Skip to content
arrow-up-circle

GitHub Action

Python Lockfile Update

v2.0.0 Latest version

Python Lockfile Update

arrow-up-circle

Python Lockfile Update

This action uses pip-tools to update a project's lockfiles via a Pull Request

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Python Lockfile Update

uses: tedivm/action-python-lockfile-update@v2.0.0

Learn more about this action in tedivm/action-python-lockfile-update

Choose a version

Python Lockfile Update

This action uses pip-tools to automatically build and update the requirements.txt files for a Python project. It will create not only the core requirements.txt but also any extra dependencies and files that are specified.

The updates are be committed to a brand new branch and this action makes a Pull Request for review. This pull request will trigger all workflows associated with the repository- the action uses an optional deploy key to avoid the issue where commits made by Github Actions do not trigger workflows.

Examples

Specify Extras

The extras argument to the action is a space separated list of extras to build with. Specifying the string sqs dev would result in three files-

  • requirements.txt
  • requirements-dev.txt
  • requirements-sqs.txt

Permissions

Github Token

A Github Token is for two purposes-

  1. If a Deploy Key is not present then the Token is used to push the commit to Github.
  2. Regardless of whether a Deploy Key is present, the Token needs to be available to make the Pull Request.

This project does not need a Personal Access Token, and in fact strongly recommends against it.

Deploy Keys

Deploy Keys are optional but allow tests to be run in Pull Requests created by this action. If this action uses the normal Github token to push the code up then tests will not run on the Pull Request.

To get around this a Deploy Key can be created for the repository running the action. The key will need write access to push up the commits, at which point the normal testing workflows should run. Once created the key should be saved as Secret in the workflow and then passed to the deploy_key option for the action.

This action will still work without the deploy key, but will fall back to the Github Token. The PR will be created but automated tests against it will not run.

Arguments

Name Default Description
allow_prerelease If set to true this will allow prelease versions to be included.
branch_prefix pip-update A prefix used for generating branch names for the Pull Requests generated by this action.
commit_message Automated Requirements File Updates The commit message used when committing updates to git.
deploy_key A deploy key with write access to the repository. This is required if you wish the PR to trigger workflows, as commits made with the Github Token will not. It is recommended to use a repository locked deploy key.
github_username ${{ github.actor }} The username to use for commits from this action.
index_url A repository index to use rather than PyPI. This is useful if you are using a private registry.
pip_args Arguments to be passed through to PIP.
pip_extras A list, separated by spaces, of extra packages to install. For example dev arm to build lockfiles for dev and arm extras.
pr_body_text This Automated PR updates the requirements.txt files to the latest versions. As this is automated it should be reviewed for errors before merging. The Pull Request comment for Pull Requests opened by this action.
pr_title Automated Requirements File Updates The Pull Request title for pull requests opened by this action.
resolver backtracking The dependency resolver to use. Defaults to the new backtracking algorithm- set to legacy for old behavior.