Skip to content

Commit 08d0846

Browse files
committed
ci(deps): run dependency updates weekly
1 parent b945b48 commit 08d0846

5 files changed

Lines changed: 12 additions & 12 deletions

File tree

.agents/skills/sdk-dependency-updates/SKILL.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
---
22
name: sdk-dependency-updates
3-
description: "Review and refresh Braintrust Python SDK dependency update PRs, especially automated `chore(deps): daily dependency update` PRs. Use when Codex needs to inspect `py/pyproject.toml` and `py/uv.lock`, reproduce the workflow's label decision, decide whether provider `latest` cassettes need re-recording, run the exact nox sessions, and validate playback before merge."
3+
description: "Review and refresh Braintrust Python SDK dependency update PRs, especially automated `chore(deps): weekly dependency update` PRs. Use when Codex needs to inspect `py/pyproject.toml` and `py/uv.lock`, reproduce the workflow's label decision, decide whether provider `latest` cassettes need re-recording, run the exact nox sessions, and validate playback before merge."
44
---
55

66
# SDK Dependency Updates
77

8-
Use this skill for dependency bump PRs in this repo, especially the daily automation from `.github/workflows/dependency-updates.yml`.
8+
Use this skill for dependency bump PRs in this repo, especially the weekly automation from `.github/workflows/dependency-updates.yml`.
99

1010
Keep the work narrow. These PRs should usually stay limited to:
1111

.github/workflows/dependency-updates.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name: Dependency updates
22
on:
33
schedule:
4-
- cron: "0 6 * * 1-5" # weekdays 6am UTC
4+
- cron: "0 6 * * 1" # Mondays 6am UTC
55
workflow_dispatch:
66

77
permissions:
@@ -36,16 +36,16 @@ jobs:
3636
id: date
3737
run: echo "date=$(date +%Y-%m-%d)" >> "$GITHUB_OUTPUT"
3838

39-
- name: Close stale daily dependency update PRs
39+
- name: Close stale weekly dependency update PRs
4040
if: steps.labels.outputs.changed == 'true'
4141
env:
4242
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
43-
CURRENT_BRANCH: deps/daily-update-${{ steps.date.outputs.date }}
43+
CURRENT_BRANCH: deps/weekly-update-${{ steps.date.outputs.date }}
4444
run: |
4545
gh pr list \
4646
--state open \
4747
--json number,title,headRefName \
48-
--jq ".[] | select(.title == \"chore(deps): daily dependency update\") | select(.headRefName != \"$CURRENT_BRANCH\") | .number" \
48+
--jq ".[] | select(.title == \"chore(deps): weekly dependency update\") | select(.headRefName != \"$CURRENT_BRANCH\") | .number" \
4949
| while read -r pr; do
5050
echo "Closing stale dependency update PR #$pr"
5151
gh pr close "$pr" --comment "Superseded by a newer automated dependency update." --delete-branch
@@ -55,12 +55,12 @@ jobs:
5555
if: steps.labels.outputs.changed == 'true'
5656
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
5757
with:
58-
title: "chore(deps): daily dependency update"
58+
title: "chore(deps): weekly dependency update"
5959
body: |
60-
Automated daily dependency update via `python scripts/update-matrix-latest.py && uv lock --upgrade`.
60+
Automated weekly dependency update via `python scripts/update-matrix-latest.py && uv lock --upgrade`.
6161
6262
${{ steps.labels.outputs.needs_rerecord == 'true' && '⚠️ **Provider SDK packages changed.** A human needs to re-record cassettes locally before merging.' || '✅ Only test infrastructure deps changed. Safe to merge if CI passes.' }}
63-
branch: deps/daily-update-${{ steps.date.outputs.date }}
63+
branch: deps/weekly-update-${{ steps.date.outputs.date }}
6464
labels: |
6565
dependencies
6666
${{ steps.labels.outputs.needs_rerecord == 'true' && 'needs-cassette-rerecord' || 'auto-merge-candidate' }}

AGENTS.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -297,7 +297,7 @@ All nox session dependency pins are centralized in `py/pyproject.toml`:
297297

298298
The `LATEST` sentinel in the noxfile maps to the `latest` key in the matrix table — it is no longer a floating install.
299299

300-
A daily GitHub Actions workflow (`.github/workflows/dependency-updates.yml`) runs `uv lock --upgrade`, classifies changes by reading group names from `pyproject.toml`, and opens a PR labeled `needs-cassette-rerecord` (provider SDK bumps) or `auto-merge-candidate` (infra-only bumps).
300+
A weekly GitHub Actions workflow (`.github/workflows/dependency-updates.yml`) runs `uv lock --upgrade`, classifies changes by reading group names from `pyproject.toml`, and opens a PR labeled `needs-cassette-rerecord` (provider SDK bumps) or `auto-merge-candidate` (infra-only bumps).
301301

302302
## Editing Guidelines
303303

py/pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -278,7 +278,7 @@ conflicts = [
278278
#
279279
# Each key is a provider prefix. The value is a dict mapping human-readable
280280
# version tags to the pip requirement string. "latest" is pinned to an
281-
# explicit version and bumped by the daily dependency-update workflow.
281+
# explicit version and bumped by the weekly dependency-update workflow.
282282
# ---------------------------------------------------------------------------
283283

284284
[tool.braintrust.matrix]

py/scripts/determine-dependency-update-labels.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/usr/bin/env python3
2-
"""Determine GitHub Actions outputs for the daily dependency update workflow.
2+
"""Determine GitHub Actions outputs for the weekly dependency update workflow.
33
44
Inspects the working-tree diff of ``py/pyproject.toml`` and ``py/uv.lock`` to
55
decide whether anything changed and, if so, whether any provider SDK pins

0 commit comments

Comments
 (0)