check_poetry_dependencies.yml

name: Check Poetry dependencies

on:
  push:
    branches:
      - "main"
      - "release-*"
    tags:
      - "*"
    paths:
      - "**/requirements.txt"
      - "**/requirements-dev.txt"
      - "**/pyproject.toml"
      - "**/poetry.lock"
      - ".github/workflows/check_poetry_dependencies.yml"
  pull_request:
    paths:
      - "**/requirements.txt"
      - "**/requirements-dev.txt"
      - "**/pyproject.toml"
      - "**/poetry.lock"
      - ".github/workflows/check_poetry_dependencies.yml"

jobs:
  poetry-dependencies:
    permissions:
      # Give the default GITHUB_TOKEN write permission to commit and push the
      # added or changed files to the repository.
      contents: write

    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        id: py311
        with:
          python-version: 3.11
          cache: pip

      - name: Install pip dependencies
        run: pip install poetry==1.6.1

      - name: Check, lock, and export Poetry dependencies
        run: make poetry-dependencies

      - name: Check if there are any changed files
        if: ${{ github.actor != 'dependabot[bot]' }}
        run: git diff --exit-code

      - name: Commit, sign, and push changes
        if: ${{ github.actor == 'dependabot[bot]' }}
        run: sh .github/scripts/commit_sign_push.sh
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          DESTINATION_BRANCH: ${{ github.ref }}