integrations-core/.github/workflows/upgrade-python-version.yml at master · DataDog/integrations-core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: Upgrade Python version

on:
  workflow_dispatch:
  schedule:
  # At 3AM on Monday (UTC) - runs after dependency updates
  - cron: "0 3 * * 1"

jobs:
  upgrade_python_version:
    name: Upgrade Python version
    runs-on: ubuntu-latest
    permissions:
      id-token: write  # Required for OIDC token federation with dd-octo-sts
      contents: read
    steps:
    - name: Checkout
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        fetch-depth: 0
    - name: Set up Python
      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: 3.13
    - name: Install ddev from local folder
      uses: ./.github/actions/setup-ddev
      with:
        install-mode: local
        cache-profile: local-ddev-base
    - name: Configure ddev
      run: |-
        ddev config set upgrade_check false
        ddev config set repos.core .
        ddev config set repo core
    - name: Get GitHub token via dd-octo-sts
      uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
      id: octo-sts
      with:
        scope: DataDog/integrations-core
        policy: self.create-pull-requests.schedule
    - name: Upgrade Python version
      id: update
      run: |-
        # Run the update command - exits 0 if already at latest, 1 on errors
        ddev meta scripts upgrade-python-version

        # Check if there are any changes
        if git diff --quiet; then
          echo "No changes detected, already at latest Python version"
          echo "has_changes=false" >> $GITHUB_OUTPUT
        else
          echo "Changes detected, new Python version available"
          echo "has_changes=true" >> $GITHUB_OUTPUT
        fi
    - name: Create Pull Request
      if: steps.update.outputs.has_changes == 'true'
      id: cpr
      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
      with:
        token: ${{ steps.octo-sts.outputs.token }}
        commit-message: Upgrade Python version
        body: |
          ### What does this PR do?
          Update the Python version to the latest patch release.

          This PR was automatically generated by the following workflow:
          ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

          **THE CHANGELOG FILES OFTEN HAVE THE WRONG PR NUMBER. MAKE SURE TO CHECK THEM!**

          ### Changes
          - Updated `PYTHON_VERSION_FULL` in `ddev/src/ddev/repo/constants.py`
          - Updated Python version in `.builders/images/*/Dockerfile` (Linux and Windows)
          - Updated PBS pins in `.builders/images/macos/pbs.env` (macOS)
          - Updated SHA256 hashes for Python artifacts

          ### Review checklist (to be filled by reviewers)

          - [ ] Verify the Python version and SHA256 hashes are correct
          - [ ] [Changelog entries](https://datadoghq.dev/integrations-core/guidelines/pr/#changelog-entries) must be created for modifications to shipped code
          - [ ] Add the `qa/skip-qa` label if the PR doesn't need to be tested during QA.
        title: Upgrade Python version
        branch: bot/upgrade-python-version
        branch-suffix: timestamp
        delete-branch: true
        base: master
        labels: bot,qa/skip-qa
        draft: false