Enables automatic requirements and venv updating.
Called directly -- or, typically, by a cron job -- this script:
- checks a bunch of expectations about the project
- if expectations fail, an email noting the failure will go out to the target-project admins if possible; otherwise the auto-updater admins.
- checks to see if a
uv sync --upgrade --group Xperforms any updates. (Running that updates theuv.lockfile and from that, updates the.venv.)- if the resultant
uv.lockfile is different, this script re-runs the project's tests, runs django'scollectstaticif necessary, and notifies the project-admins.
- if the resultant
(see the auto_updater.py manage_update() function, for details)
- Performs these initial checks:
- validates submitted project-path
- determines the admin-emails
- validates expected branch
- validates expected git-status
determines the python version- determines the local/staging/production environment
- validates the
uvpath - determines the group
- validates group and permissions on the venv and the
requirements_backupsdirectories - runs project's
run_tests.py
- If any of the above steps fail, emails project-admins (or updater-admins)
- Saves a backup of
uv.lockto../uv.lock_backup - Runs
uv sync --upgrade --group staging(for dev) oruv sync --upgrade --group production(for prod) - Evaluates if
uv.lockhas changed - If
uv.lockhas changed (meaning the.venvhas been updated):- runs project's
run_tests.py- on test success
- runs
uv pip compile ./pyproject.toml -o ./requirements.txt - performs a diff on new and old
uv.lockshowing the change, and creates diff text - if a django app
- runs its
collectstaticcommand - runs the usual
touchcommand to let passenger know to reload the django-app
- runs its
- runs a git-pull, then a git-add, then a git-commit, then a git-push
- emails the diff (and any issues) to the project-admins
- runs
- on test failure
- restores original
uv.lock - runs
uv sync --frozen# just updates the.venvfrom theuv.lockfile - runs project's
run_tests.pyagain - emails the canceled-diff (and test-failures) to the project-admins
- restores original
- on test success
- runs project's
- Finally, attempts to update group & permissions on the venv and the
requirements_backupsdirectories
-
Directly:
$ cd "/path/to/requirements-auto-updater/" $ uv run --env-file "../.env" ./auto_updater.py --project "/path/to/project_to_update_code_dir/" -
Via cron on servers (eg to run every day at 12:01am) (all one line):
1 0 * * * PATH=/usr/local/bin:$PATH cd "/path/to/requirements-auto-updater/" && uv run --env-file "../.env" ./auto_updater.py --project "/path/to/project_to_update_code_dir/"
- A
pyproject.tomlfile exists, with adependencies = []entry, and a[dependency-groups]entry, withstagingandprodentries. - The dependencies use tilde-notation (
package~=1.2.0) wherever possible. That third numeral is important; we only want to update thepatchversion. - There is a
.envfile in the "outer-stuff" directory. - The
.envfile contains anADMINS_JSONentry with the following structure:ADMINS_JSON=' [ [ "exampleFirstname1 exampleLastname1", "[email protected]" ], [ "exampleFirstname2 exampleLastname2", "[email protected]" ] ]'
-
Assumes
uvis accessible- Checks the
which uvpath. If nothing found, will raise an exception and email the project-admins. This is the reason for updatingPATHin the cron-call.
- Checks the
-
Suggestion: we do not tweak this script for different project-structures; rather, we restructure our apps to fit these assumptions (to keep this script simple, and for the benefits of a more standardized project structure).
-
To monitor: using the tilde-notation to ensure that only the
patchversion is updated could still install new non-patch-level versions of dependencies. In the 2 months of monitoring this in real usage on two projects, this has not caused an issue.
We need to make upgrading dependency-packages more sustainable.
By definition, the third part of package-notation (major, minor, patch) infers both backwards-compatibility and bug-fixes, so this should lighten the technical-debt load. However it is possible for patch upgrades to contain backwards-incompatibilites -- example.