> "$GITHUB_OUTPUT" - - name: Create or update pull request with GitHub CLI + - name: Create or update dependency maintenance tracking issue if: steps.commit_updates.outputs.has_changes == 'true' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - BRANCH="automation/python-dependency-maintenance" - PR_TITLE="Python: chore: update dependencies" - PR_BODY_FILE="$(mktemp)" - - cat > "${PR_BODY_FILE}" <<'EOF' - ### Motivation & Context - - This automated update keeps Python dependency metadata coherent across the uv workspace. Python dependencies can be declared in multiple `pyproject.toml` files, but the workspace has one shared `python/uv.lock`, so dependency maintenance should update and validate them together instead of through per-manifest Dependabot PRs. - - ### Description & Review Guide - - - **What are the major changes?** Refresh Python dev dependency pins, update package dependency ranges when the bounds tooling succeeds, and refresh `python/uv.lock`. - - **What is the impact of these changes?** Keeps the Python workspace dependency set current while producing at most one dependency PR for the week. If dependency range validation fails, this PR contains only the dev dependency updates that still pass final validation, and separate issues track failed range candidates. - - **What do you want reviewers to focus on?** Review the generated dependency metadata changes and any dependency-range updates for package-specific compatibility concerns. - - - - ### Related Issue + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const branch = "automation/python-dependency-maintenance" + const prTitle = "Python: chore: update dependencies" + const issueTitle = "Python dependency maintenance PR needed" + const owner = context.repo.owner + const repo = context.repo.repo - No linked issue; this PR is generated by scheduled Python dependency maintenance. + const branchRef = await github.rest.git.getRef({ + owner, + repo, + ref: `heads/${branch}`, + }) + const branchSha = branchRef.data.object.sha + const runUrl = `${context.serverUrl}/${owner}/${repo}/actions/runs/${context.runId}` + const compareUrl = `${context.serverUrl}/${owner}/${repo}/compare/main...${branch}` - ### Contribution Checklist + const prBody = [ + "### Motivation & Context", + "", + "This automated update keeps Python dependency metadata coherent across the uv workspace. Python dependencies can be declared in multiple `pyproject.toml` files, but the workspace has one shared `python/uv.lock`, so dependency maintenance should update and validate them together instead of through per-manifest Dependabot PRs.", + "", + "### Description & Review Guide", + "", + "- **What are the major changes?** Refresh Python dev dependency pins, update package dependency ranges when the bounds tooling succeeds, and refresh `python/uv.lock`.", + "- **What is the impact of these changes?** Keeps the Python workspace dependency set current while producing at most one dependency PR for the week. If dependency range validation fails, this PR contains only the dev dependency updates that still pass final validation, and separate issues track failed range candidates.", + "- **What do you want reviewers to focus on?** Review the generated dependency metadata changes and any dependency-range updates for package-specific compatibility concerns.", + '", + "", + "", + "### Related Issue", + "", + "No linked issue; this PR is generated by scheduled Python dependency maintenance.", + "", + "### Contribution Checklist", + "", + "- [x] The code builds clean without any errors or warnings", + "- [x] All unit tests pass, and I have added new tests where possible", + "- [x] The PR follows the [Contribution Guidelines](https://github.com/microsoft/agent-framework/blob/main/CONTRIBUTING.md)", + "- [ ] This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above).", + '- [x] **This is not a breaking change.** If it _is_ a breaking change, add the `breaking change` label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically.', + ].join("\n") + + const prBodyFence = "```" + const command = [ + "PR_BODY_FILE=\"$(mktemp)\"", + `cat > "$PR_BODY_FILE" <<'EOF'`, + prBody, + "EOF", + "gh pr create --repo microsoft/agent-framework --base main \\", + ` --head ${owner}:${branch} \\`, + ` --title "${prTitle}" \\`, + " --body-file \"$PR_BODY_FILE\"", + ].join("\n") + + const issueBody = [ + "The Python dependency maintenance workflow generated and validated dependency updates, then pushed them to the automation branch.", + "", + `- Branch: \`${branch}\``, + `- Commit: \`${branchSha}\``, + `- Compare: ${compareUrl}`, + `- Workflow run: ${runUrl}`, + "", + "GitHub Actions is not permitted to create pull requests in this repository, so a maintainer needs to create the PR manually.", + "", + "### Create the PR", + "", + "```bash", + command, + "```", + "", + "### Generated PR body", + "", + prBodyFence, + prBody, + prBodyFence, + ].join("\n") - - [x] The code builds clean without any errors or warnings - - [x] All unit tests pass, and I have added new tests where possible - - [x] The PR follows the [Contribution Guidelines](https://github.com/microsoft/agent-framework/blob/main/CONTRIBUTING.md) - - [ ] This PR is linked to an issue and there is no other open PR for this issue (see Related Issue above). - - [x] **This is not a breaking change.** If it _is_ a breaking change, add the `breaking change` label (or add "[BREAKING]" to the title prefix, before or after any language prefix) — a workflow keeps the label and title prefix in sync automatically. - EOF + const openIssues = await github.paginate(github.rest.issues.listForRepo, { + owner, + repo, + state: "open", + per_page: 100, + }) + const existingIssue = openIssues.find((issue) => !issue.pull_request && issue.title === issueTitle) - PR_NUMBER="$(gh pr list --head "${BRANCH}" --base main --state open --json number --jq '.[0].number')" - if [ -n "${PR_NUMBER}" ]; then - gh pr edit "${PR_NUMBER}" --title "${PR_TITLE}" --body-file "${PR_BODY_FILE}" - else - gh pr create --base main --head "${BRANCH}" --title "${PR_TITLE}" --body-file "${PR_BODY_FILE}" - fi + if (existingIssue) { + await github.rest.issues.update({ + owner, + repo, + issue_number: existingIssue.number, + title: issueTitle, + body: issueBody, + }) + core.info(`Updated issue #${existingIssue.number}: ${issueTitle}`) + } else { + const createdIssue = await github.rest.issues.create({ + owner, + repo, + title: issueTitle, + body: issueBody, + }) + core.info(`Created issue #${createdIssue.data.number}: ${issueTitle}`) + }