A custom dependabot alternative for Python projects
Project description
DEPENDAPY
Features
- 🔍 Scan & Analyze: Recursively scans repositories for
pyproject.tomlfiles and identifies outdated dependencies - 🔄 Python Version Check: Ensures compatibility with the three latest Python 3 minor versions
- 🔀 Smart PR Handling: Creates new PRs or updates existing ones to avoid duplication
- 🛠️ uv Compatible: Works seamlessly with the modern
uvpackage manager from astral.sh - 🤖 GitHub Action: Runs automatically on a schedule via GitHub Actions
Installation
With uv (recommended)
uv pip install git+https://github.com/YOUR_USERNAME/dependapy.git
With pip
pip install git+https://github.com/YOUR_USERNAME/dependapy.git
Usage
Running Locally
To analyze your current repository and create pull requests for updates:
# Set your GitHub token for PR creation
export GITHUB_TOKEN=your_github_token
# Run dependapy
python -m dependapy.main
To only check for updates without creating pull requests:
python -m dependapy.main --no-pr
Command Line Options
usage: main.py [-h] [--repo-path REPO_PATH] [--token TOKEN] [--no-pr]
options:
-h, --help show this help message and exit
--repo-path REPO_PATH Path to the repository to scan (default: current directory)
--token TOKEN GitHub token (default: from GITHUB_TOKEN environment variable)
--no-pr Don't create or update pull requests, just show what would be updated
Analyze and update Python dependencies
options: -h, --help show this help message and exit --repo-path REPO_PATH Path to the repository to scan (default: current directory) --token TOKEN GitHub token (default: from GITHUB_TOKEN environment variable) --no-pr Don't create or update pull requests, just show what would be updated
## Setting Up as a GitHub Action
To automatically run dependapy weekly on your repository:
1. Create a file at `.github/workflows/dependapy.yml` with the following content:
```yaml
name: Dependapy
on:
schedule:
# Run every Sunday at 02:00 UTC
- cron: '0 2 * * 0'
workflow_dispatch: # Allow manual triggering
jobs:
update-dependencies:
name: Update Dependencies
runs-on: ubuntu-latest
permissions:
contents: write # Needed to push code changes
pull-requests: write # Needed to create pull requests
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 # Fetch all history for git operations
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install uv
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Install dependencies
run: |
uv pip install git+https://github.com/YOUR_USERNAME/dependapy.git
- name: Run dependapy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
python -m dependapy.main
- Configure the necessary permissions for GitHub Actions in your repository settings.
How It Works
- Repository Scanning: dependapy recursively finds all
pyproject.tomlfiles in your repository. - Dependency Analysis:
- Reads dependency information from the
[project]section (following PEP 621) - Checks PyPI for latest available versions
- Determines if Python version constraint is compatible with the newest Python versions
- Reads dependency information from the
- Smart Updates: Only creates PRs when actual updates are needed
- PR Management: Creates a branch and PR, or updates an existing one if applicable
Development
Setup Development Environment
# Create virtual environment and install dev dependencies
make setup-dev
# Or manually
uv venv
source .venv/bin/activate # On macOS/Linux
uv pip install -e ".[dev]"
Available Make Commands
make help # Show all available commands
make test # Run tests
make coverage # Run tests with coverage report
make format # Format code with ruff
make analyze # Run code analysis
make typecheck # Run type checking
make qa # Run all quality checks
make pre-commit # Run pre-commit hooks
make demo # Run example usage demonstration
Pre-commit Hooks
The project uses pre-commit hooks to ensure code quality. They are installed automatically when running make setup-dev, but you can also install them manually:
make pre-commit-install
This will set up the following checks to run automatically before each commit:
- Code formatting with ruff
- Linting with ruff
- Type checking with pyright
- Security checks with bandit
- YAML/TOML validation
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dependapy-0.1.0.tar.gz.
File metadata
- Download URL: dependapy-0.1.0.tar.gz
- Upload date:
- Size: 59.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.13.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f99f36cbbc9f29ada36f490ae27d832ae2bea401b5fd44e181239970f0240da6
|
|
| MD5 |
d1eb994385cc3beae26db1a99b75d3b8
|
|
| BLAKE2b-256 |
76f98b4285da3c6aedfc1e83df3cb9221b4a7cccc0f21141bd8cbe21870a1ecc
|
File details
Details for the file dependapy-0.1.0-py3-none-any.whl.
File metadata
- Download URL: dependapy-0.1.0-py3-none-any.whl
- Upload date:
- Size: 12.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.13.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ce721376272ee5a88eb688d443bfa692517ad2280d5d325268c459b30f112c66
|
|
| MD5 |
8d867389d34a0a592b45f65909898878
|
|
| BLAKE2b-256 |
0c9c40e86fdf1e45df060a16bcd3c4d6250d9bfce170fe6542ef2bf5e9488e83
|
