GitHub's Dependabot can automatically file PRs with bumps to dependencies when new versions of them are available.
In June 2023 they added support for Grouped version updates, so one PR will be filed that updates multiple dependencies at the same time.
The Dependabot setup instructions don't explicitly mention projects which keep all of their dependency information in setup.py.
It works just fine with those kinds of projects too.
To start it working, create a file in .github/dependabot.yml with the following contents:
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: daily
time: "13:00"
groups:
python-packages:
patterns:
- "*"Then navigate to https://github.com/simonw/s3-credentials/network/updates (but for your project) - that's Insights -> Dependency graph -> Dependabot - to confirm that it worked.
This should work for projects that use setup.py or pyproject.toml or requirements.txt.
Created 2022-01-14T16:33:03-08:00, updated 2023-08-03T17:41:54-07:00 · History · Edit