|
| 1 | +--- |
| 2 | +name: upgrade-deps |
| 3 | +description: Upgrade all pyatlan Python dependencies and GitHub Actions to their latest compatible versions |
| 4 | +disable-model-invocation: true |
| 5 | +allowed-tools: Read, Bash, Edit, Write, Glob, Grep, WebFetch |
| 6 | +--- |
| 7 | + |
| 8 | +Upgrade all dependencies for the pyatlan Python SDK. Follow these steps carefully. |
| 9 | + |
| 10 | +## Context |
| 11 | + |
| 12 | +- The project supports Python >=3.9, so skip any package version that requires Python >=3.10 or higher |
| 13 | +- Use `uv` for all Python package operations |
| 14 | +- Workflow files are in `.github/workflows/` |
| 15 | +- Dependencies are managed in `pyproject.toml` and locked in `uv.lock` |
| 16 | + |
| 17 | +--- |
| 18 | + |
| 19 | +## Step 1 — Find outdated Python packages |
| 20 | + |
| 21 | +Run: |
| 22 | +``` |
| 23 | +uv pip list --outdated |
| 24 | +``` |
| 25 | + |
| 26 | +Cross-reference the output with the direct dependencies pinned in `pyproject.toml` (sections: `dependencies`, `dev`, `docs`). Ignore transitive dependencies — only update packages that are explicitly listed in `pyproject.toml`. |
| 27 | + |
| 28 | +--- |
| 29 | + |
| 30 | +## Step 2 — Check Python version compatibility for each outdated package |
| 31 | + |
| 32 | +For every package identified in Step 1, check its `requires_python` field: |
| 33 | + |
| 34 | +``` |
| 35 | +curl -s https://pypi.org/pypi/<package>/<new-version>/json | python3 -c "import json,sys; d=json.load(sys.stdin); print(d['info']['requires_python'])" |
| 36 | +``` |
| 37 | + |
| 38 | +**Rules:** |
| 39 | +- If `requires_python` is `>=3.9` or lower (or None) → safe to upgrade |
| 40 | +- If `requires_python` is `>=3.10` or higher → check if an older compatible version exists: |
| 41 | + ``` |
| 42 | + curl -s https://pypi.org/pypi/<package>/json | python3 -c " |
| 43 | + import json, sys |
| 44 | + d = json.load(sys.stdin) |
| 45 | + for v in sorted(d['releases'].keys(), reverse=True)[:10]: |
| 46 | + rels = d['releases'][v] |
| 47 | + if rels: |
| 48 | + rp = rels[0].get('requires_python','') |
| 49 | + print(f'{v}: {rp}') |
| 50 | + " |
| 51 | + ``` |
| 52 | + Pick the highest version that supports Python 3.9. If already at that version, skip it. |
| 53 | +- Packages already conditioned in pyproject.toml with `; python_version >= '3.10'` (like `filelock`) can be upgraded freely since they only install on 3.10+ |
| 54 | + |
| 55 | +--- |
| 56 | + |
| 57 | +## Step 3 — Update pyproject.toml |
| 58 | + |
| 59 | +For each package that can be safely upgraded, update its version pin in `pyproject.toml`. |
| 60 | + |
| 61 | +Keep the same `~=X.Y.Z` pinning style as used by other packages in the file. |
| 62 | + |
| 63 | +--- |
| 64 | + |
| 65 | +## Step 4 — Upgrade GitHub Actions |
| 66 | + |
| 67 | +Scan all workflow files in `.github/workflows/` for `uses:` lines: |
| 68 | +``` |
| 69 | +grep -rh "uses:" .github/workflows/ | sort -u |
| 70 | +``` |
| 71 | + |
| 72 | +For each action that uses a version tag, check the latest release: |
| 73 | +``` |
| 74 | +curl -s https://api.github.com/repos/<owner>/<repo>/releases/latest | python3 -c "import json,sys; print(json.load(sys.stdin)['tag_name'])" |
| 75 | +``` |
| 76 | + |
| 77 | +Use the major version tag style (e.g., `v7`) if the action uses that convention, or the exact version if it was pinned exactly (e.g., `0.34.2`). |
| 78 | + |
| 79 | +Update all workflow files using sed in-place replacements for each changed action. |
| 80 | + |
| 81 | +--- |
| 82 | + |
| 83 | +## Step 5 — Update pre-commit ruff rev |
| 84 | + |
| 85 | +If ruff was upgraded in pyproject.toml, also update the `rev:` in `.pre-commit-config.yaml` to match: |
| 86 | +```yaml |
| 87 | + - repo: https://github.com/astral-sh/ruff-pre-commit |
| 88 | + rev: v<new-version> |
| 89 | +``` |
| 90 | +
|
| 91 | +--- |
| 92 | +
|
| 93 | +## Step 6 — Regenerate the lockfile |
| 94 | +
|
| 95 | +``` |
| 96 | +uv lock --upgrade |
| 97 | +``` |
| 98 | + |
| 99 | +If this fails due to a Python version conflict, revisit Step 2 for the failing package. |
| 100 | + |
| 101 | +--- |
| 102 | + |
| 103 | +## Step 7 — Install and run tests |
| 104 | + |
| 105 | +``` |
| 106 | +uv sync --all-groups |
| 107 | +python -m pytest tests/unit/ -x -q --tb=short |
| 108 | +``` |
| 109 | + |
| 110 | +Fix any test failures caused by the upgrades before proceeding. |
| 111 | + |
| 112 | +--- |
| 113 | + |
| 114 | +## Step 8 — Run pre-commit |
| 115 | + |
| 116 | +``` |
| 117 | +pre-commit run --all-files |
| 118 | +``` |
| 119 | + |
| 120 | +The first run may auto-fix formatting. Run again to confirm all hooks pass. |
| 121 | + |
| 122 | +--- |
| 123 | + |
| 124 | +## Step 9 — Summarise and commit |
| 125 | + |
| 126 | +Present a summary table of all changes made: |
| 127 | + |
| 128 | +| Package / Action | Before | After | Notes | |
| 129 | +|---|---|---|---| |
| 130 | +| pydantic | 2.12.4 | 2.12.5 | | |
| 131 | +| ... | | | | |
| 132 | +| docker/login-action | v3 | v4 | | |
| 133 | + |
| 134 | +Then commit: |
| 135 | +``` |
| 136 | +git add pyproject.toml uv.lock requirements.txt .pre-commit-config.yaml .github/workflows/ |
| 137 | +git commit -m "chore: upgrade Python dependencies and GitHub Actions to latest versions" |
| 138 | +``` |
| 139 | + |
| 140 | +Ask the user before pushing. |
0 commit comments