You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: action.yaml
+28-15Lines changed: 28 additions & 15 deletions
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,6 @@
2
2
name: "Update SPEC 0 dependencies"
3
3
description: "Update the lower bounds of Python dependencies covered by the Scientific Python SPEC 0 support schedule"
4
4
author: Scientific Python Developers
5
-
6
5
inputs:
7
6
target_branch:
8
7
description: "Target branch for the pull request"
@@ -15,7 +14,7 @@ inputs:
15
14
create_pr:
16
15
description: "Whether the action should open a PR or not. Set to false for dry-run/testing."
17
16
required: true
18
-
default: true
17
+
default: "true"
19
18
commit_msg:
20
19
description: "Commit message for the commit to update the versions. by default 'Drop support for unsupported packages conform SPEC 0'. has no effect if `create_pr` is set to false"
21
20
required: false
@@ -25,39 +24,53 @@ inputs:
25
24
required: false
26
25
default: "chore: Drop support for unsupported packages conform SPEC 0"
27
26
schedule_path:
28
-
description: "Path to the schedule.json file relative to the project root. If missing, it will be downloaded from the latest release of savente93/SPEC0-schedule"
29
-
default: "schedule.json"
27
+
description: "Path to the schedule.json file relative to the project root. If not provided, the schedule bundled with the action is used."
28
+
required: false
29
+
default: ""
30
30
token:
31
-
description: "GitHub token with repo permissions to create pull requests"
32
-
required: true
33
-
31
+
description: "GitHub token with pull-requests write permission to create pull requests. Defaults to the built-in GITHUB_TOKEN."
32
+
required: false
33
+
update_all:
34
+
description: "If set, also update all non-SPEC0 dependencies to versions released within the last N years (e.g., 2)."
This repository contains a Github Action to update Python dependencies in your `pyproject.toml` such that they conform to the SPEC 0 support schedule.
4
-
[You can find this schedule here.](https://scientific-python.org/specs/spec-0000/)
3
+
A GitHub Action that updates the lower bounds of Python dependencies in `pyproject.toml` to conform to the [SPEC 0 support schedule](https://scientific-python.org/specs/spec-0000/).
5
4
6
5
## Using the action
7
6
8
7
### Example workflow
9
8
10
-
To use the action you can copy the yaml below, and paste it into `.github/workflows/update-spec0.yaml`.
11
-
Whenever the action is triggered it will open a PR in your repository that will update the dependencies of SPEC 0 to the new lower bound.
12
-
For this you will have to provide it with a PAT that has write permissions in the `contents` and `pull request` scopes.
13
-
[Please refer to the GitHub documentation for instructions on how to do this here.](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)
9
+
Copy the yaml below into `.github/workflows/update-spec0.yaml`.
10
+
On each run the action opens a PR updating dependency lower bounds to match the current SPEC 0 schedule.
14
11
15
12
```yaml
16
13
name: Update SPEC 0 dependencies
17
14
18
15
on:
19
16
schedule:
20
-
# At 00:00 on day-of-month 3 in every 3rd month. (i.e. every quarter)
21
-
# Releases should happen on the second day of the quarter in savente93/SPEC0-schedule to
22
-
# avoid fence post errors, so allow one day as a buffer to avoid timing issues here as well.
23
-
- cron: "0 0 3 */3 *"
24
-
# On demand:
17
+
# Day 3 of each quarter. Allows one day buffer after the quarterly schedule release on day 1
18
+
- cron: "0 0 3 1,4,7,10 *"
25
19
workflow_dispatch:
26
20
27
21
permissions:
@@ -32,32 +26,54 @@ jobs:
32
26
update:
33
27
runs-on: ubuntu-latest
34
28
steps:
35
-
- uses: scientific-python/spec0-action@v1.0.0
36
-
with:
37
-
token: ${{ secrets.GH_PAT }} # <- GH_PAT you will have to configure in the repo as a secret
29
+
- uses: scientific-python/spec0-action@v1
38
30
```
39
31
40
-
It should update any of the packages listed in the `dependency`, or `tool.pixi.*` tables.
41
-
For examples of before and after you can see [./tests/test_data/pyproject.toml](./tests/test_data/pyproject.toml) and [./tests/test_data/pyproject_updated.toml](./tests/test_data/pyproject_updated.toml) respectively.
42
-
Other tools are not yet supported, but we are open to feature requests.
43
-
44
-
The newest lower bounds will be downloaded from [https://github.com/scientific-python/spec0-action](https://github.com/scientific-python/spec0-action) but you should not have to worry about this.
32
+
No PAT required.
33
+
The built-in `GITHUB_TOKEN` is used by default as long as the workflow has `pull-requests: write` permission.
| `token` | no | `GITHUB_TOKEN` | Token with `pull-requests: write` permission to open PRs |
40
+
| `project_file_name` | no | `pyproject.toml` | Path to the file to update, relative to repository root |
41
+
| `schedule_path` | no | — | Path to a custom `schedule.json`, relative to repository root. Uses the latest release if unset |
42
+
| `target_branch` | no | `main` | Branch to open the PR against |
43
+
| `create_pr` | no | `true` | Set to `false` for a dry run |
44
+
| `pr_title` | no | `chore: Drop support for unsupported packages conform SPEC 0` | Title of the opened PR |
45
+
| `commit_msg` | no | `chore: Drop support for unsupported packages conform SPEC 0` | Commit message for the version update commit |
46
+
| `update_all` | no | — | If set to a number N, also update non-SPEC0 dependencies to versions released within the last N years (e.g. `2`) |
47
+
48
+
For examples of before/after see [tests/test_data/pyproject.toml](./tests/test_data/pyproject.toml) and [tests/test_data/pyproject_updated.toml](./tests/test_data/pyproject_updated.toml).
57
49
58
50
## Limitations
59
51
60
-
1. Since this action simply parses the toml to do the upgrade and leaves any other bounds intact, it is possible that the environment of the PR becomes unsolvable.
61
-
For example if you have a numpy dependency like so: `numpy = ">=1.25.0,<2"`this will get updated in the PR to `numpy = ">=2.0.0,<2"` which is infeasible.
62
-
Keeping the resulting environment solvable is outside the scope of this action, so you might have to adjust them manually.
63
-
2. Currently only `pyproject.toml` is supported by this action, though other manifest files could be considered upon request.
52
+
1. The action only tightens lower bounds and leaves upper bounds untouched. An update can produce an unsolvable environment — for example `numpy = ">=1.25.0,<2"` becomes `numpy = ">=2.0.0,<2"`. Keeping the environment solvable is out of scope; adjust upper bounds manually if needed.
53
+
2. Only `pyproject.toml` is currently supported.
54
+
55
+
## Maintainer notes
56
+
57
+
### Releasing a new action version
58
+
59
+
Action versions are **git tags only**, do not create a GitHub Release for them. GitHub Releases in this repository are reserved for the quarterly schedule data.
60
+
61
+
```bash
62
+
git tag v1.x
63
+
git push origin v1.x
64
+
```
65
+
66
+
### Schedule releases
67
+
68
+
The SPEC 0 schedule (`schedule.json` and `schedule.md`) is published as a GitHub Release quarterly by the [Update SPEC 0 schedule](./.github/workflows/update_schedule.yml) workflow. Releases are tagged `schedule-YYYY-QN` (e.g. `schedule-2026-Q2`).
69
+
70
+
The action always fetches `schedule.json` from the **latest** GitHub Release in this repository, which will always be a schedule release as long as action versions are never published as releases.
71
+
72
+
#### Bootstrap
73
+
74
+
Before the first quarterly schedule release exists, the action will fail. To create the initial release, trigger the workflow manually:
75
+
76
+
1. Go to **Actions → Update SPEC 0 schedule**
77
+
2. Click **Run workflow**
78
+
79
+
Subsequent releases are created automatically on the 1st of January, April, July, and October.
0 commit comments