name: Update PDM dependencies on: workflow_call: inputs: pdm_args: description: Arguments to pass to pdm type: string default: '' workflow_dispatch: inputs: pdm_args: description: Arguments to pass to pdm lock type: string default: '' schedule: - cron: '0 8 * * 3' # every Wednesday at 08:00 UTC permissions: {} # Minimal top-level for OSSF Scorecard Token-Permissions jobs: update: name: 👛 Update with PDM runs-on: ubuntu-latest permissions: contents: write # Required for creating PRs pull-requests: write # Required for creating PRs steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - name: 📰 Checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: main - name: 📦 Setup PDM uses: pdm-project/setup-pdm@973541a5febeafcfdadf8a51211435be6ecfd90f # v4.5 with: # Pin to the floor of `requires-python` in pyproject.toml. # Resolving on the lowest supported interpreter guarantees the # chosen package versions are installable across the whole # supported range. Resolving on a newer interpreter (e.g. 3.x) # can pick packages that dropped support for the floor, producing # a lockfile that fails `pdm lock --check` downstream (see #3480). python-version: '3.12' cache: true - name: 👚 Update to latest compatible versions env: PDM_ARGS: ${{ inputs.pdm_args || '' }} run: | # Intentional word splitting for PDM args # shellcheck disable=SC2086 pdm lock $PDM_ARGS - name: 📝 Create pull request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: branch: update-dependencies-${{ github.run_number }} title: 🤖 Update dependencies body: | This PR updates dependencies to their latest compatible versions. This PR was created by the PDM Update Bot. sign-commits: true add-paths: pdm.lock commit-message: 🤖 Update dependencies labels: maintenance draft: false base: main reviewers: djpetti,HashedViking,LearningCircuit