scheduled-maintenance.template.yml

name: "Scheduled Maintenance: Run 'poetry update' and create a PR"

on:
  push:
    branches:
      - run-poetry-update-workflow
  schedule:
    - cron: '0 0 * * MON'
  workflow_dispatch:

jobs:
  task:
    permissions:
      contents: write
      pull-requests: write
      packages: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install poetry
        run: pipx install poetry

      - name: Auth to Google Cloud
        # important! this 'auth' is referenced as `steps.auth` on the next job
        id: auth
        # https://github.com/google-github-actions/auth#authenticating-via-service-account-key-json-1
        uses: 'google-github-actions/auth@v1'
        with:
          credentials_json: '${{ secrets.MCI_GCLOUD_AUTH_JSON }}'
          token_format: 'access_token'


      - run: sudo apt-get -y install jq

      - run: poetry update --lock
        id: poetry-update

      - name: Validate dependency updates
        run: |
          poetry install
          poetry run pytest

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v5
        with:
          add-paths: poetry.lock
          commit-message: ${{ env.message }}
          delete-branch: true
          title: ${{ env.message }}
          assignees: ${template:maintainer}
          reviewers: ${template:maintainer}
          labels: semver-guidance:patch
        env:
          message: '[bot] patch dependencies'