From 93882e58a2a28c9153840ce274b26b2a43150489 Mon Sep 17 00:00:00 2001
From: Erik Skultety <eskultet@redhat.com>
Date: Mon, 25 Nov 2024 12:56:30 +0100
Subject: [PATCH] .github: pydantic

Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
 .github/dependabot.yml                    | 14 +------
 .github/workflows/dependabot-pydantic.yml | 50 +++++++++++++++++++++++
 2 files changed, 52 insertions(+), 12 deletions(-)
 create mode 100644 .github/workflows/dependabot-pydantic.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2a5d0a2bd..50015c775 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,20 +19,10 @@ updates:
     directory: "/"
     schedule:
       interval: "monthly"
+    ignore:
+      - dependency-name: "pydantic-core"
     groups:
       minor-and-patch:
         update-types:
           - "minor"
           - "patch"
-        exclude-patterns:
-          - "pydantic*"
-
-      # pydantic is a known violator of version updates where they don't release the core backend
-      # with the API library at the same time which holds up other legitimate updates, so group
-      # pydantic deps together
-      pydantic:
-        update-types:
-          - "minor"
-          - "patch"
-        patterns:
-          - "pydantic*"
diff --git a/.github/workflows/dependabot-pydantic.yml b/.github/workflows/dependabot-pydantic.yml
new file mode 100644
index 000000000..e98dad343
--- /dev/null
+++ b/.github/workflows/dependabot-pydantic.yml
@@ -0,0 +1,50 @@
+name: Run pip-compile whenever pydantic/pydantic core is updated by Dependabot
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+    paths:
+      - requirements.txt
+      - requirements-extras.txt
+  push:
+    branches:
+      - "dependabot/**"
+  workflow_dispatch:
+    inputs: {}
+
+jobs:
+  update-pydantic-core:
+    if: ${{ startsWith(github.event.pull_request.head.ref || github.ref, 'dependabot/') &&
+            contains(github.event.head_commit.message, 'pydantic') }}
+    runs-on: ubuntu-24.04
+    container:
+      image: python:3.9-alpine
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # Step 2: Install dependencies needed for pip-compile
+      - name: Install dependencies
+        run: |
+          apk update && apk add --no-cache git
+          pip install --upgrade pip
+          pip install pip-tools
+
+      # Step 4: Run pip-compile to update requirements.txt based on pyproject.toml
+      - name: Run pip-compile to update requirements.txt
+        run: |
+          pip-compile --generate-hashes --output-file=requirements.txt pyproject.toml
+
+      # Step 5: Commit and push updated requirements.txt to Dependabot's PR branch
+      - name: Commit and push updated requirements files
+        run: |
+          git config --global user.email "dependabot@users.noreply.github.com"
+          git config --global user.name "dependabot[bot]"
+          git add -u
+          git commit --amend --no-edit
+          git push --force