From 28843d3552bf58e80e3c861e60629db80f5fbbd0 Mon Sep 17 00:00:00 2001 From: Pigbibi <20649888+Pigbibi@users.noreply.github.com> Date: Sat, 27 Jun 2026 16:53:06 +0800 Subject: [PATCH] chore: tighten numpy/scipy bounds and CI Python 3.12 Pin scipy/numpy upper bounds, ignore incompatible Dependabot bumps, upgrade CI to Python 3.12, and adopt Dependabot auto-merge gold standard. Co-authored-by: Cursor --- .github/dependabot.yml | 4 +++ .github/workflows/ci.yml | 2 +- .github/workflows/dependabot_auto_merge.yml | 33 ++++++++++++++++----- requirements.txt | 4 +-- 4 files changed, 32 insertions(+), 11 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2bbf4fc..ea93e08 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,10 @@ updates: - dependency-name: "*" update-types: - "version-update:semver-major" + - dependency-name: "scipy" + versions: [">=1.18"] + - dependency-name: "numpy" + versions: [">=2.5"] - package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 649af0e..b8ab833 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v6 with: - python-version: "3.11" + python-version: "3.12" - name: Install dependencies run: | diff --git a/.github/workflows/dependabot_auto_merge.yml b/.github/workflows/dependabot_auto_merge.yml index a3a4988..476c38d 100644 --- a/.github/workflows/dependabot_auto_merge.yml +++ b/.github/workflows/dependabot_auto_merge.yml @@ -22,12 +22,19 @@ jobs: run: | set -euo pipefail BRANCH_NAME="${{ github.event.workflow_run.head_branch }}" - PR_NUMBER=$(gh pr list --repo "${GITHUB_REPOSITORY}" --state open --head "${BRANCH_NAME}" --json number --jq '.[0].number // empty') + PR_PAYLOAD=$(gh pr list --repo "${GITHUB_REPOSITORY}" --state open --head "${BRANCH_NAME}" --json number,headRefOid --jq '.[0] // {}') + PR_NUMBER=$(python3 -c 'import json,sys; print(json.load(sys.stdin).get("number", ""))' <<<"${PR_PAYLOAD}") + PR_HEAD_SHA=$(python3 -c 'import json,sys; print(json.load(sys.stdin).get("headRefOid", ""))' <<<"${PR_PAYLOAD}") if [ -z "${PR_NUMBER}" ]; then echo "No open Dependabot PR found for ${BRANCH_NAME}." >> "$GITHUB_STEP_SUMMARY" exit 0 fi + if [ "${PR_HEAD_SHA}" != "${{ github.event.workflow_run.head_sha }}" ]; then + echo "Skipping auto-merge: PR #${PR_NUMBER} head ${PR_HEAD_SHA} does not match completed CI head ${{ github.event.workflow_run.head_sha }}." >> "$GITHUB_STEP_SUMMARY" + exit 0 + fi echo "pr_number=${PR_NUMBER}" >> "$GITHUB_OUTPUT" + echo "head_sha=${PR_HEAD_SHA}" >> "$GITHUB_OUTPUT" - name: Evaluate merge eligibility id: merge_guard @@ -36,7 +43,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -euo pipefail - gh pr view "${{ steps.pr.outputs.pr_number }}" --repo "${GITHUB_REPOSITORY}" --json number,isDraft,author,url,labels > pr.json + gh pr view "${{ steps.pr.outputs.pr_number }}" --repo "${GITHUB_REPOSITORY}" --json number,isDraft,author,url,body,labels > pr.json python3 - <<'PY' import json import os @@ -45,16 +52,26 @@ jobs: pr = json.loads(Path("pr.json").read_text(encoding="utf-8")) author = (pr.get("author") or {}).get("login") labels = {item.get("name", "") for item in pr.get("labels", [])} - should_merge = author in {"dependabot[bot]", "app/dependabot"} and not pr.get("isDraft") - reason = "ready" if should_merge else "not_dependabot_or_draft" + body = pr.get("body") or "" + is_major = "update-type: version-update:semver-major" in body + dependabot_authors = {"dependabot[bot]", "app/dependabot"} + is_dependabot = author in dependabot_authors and "dependencies" in labels + should_merge = is_dependabot and not pr.get("isDraft") and not is_major + if should_merge: + reason = "ready" + elif is_major: + reason = "major_update" + else: + reason = "not_eligible_dependabot_pr" summary_lines = [ "## Auto-Merge Gate", f"- PR: {pr['url']}", f"- Author: `{author or ''}`", - f"- Draft: `{ 'yes' if pr.get('isDraft') else 'no' }`", - f"- Dependabot label: `{ 'yes' if 'dependencies' in labels else 'no' }`", - f"- Final merge decision: `{ 'merge' if should_merge else 'skip' }`", + f"- Draft: `{'yes' if pr.get('isDraft') else 'no'}`", + f"- Dependabot label: `{'yes' if 'dependencies' in labels else 'no'}`", + f"- Major update: `{'yes' if is_major else 'no'}`", + f"- Final merge decision: `{'merge' if should_merge else 'skip'}`", f"- Reason: `{reason}`", ] Path("pr-summary.md").write_text("\n".join(summary_lines).strip() + "\n", encoding="utf-8") @@ -71,4 +88,4 @@ jobs: if: steps.merge_guard.outputs.should_merge == 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh pr merge "${{ steps.pr.outputs.pr_number }}" --repo "${GITHUB_REPOSITORY}" --rebase --delete-branch + run: gh pr merge "${{ steps.pr.outputs.pr_number }}" --repo "${GITHUB_REPOSITORY}" --rebase --delete-branch --match-head-commit "${{ steps.pr.outputs.head_sha }}" diff --git a/requirements.txt b/requirements.txt index bfe33ed..c06c832 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,11 +1,11 @@ pandas>=3.0.3 -numpy>=2.4.6 +numpy>=2.4.6,<2.5 requests>=2.34.2 matplotlib>=3.11.0 PyYAML>=6.0 lightgbm>=4.3 scikit-learn>=1.9.0 -scipy>=1.11 +scipy>=1.11,<1.18 joblib>=1.3 google-cloud-storage>=3.12.0 google-cloud-firestore>=2.16