Fix dependabot alerts (#2767) #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This GitHub Actions workflow automatically updates the pinned versions | |
# in requirements.txt for all Python dependencies (including transitive dependencies) | |
# whenever setup.cfg is modified. | |
name: Update requirements.txt | |
on: | |
push: | |
branches: | |
- "main" | |
paths: | |
- "setup.cfg" | |
- '.github/workflows/update-requirements.yml' | |
jobs: | |
update-requirements: | |
name: Update requirements.txt | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ["3.10"] | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: pip | |
- name: Upgrade pip | |
run: pip install --upgrade pip setuptools | |
- name: Install PyTorch manually | |
# PyTorch has to be installed manually in a separate step with --no-cache-dir | |
# to avoid pip getting killed because PyTorch is too big | |
# See: https://stackoverflow.com/a/54329850 | |
run: pip install torch==2.1.2 torchvision==0.16.2 --index-url https://download.pytorch.org/whl/cu121 --no-cache-dir | |
- name: Upgrade dependencies for Dependabot alerts | |
run: pip install -e .[all,dev] onnx~=1.16 aiohttp>=3.9.4 aiohttp~=3.9 gunicorn~=22.0 scikit-learn~=1.5 urllib3~=1.26 urllib3>=1.26.19 requests~=2.32 Jinja2>=3.1.4 Jinja2~=3.1 aiohttp~=3.9 aiohttp>=3.9.4 idna~=3.7 | |
- name: Verify dependencies | |
run: pip check | |
- name: Write header to requirements.txt | |
run: echo '# This file is automatically generated by GitHub Actions and contains pinned versions for all transitive Python dependencies. Do not modify this file!' > requirements.txt | |
- name: Write dependencies to requirements.txt | |
# grep is used to exclude dependencies installed in editable mode | |
# and dependencies installed from outside PyPI. | |
# sed is used to loosen the version matches for PyTorch | |
# so that any CUDA version matches. | |
run: pip freeze | grep -v -E "( @ |^-e)" | sed -E 's/==([A-Za-z0-9.]+)\+[A-Za-z0-9.]+/~=\1/' >> requirements.txt | |
# Need to manually run tests here because the pull request opened later will not | |
# run the test workflow. | |
# | |
# From https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow | |
# | |
# ...events triggered by the GITHUB_TOKEN... will not create a new workflow run. | |
# This prevents you from accidentally creating recursive workflow runs. For example, | |
# if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow | |
# will not run even when the repository contains a workflow configured to run when | |
# push events occur. | |
- name: Run linter | |
run: ./pre-commit.sh | |
- name: Run tests | |
run: pytest | |
- name: Run helm-run | |
run: helm-run --suite test --run-entries simple1:model=simple/model1 --max-eval-instances 10 --exit-on-error | |
- name: Create pull request | |
uses: peter-evans/create-pull-request@v6 | |
with: | |
commit-message: Update requirements.txt | |
title: "Update requirements.txt" | |
branch: actions/update-requirements | |
delete-branch: true | |
body: Auto-generated from GitHub Actions. |