name: Check uv Dependencies Changes on: pull_request: paths: - 'uv.lock' - 'pyproject.toml' jobs: check-uv-changes: runs-on: ubuntu-latest permissions: pull-requests: write steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Check for uv.lock changes id: check-uv-lock run: | if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | grep -q "uv.lock"; then echo "uv_lock_changed=true" >> $GITHUB_OUTPUT else echo "uv_lock_changed=false" >> $GITHUB_OUTPUT fi - name: Check for pyproject.toml changes id: check-pyproject run: | if git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} | grep -q "pyproject.toml"; then echo "pyproject_changed=true" >> $GITHUB_OUTPUT else echo "pyproject_changed=false" >> $GITHUB_OUTPUT fi - name: Create PR comment if: steps.check-uv-lock.outputs.uv_lock_changed == 'true' || steps.check-pyproject.outputs.pyproject_changed == 'true' uses: actions/github-script@v7 with: script: | const uvLockChanged = ${{ steps.check-uv-lock.outputs.uv_lock_changed }}; const pyprojectChanged = ${{ steps.check-pyproject.outputs.pyproject_changed }}; let message = '📦 Dependencies Alert:\n\n'; if (uvLockChanged && pyprojectChanged) { message += '- Both `uv.lock` and `pyproject.toml` have been modified\n'; } else if (uvLockChanged) { message += '- `uv.lock` has been modified\n'; } else if (pyprojectChanged) { message += '- `pyproject.toml` has been modified\n'; } message += '\nPlease review these changes carefully to ensure they are intended (cc @sarahwooders @cpacker).'; github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: message });