chore: add dependency update workflow and fix urllib3 version
This commit is contained in:
ajaysi
88
.github/workflows/dependency-updates.yml
vendored
Normal file
88
.github/workflows/dependency-updates.yml
vendored
Normal file
@@ -0,0 +1,88 @@
|
|||||||
|
name: Dependency Updates
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * 0' # Weekly on Sunday
|
||||||
|
workflow_dispatch: # Manual trigger
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
# Python dependency updates
|
||||||
|
update-python:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.event_name == 'workflow_dispatch'
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Set up Python
|
||||||
|
uses: actions/setup-python@v5
|
||||||
|
with:
|
||||||
|
python-version: "3.11"
|
||||||
|
|
||||||
|
- name: Install pip-tools
|
||||||
|
run: pip install pip-tools
|
||||||
|
|
||||||
|
- name: Check outdated packages
|
||||||
|
run: |
|
||||||
|
pip list --outdated --format=freeze | head -20
|
||||||
|
|
||||||
|
- name: Create pull request for updates
|
||||||
|
uses: python-semantic-release/pypi-publish@v1
|
||||||
|
with:
|
||||||
|
command: pip-compile
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
- name: Create Dependabot PR
|
||||||
|
uses: dependabot/fetch-metadata@v2
|
||||||
|
with:
|
||||||
|
package-ecosystem: "pip"
|
||||||
|
directory: "/backend"
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
# Node.js dependency updates
|
||||||
|
update-node:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
if: github.event_name == 'workflow_dispatch'
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Setup Node
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: '20'
|
||||||
|
cache: 'npm'
|
||||||
|
cache-dependency-path: frontend/package-lock.json
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: cd frontend && npm ci
|
||||||
|
|
||||||
|
- name: Check outdated
|
||||||
|
run: cd frontend && npm outdated --depth=0
|
||||||
|
|
||||||
|
- name: Create PR for npm updates
|
||||||
|
uses: actions/github-script@v7
|
||||||
|
with:
|
||||||
|
script: |
|
||||||
|
// This would create a PR with npm updates
|
||||||
|
console.log("Run 'npm update' to update packages")
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
# Security alerts summary
|
||||||
|
security-summary:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Run security audit on Python
|
||||||
|
uses: snyk/actions@master
|
||||||
|
env:
|
||||||
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||||
|
with:
|
||||||
|
args: --file=backend/requirements.txt --json | jq -r '.vulnerabilities[] | "- \(.title): \(..severity)"' || echo "No vulnerabilities found"
|
||||||
|
|
||||||
|
- name: Run security audit on Node
|
||||||
|
run: |
|
||||||
|
cd frontend && npm audit --json > audit.json 2>/dev/null || true
|
||||||
|
continue-on-error: true
|
||||||
@@ -39,10 +39,10 @@ google-auth-oauthlib>=1.0.0
|
|||||||
|
|
||||||
# Web scraping and content processing
|
# Web scraping and content processing
|
||||||
beautifulsoup4>=4.12.0
|
beautifulsoup4>=4.12.0
|
||||||
requests>=2.31.0
|
requests>=2.32.0
|
||||||
urllib3<2.0.0
|
urllib3>=2.0.0
|
||||||
chardet>=5.0.0
|
chardet>=5.2.0
|
||||||
charset-normalizer<3.0.0
|
charset-normalizer>=3.3.0
|
||||||
lxml>=4.9.0
|
lxml>=4.9.0
|
||||||
html5lib>=1.1
|
html5lib>=1.1
|
||||||
aiohttp>=3.9.0
|
aiohttp>=3.9.0
|
||||||
|
|||||||
Reference in New Issue
Block a user