Drop dependabot in favor of automated pip-tools

.github/workflows/autodeps.yml

@@ -0,0 +1,83 @@
+name: Autodeps
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron:  '0 0 1 * *'
+
+jobs:
+  Autodeps:
+    name: Autodeps
+    timeout-minutes: 10
+    runs-on: 'ubuntu-latest'
+    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions
+    permissions:
+      pull-requests: write
+      issues: write
+      repository-projects: write
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.8"
+      - name: Bump dependencies
+        run: |
+          python -m pip install -U pip
+          python -m pip install -r test-requirements.txt
+          pip-compile test-requirements.in
+          pip-compile docs-requirements.in
+      - name: Black
+        run: |
+          # The new dependencies may contain a new black version.
+          # Commit any changes immediately.
+          python -m pip install -r test-requirements.txt
+          black setup.py trio
+      - name: Commit changes and create automerge PR
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # https://stackoverflow.com/a/3879077/4504950
+          if ! git diff-index --quiet HEAD; then
+            echo "No changes to commit!"
+            exit 0
+          fi
+
+          # setup git repo
+          git switch --force-create autodeps/bump_from_${GITHUB_SHA:0:6}
+          git config user.name 'github-actions[bot]'
+          git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
+          git commit -am "Dependency updates"
+          git push --force --set-upstream origin autodeps/bump_from_${GITHUB_SHA:0:6}
+
+          # git push returns before github is ready for a pr, so we poll until success
+          for BACKOFF in 1 2 4 8 0; do
+            sleep $BACKOFF
+            if gh pr create \
+              --label dependencies --body "" \
+              --title "Bump dependencies from commit ${GITHUB_SHA:0:6}" \
+              ; then
+              break
+            fi
+          done
+
+          if [ $BACKOFF -eq 0 ]; then
+            echo "Could not create the PR"
+            exit 1
+          fi
+
+          # gh pr create returns before the pr is ready, so we again poll until success
+          # https://github.com/cli/cli/issues/2619#issuecomment-1240543096
+          for BACKOFF in 1 2 4 8 0; do
+            sleep $BACKOFF
+            if gh pr merge --auto --squash; then
+              break
+            fi
+          done
+
+          if [ $BACKOFF -eq 0 ]; then
+            echo "Could not set automerge"
+            exit 1
+          fi

.github/workflows/ci.yml

@@ -121,39 +121,6 @@ jobs:
           # Should match 'name:' up above
           JOB_NAME: 'Ubuntu (${{ matrix.python }}${{ matrix.extra_name }})'
 
-  autofmt:
-    name: Autoformat dependabot PR
-    timeout-minutes: 10
-    if: github.actor == 'dependabot[bot]'
-    runs-on: 'ubuntu-latest'
-    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#changing-github_token-permissions
-    permissions:
-      pull-requests: write
-      issues: write
-      repository-projects: write
-      contents: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.pull_request.head.ref }}
-      - name: Setup python
-        uses: actions/setup-python@v2
-        with:
-          python-version: "3.8"
-      - name: Check formatting
-        run: |
-          python -m pip install -r test-requirements.txt
-          ./check.sh
-      - name: Commit autoformatter changes
-        if: failure()
-        run: |
-          black setup.py trio
-          git config user.name 'github-actions[bot]'
-          git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
-          git commit -am "Autoformatter changes"
-          git push
-
   macOS:
     name: 'macOS (${{ matrix.python }})'
     timeout-minutes: 10

ci.sh

@@ -115,7 +115,7 @@ else
         # when installing, and then running 'certmgr.msc' and exporting the
         # certificate. See:
         #    http://www.migee.com/2010/09/24/solution-for-unattendedsilent-installs-and-would-you-like-to-install-this-device-software/
-        certutil -addstore "TrustedPublisher" .github/workflows/astrill-codesigning-cert.cer
+        certutil -addstore "TrustedPublisher" trio/tests/astrill-codesigning-cert.cer
         # Double-slashes are how you tell windows-bash that you want a single
         # slash, and don't treat this as a unix-style filename that needs to
         # be replaced by a windows-style filename.