chore: Use just to update dependencies (#1238)

edgarrmondragon · Dec 22, 2024 · a143c5b · a143c5b
1 parent 7e246f2
commit a143c5b
Show file tree

Hide file tree

Showing 13 changed files with 99 additions and 74 deletions.
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -68,6 +68,6 @@ jobs:
 
     # Upload the results to GitHub's code scanning dashboard.
     - name: "Upload to code-scanning"
-      uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+      uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -24,7 +24,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif
           category: zizmor
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,7 +1,6 @@
 ci:
   autofix_commit_msg: '[pre-commit.ci] auto fixes'
   autofix_prs: true
-  autoupdate_commit_msg: 'chore(deps): pre-commit autoupdate'
   skip:
   - pip-compile
 
@@ -62,32 +61,32 @@ repos:
   - id: pyproject-fmt
 
 - repo: https://github.com/astral-sh/uv-pre-commit
-  rev: 0.5.10
+  rev: 0.5.11
   hooks:
   - id: uv-export
     name: Export Docs Dependencies
-    files: ^pyproject\.toml$
+    files: ^uv\.lock$
     args: ["--frozen", "--no-editable", "--output-file=requirements/requirements-docs.txt", "--only-group=docs"]
   - id: uv-export
     name: Export Test Dependencies
-    files: ^pyproject\.toml$
+    files: ^uv\.lock$
     args: ["--frozen", "--output-file=requirements/requirements-test.txt", "--no-dev", "--only-group=test"]
   - id: uv-export
     name: Export Typing Dependencies
-    files: ^pyproject\.toml$
+    files: ^uv\.lock$
     args: ["--frozen", "--output-file=requirements/requirements-typing.txt", "--only-group=typing"]
+  - id: uv-export
+    name: Export Runtime Dependencies
+    files: ^uv\.lock$
+    args: ["--frozen", "--output-file=requirements/requirements-highest.txt", "--no-dev", "--no-hashes", "--no-emit-project"]
   - id: pip-compile
     name: pip-compile Lowest Direct
     files: ^pyproject\.toml$
-    args: ["pyproject.toml", "--universal", "--resolution", "lowest-direct", "-o", "requirements/requirements-lowest-direct.txt"]
-  - id: pip-compile
-    name: pip-compile Highest
-    files: ^pyproject\.toml$
-    args: ["pyproject.toml", "--universal", "--resolution", "highest", "-o", "requirements/requirements-highest.txt"]
+    args: ["pyproject.toml", "--universal", "--resolution=lowest-direct", "-o=requirements/requirements-lowest-direct.txt"]
   - id: pip-compile
     name: pip-compile CI Dependencies
     files: ^requirements/requirements-ci\.in$
-    args: ["requirements/requirements-ci.in", "--universal", "-o", "requirements/requirements-ci.txt"]
+    args: ["requirements/requirements-ci.in", "--universal", "-o=requirements/requirements-ci.txt"]
 
 - repo: https://github.com/executablebooks/mdformat
   rev: 0.7.21

diff --git a/docs/contributing/update-dependencies.md b/docs/contributing/update-dependencies.md
@@ -0,0 +1,8 @@
+# Updating dependencies
+
+The easiest way to update dependencies is to use the the [`just`][just] command. This command will update all dependencies to the latest version.
+
+Along with the `just` command line tool, you'll need to have [`uv`][uv] installed.
+
+[just]: https://just.systems/man/en/prerequisites.html
+[uv]: https://docs.astral.sh/uv/getting-started/installation/
diff --git a/docs/contributing/update-github-actions.md b/docs/contributing/update-github-actions.md
diff --git a/docs/index.md b/docs/index.md
@@ -92,5 +92,5 @@ contributing/docs
 contributing/docker
 contributing/release
 contributing/unreleased-features
-contributing/update-github-actions
+contributing/update-dependencies
 ```
diff --git a/justfile b/justfile
@@ -0,0 +1,23 @@
+# Justfile
+
+default_python := '3.13'
+
+# Command to update all dependencies
+update-all py=default_python: (update-github-actions py) (update-pre-commit-hooks py) refresh-uv-lock (update-lock-files py)
+
+# Command to update GitHub actions using gha-update
+update-github-actions py=default_python:
+    -uvx --python={{py}} gha-update
+
+# Command to update pre-commit hooks
+update-pre-commit-hooks py=default_python:
+    -uvx --python={{py}} pre-commit autoupdate
+
+# Command to refresh uv.lock
+refresh-uv-lock:
+    -uv lock --upgrade
+
+# Update lock files
+update-lock-files py=default_python:
+    -uvx --python={{py}} pre-commit run uv-export
+    -uvx --python={{py}} pre-commit run pip-compile
diff --git a/requirements/requirements-ci.txt b/requirements/requirements-ci.txt
@@ -1,5 +1,5 @@
 # This file was autogenerated by uv via the following command:
-#    uv pip compile requirements/requirements-ci.in --universal -o requirements/requirements-ci.txt
+#    uv pip compile requirements/requirements-ci.in --universal -o=requirements/requirements-ci.txt
 argcomplete==3.5.2
     # via nox
 colorama==0.4.6

diff --git a/requirements/requirements-docs.txt b/requirements/requirements-docs.txt
@@ -12,9 +12,9 @@ alabaster==1.0.0 ; python_full_version >= '3.10' \
 astroid==3.2.4 ; python_full_version < '3.9' \
     --hash=sha256:0e14202810b30da1b735827f78f5157be2bbd4a7a59b7707ca0bfc2fb4c0063a \
     --hash=sha256:413658a61eeca6202a59231abb473f932038fbcbf1666587f66d482083413a25
-astroid==3.3.6 ; python_full_version >= '3.9' \
-    --hash=sha256:6aaea045f938c735ead292204afdb977a36e989522b7833ef6fea94de743f442 \
-    --hash=sha256:db676dc4f3ae6bfe31cda227dc60e03438378d7a896aec57422c95634e8d722f
+astroid==3.3.7 ; python_full_version >= '3.9' \
+    --hash=sha256:29fe1df7ef64dc17a54dbfad67b40b445340fcdba7c4012e7ecc9270c9b2f5b6 \
+    --hash=sha256:e1ea2c358a3c760ef583d4963e773100fa2c693b27ed158a1d0e81adb4436903
 autodocsumm==0.2.14 \
     --hash=sha256:2839a9d4facc3c4eccd306c08695540911042b46eeafcdc3203e6d0bab40bc77 \
     --hash=sha256:3bad8717fc5190802c60392a7ab04b9f3c97aa9efa8b3780b3d81d615bfe5dc0
@@ -141,9 +141,9 @@ imagesize==1.4.1 \
 importlib-metadata==8.5.0 ; python_full_version < '3.10' \
     --hash=sha256:45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b \
     --hash=sha256:71522656f0abace1d072b9e5481a48f07c138e00f079c38c8f883823f9c26bd7
-jinja2==3.1.4 \
-    --hash=sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369 \
-    --hash=sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
+jinja2==3.1.5 \
+    --hash=sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb \
+    --hash=sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb
 markdown-it-py==3.0.0 \
     --hash=sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 \
     --hash=sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb
@@ -447,9 +447,12 @@ tomli==2.2.1 ; python_full_version >= '3.9' and python_full_version < '3.11' \
 typing-extensions==4.12.2 ; python_full_version < '3.11' \
     --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
     --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
-urllib3==2.2.3 \
+urllib3==2.2.3 ; python_full_version < '3.9' \
     --hash=sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac \
     --hash=sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9
+urllib3==2.3.0 ; python_full_version >= '3.9' \
+    --hash=sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df \
+    --hash=sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d
 zipp==3.20.2 ; python_full_version < '3.9' \
     --hash=sha256:a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 \
     --hash=sha256:bc9eb26f4506fda01b81bcde0ca78103b6e62f991b381fec825435c836edbc29

diff --git a/requirements/requirements-highest.txt b/requirements/requirements-highest.txt
@@ -1,12 +1,8 @@
 # This file was autogenerated by uv via the following command:
-#    uv pip compile pyproject.toml --universal --resolution highest -o requirements/requirements-highest.txt
+#    uv export --frozen --output-file=requirements/requirements-highest.txt --no-dev --no-hashes --no-emit-project
 certifi==2024.12.14
-    # via requests
 charset-normalizer==3.4.0
-    # via requests
 idna==3.10
-    # via requests
 requests==2.32.3
-    # via citric (pyproject.toml)
-urllib3==2.2.3
-    # via requests
+urllib3==2.2.3 ; python_full_version < '3.9'
+urllib3==2.3.0 ; python_full_version >= '3.9'
diff --git a/requirements/requirements-lowest-direct.txt b/requirements/requirements-lowest-direct.txt
@@ -1,5 +1,5 @@
 # This file was autogenerated by uv via the following command:
-#    uv pip compile pyproject.toml --universal --resolution lowest-direct -o requirements/requirements-lowest-direct.txt
+#    uv pip compile pyproject.toml --universal --resolution=lowest-direct -o=requirements/requirements-lowest-direct.txt
 certifi==2024.12.14
     # via requests
 chardet==4.0.0

diff --git a/requirements/requirements-typing.txt b/requirements/requirements-typing.txt
@@ -274,9 +274,9 @@ importlib-metadata==8.5.0 ; python_full_version < '3.10' \
 iniconfig==2.0.0 \
     --hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
     --hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
-jinja2==3.1.4 \
-    --hash=sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369 \
-    --hash=sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
+jinja2==3.1.5 \
+    --hash=sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb \
+    --hash=sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb
 markupsafe==2.1.5 ; python_full_version < '3.9' \
     --hash=sha256:00e046b6dd71aa03a41079792f8473dc494d564611a8f89bbbd7cb93295ebdcf \
     --hash=sha256:075202fa5b72c86ad32dc7d0b56024ebdbcf2048c0ba09f1cde31bfdd57bcfff \
@@ -562,9 +562,12 @@ types-requests==2.32.0.20241016 \
 typing-extensions==4.12.2 \
     --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
     --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
-urllib3==2.2.3 \
+urllib3==2.2.3 ; python_full_version < '3.9' \
     --hash=sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac \
     --hash=sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9
+urllib3==2.3.0 ; python_full_version >= '3.9' \
+    --hash=sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df \
+    --hash=sha256:f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96f0204d
 werkzeug==3.0.6 ; python_full_version < '3.9' \
     --hash=sha256:1bc0c2310d2fbb07b1dd1105eba2f7af72f322e1e455f2f93c993bee8c8a5f17 \
     --hash=sha256:a8dd59d4de28ca70471a34cba79bed5f7ef2e036a76b3ab0835474246eb41f8d

diff --git a/uv.lock b/uv.lock