Automatically bump versions

.github/workflows/bump.yml

@@ -0,0 +1,46 @@
+name: Bump dependencies
+
+on:
+  schedule:
+    - cron: '0 8 * * 1' # Runs at 08:00 UTC every Monday
+  pull_request:  # also run on PRs touching this file
+    paths:
+      - ".github/workflows/bump.yml"
+
+
+jobs:
+  test:
+    name: Bump dependencies
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"  # lowest supported
+
+      - name: Install python dependencies
+        run: |
+          pip install --disable-pip-version-check --upgrade pip setuptools pip-tools
+          pip list
+
+      - name: Upgrade to a consistent set of dependencies
+        run: pip-compile requirements/*.in -o requirements/all.txt --upgrade --strip-extras
+
+      - name: Compile all upgraded requirement files
+        run: |
+          for file in requirements/*.in; do
+            pip-compile "$file" -c requirements/all.txt --upgrade --no-header --no-annotate --strip-extras
+          done
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        if: github.ref == 'refs/heads/main'
+        with:
+          branch: bump-dependencies
+          delete-branch: true
+          add-paths: requirements/*.txt
+          commit-message: "Bump dependencies"
+          title: "Bump dependencies"

CHANGES.md

@@ -11,6 +11,10 @@
   is presented, this now hides the query parameter from the generated url. Before,
   it resulted in `path?foo=None`.
 
+- Removed yappi and viztracer profilers.
+
+- Bumped all dependencies except for boto3 and aioboto3.
+
 
 ## 0.18.0 (2024-10-21)
 ----------------------

MANIFEST.in

@@ -2,6 +2,7 @@
 include *.md
 include LICENSE
 include clean_python/py.typed
+include requirements/*.txt
 # Exclude byte-compiled code
 global-exclude __pycache__
 global-exclude *.py[co]

README.md

@@ -118,3 +118,23 @@ Our current approach is to have 1 *aggregate* (whose root is implemented as a ``
 Optional dependencies can be added with:
 
     $ pip install clean-python[sql,fastapi]
+
+## Managing dependencies
+
+``clean-python`` has all of its dependencies pinned, because in that way the automated tests run
+in the same environment that the application that uses ``clean-python``. The requirements are automatically
+updated each week by the GH Actions script located in `.github/workflows/bump.yml`.
+
+This works as follows:
+
+- Requirements are specified in `requirements/*.in` files. Mostly, they do not have version specifies.
+- To ensure that all optional requirements are consistent with one another, we first generate
+  a single requirement file `all.txt` from all `*.in` files together. We use pip-tools for that
+  (see https://github.com/jazzband/pip-tools).
+- Then for each `*.in` file, a requirements file is generated. This requirement file is constrained to
+  the consistent set generated in the previous step using `-c all.txt`.
+  For instance the `fastapi.txt` is generated from `fastapi.in`.
+- The `pyproject.toml` refers to requirement files from its `dependencies` and `optional-dependencies`
+  section. Each optional dependency has its own requirement file.
+
+The result of this is that you can install ``clean-python`` with any combination of optional dependencies.

pyproject.toml

@@ -10,34 +10,7 @@ license = {text = "MIT"}
 classifiers = ["Programming Language :: Python"]
 keywords = []
 requires-python = ">=3.10"
-dependencies = ["pydantic==2.9.*", "inject==5.*", "asgiref==3.8.*", "blinker==1.8.*", "async-lru==2.0.*", "backoff==2.2.*", "pyyaml==6.0.*"]
-dynamic = ["version"]
-
-[project.optional-dependencies]
-test = [
-    "pytest",
-    "pytest-cov",
-    "pytest-asyncio==0.21.*",  # https://github.com/pytest-dev/pytest-asyncio/issues/706
-    "debugpy",
-    "httpx",
-    "uvicorn",
-    "python-multipart",
-    "pytest-celery<1"
-]
-fastapi = ["fastapi==0.115.*"]
-auth = ["pyjwt==2.9.*", "cryptography==43.0.*"]  # pyjwt[crypto]
-amqp = ["pika==1.3.*"]
-celery = ["celery==5.4.*"]
-fluentbit = ["fluent-logger"]
-sql = ["sqlalchemy==2.0.*", "asyncpg==0.30.*", "greenlet==3.*"]
-sql-sync = ["sqlalchemy==2.0.*"]  # also requires psycopg2 or psycopg2-binary
-# help the resolver a bit by copying version pins from aioboto3 / aiobotocore
-s3 = ["aioboto3==13.1.*", "aiobotocore==2.13.1", "boto3==1.34.131", "types-aioboto3[s3]"]
-s3-sync = ["boto3==1.34.*", "boto3-stubs[s3]"]
-api-client = ["aiohttp==3.10.*", "urllib3==2.0.*"]
-profiler = ["yappi"]
-debugger = ["debugpy"]
-nanoid = ["nanoid==2.0.0"]
+dynamic = ["version", "dependencies", "optional-dependencies"]
 
 [project.urls]
 homepage = "https://github.com/nens/clean-python"
@@ -51,6 +24,19 @@ include = ["clean_python*"]
 
 [tool.setuptools.dynamic]
 version = {attr = "clean_python.__version__"}
+dependencies = {file = ["requirements/base.txt"]}
+optional-dependencies.fastapi = { file = ["requirements/fastapi.txt"] }
+optional-dependencies.auth = { file = ["requirements/auth.txt"] }
+optional-dependencies.amqp = { file = ["requirements/amqp.txt"] }
+optional-dependencies.celery = { file = ["requirements/celery.txt"] }
+optional-dependencies.fluentbit = { file = ["requirements/fluentbit.txt"] }
+optional-dependencies.sql = { file = ["requirements/sql.txt"] }
+optional-dependencies.sql-sync = { file = ["requirements/sql_sync.txt"] }
+optional-dependencies.s3 = { file = ["requirements/s3.txt"] }
+optional-dependencies.s3-sync = { file = ["requirements/s3_sync.txt"] }
+optional-dependencies.api-client = { file = ["requirements/api_client.txt"] }
+optional-dependencies.nanoid = { file = ["requirements/nanoid.txt"] }
+optional-dependencies.test = { file = ["requirements/test.txt"]}
 
 [tool.isort]
 profile = "black"