Files
cvat-ai--cvat/.github/workflows/update-python-requirements.yml
2026-07-13 13:32:23 +08:00

92 lines
3.2 KiB
YAML

name: Update Python requirements
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- "cvat/requirements/*.in"
- "utils/dataset_manifest/requirements.in"
permissions:
contents: read
pull-requests: read
jobs:
update:
# Only run on Dependabot branches from this repository. Regenerating
# requirements can execute package build code, so fork PRs must not run this
# workflow with access to the CVAT bot token.
if: >
github.event.pull_request.user.login == 'dependabot[bot]' &&
github.event.pull_request.head.repo.full_name == github.repository &&
startsWith(github.event.pull_request.head.ref, 'dependabot/pip/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
persist-credentials: false
- uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install --no-install-recommends -y \
cargo \
g++ \
gcc \
libhdf5-dev \
libldap2-dev \
libmp3lame-dev \
libsasl2-dev \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl \
make \
nasm \
pkg-config \
python3-dev
- name: Install pip-compile-multi
run: python -m pip install pip-compile-multi
- name: Regenerate Python requirements
run: cvat/requirements/regenerate.sh --no-upgrade
- name: Check generated requirements changes
id: changes
run: |
if git diff --quiet -- cvat/requirements/*.txt utils/dataset_manifest/requirements.txt; then
echo "No generated requirements changes"
echo "changed=false" >> "$GITHUB_OUTPUT"
else
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
# The default github.token does not trigger follow-up CI on push. Use the
# same app token as the release workflow so the updated Dependabot PR runs
# the normal validation pipeline.
- name: Generate authentication token
if: steps.changes.outputs.changed == 'true'
id: gen-token
uses: actions/create-github-app-token@v3
with:
client-id: "${{ secrets.CVAT_BOT_CLIENT_ID }}"
private-key: "${{ secrets.CVAT_BOT_PRIVATE_KEY }}"
- name: Commit regenerated requirements
if: steps.changes.outputs.changed == 'true'
env:
GH_TOKEN: "${{ steps.gen-token.outputs.token }}"
run: |
git config user.name "cvat-bot[bot]"
git config user.email "147643061+cvat-bot[bot]@users.noreply.github.com"
git add cvat/requirements/*.txt utils/dataset_manifest/requirements.txt
git commit -m "Regenerate Python requirements"
git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"
git push origin HEAD:${{ github.event.pull_request.head.ref }}