GitHub Action
Python Lockfile Update
This action uses pip-tools
to automatically build and update the requirements.txt
files for a Python project. It will create not only the core requirements.txt
but also any extra
dependencies and files that are specified.
The updates are be committed to a brand new branch and this action makes a Pull Request for review. This pull request will trigger all workflows associated with the repository- the action uses an optional deploy key to avoid the issue where commits made by Github Actions do not trigger workflows.
The extras
argument to the action is a space separated list of extras to build with. Specifying the string sqs dev
would result in three files-
- requirements.txt
- requirements-dev.txt
- requirements-sqs.txt
A Github Token is for two purposes-
- If a Deploy Key is not present then the Token is used to push the commit to Github.
- Regardless of whether a Deploy Key is present, the Token needs to be available to make the Pull Request.
This project does not need a Personal Access Token, and in fact strongly recommends against it.
Deploy Keys are optional but allow tests to be run in Pull Requests created by this action. If this action uses the normal Github token to push the code up then tests will not run on the Pull Request.
To get around this a Deploy Key can be created for the repository running the action. The key will need write access to push up the commits, at which point the normal testing workflows should run. Once created the key should be saved as Secret in the workflow and then passed to the deploy_key
option for the action.
This action will still work without the deploy key, but will fall back to the Github Token. The PR will be created but automated tests against it will not run.
Name | Default | Description |
---|---|---|
allow_prerelease | If set to true this will allow prelease versions to be included. |
|
branch_prefix | pip-update | A prefix used for generating branch names for the Pull Requests generated by this action. |
commit_message | Automated Requirements File Updates | The commit message used when committing updates to git. |
deploy_key | A deploy key with write access to the repository. This is required if you wish the PR to trigger workflows, as commits made with the Github Token will not. It is recommended to use a repository locked deploy key. | |
github_username | ${{ github.actor }} | The username to use for commits from this action. |
index_url | A repository index to use rather than PyPI. This is useful if you are using a private registry. | |
pip_args | Arguments to be passed through to PIP. | |
pip_extras | A list, separated by spaces, of extra packages to install. For example dev arm to build lockfiles for dev and arm extras. |
|
pr_body_text | This Automated PR updates the requirements.txt files to the latest versions. As this is automated it should be reviewed for errors before merging. | The Pull Request comment for Pull Requests opened by this action. |
pr_title | Automated Requirements File Updates | The Pull Request title for pull requests opened by this action. |
resolver | backtracking | The dependency resolver to use. Defaults to the new backtracking algorithm- set to legacy for old behavior. |