A tool that updates all your project's Python dependency files through Pull Requests on GitHub/GitLab.

Overview
https://pyup.io/static/images/logo.png

Updates https://travis-ci.org/pyupio/pyup.svg?branch=master Documentation Status https://codecov.io/github/pyupio/pyup/coverage.svg?branch=master

A tool that updates all your project's Python dependency files through Pull Requests on GitHub/GitLab.

https://github.com/pyupio/pyup/raw/master/demo.gif

About

This repo contains the bot that is running at pyup.io. You can install it locally and run the bot through the command line interface.

Documentation: https://pyup.io/docs/

Installation

To install pyup, run:

$ pip install pyupio

If you want to update Pipfiles, install the optional pipenv extra:

$ pip install dparse[pipenv]

Obtain Token

In order to communicate with the github API, you need to create an oauth token for your account:

  • Log in to your github account
  • Click on settings -> Personal access tokens
  • Click on Generate new token
  • Make sure to check repo and email and click on Generate token

Run your first Update

Run:

$ pyup --repo=username/repo --user-token=
   --initial

 

This will check all your requirement files and search for new package versions. If there are updates available, pyup will create a new branch on your repository and create a new commit for every single update. Once all files are up to date, pyup will create a single pull request containing all commits.

Once your repository is up to date and the initial update is merged in, remove the --initial flag and run:

$ pyup --repo=username/repo --user-token=

 

This will create a new branch and a pull request for every single update. Run a cronjob or a scheduled task somewhere that auto-updates your repository once in a while (e.g. every day) to stay on latest.

Pyup also has experimental support for Gitlab. Generate a personal access token from your profile settings (eg. https://gitlab.com/profile/personal_access_tokens), then run pyup from the cli:

# gitlab.com:
$ pyup --provider gitlab --repo=username/repo --user-token=

 

Custom Gitlab instance and GitHub Enterprise support

Pyup offer support for custom Gitlab instances and GitHub Enterprise via the provider_url option:

$ pyup --provider github --provider_url https://github.enterprise/api/v3 --repo=username/repo --user-token=
  
$ pyup --provider gitlab --provider_url https://your.gitlab/ --repo=username/repo --user-token=
  
   

# The alternative method to add a custom gitlab instance is still valid :
$ pyup --provider gitlab --repo=username/repo --user-token=
   
    @https://your.gitlab/

   
  
 

Disable verification of SSL certificate:

$ pyup --provider github --provider_url https://github.enterprise/api/v3 --repo=username/repo --user-token=
   --ignore_ssl
$ pyup --provider gitlab --repo=username/repo --user-token=
  
   @https://your.gitlab/ --ignore_ssl

  
 

Python 2.7

This tool requires latest Python patch versions starting with version 3.5. We did support Python 2.7 in the past but, as for other Python 3.x minor versions, it reached its End-Of-Life and as such we are not able to support it anymore.

We understand you might still have Python 2.7 projects running. At the same time, PyUp itself has a commitment to encourage developers to keep their software up-to-date, and it would not make sense for us to work with officially unsupported Python versions, or even those that reached their end of life.

If you still need to run PyUp from a Python 2.7 environment, please use version 1.0.2 available at PyPi. Alternatively, you can run PyUp from a Python 3 environment to check the requirements file for your Python 2.7 project.

Comments
  • Adding other requirement files

    Adding other requirement files

    Have you thought about adding other non-django requirement files into the pyup check? Most specifically I'm talking about the requirements file provided by hitchtest, which is found in "/hitch/hitchreqs.txt".

    Maybe an option to define other folders/files within the project would do the job!

    opened by mimischi 12
  • Pyup not taking the default set branch in Github

    Pyup not taking the default set branch in Github

    Private repository (private access enabled obviously). I pushed a new branch 'develop' to my repository and changed it to be the default. I closed a pull request and deleted the branch, however the new PR was still against the old 'master' branch (which is no longer default and has been set to be a protected branch). I have tried removing the repository from pyup.io and re-adding it and I still got the same behavior.

    I had to add a .pyup.yml file with branch = develop to get the correct behavior but the docs state that pyup makes PR's against the default branch on the repository (usually master)

    bug 
    opened by audiolion 11
  • Moving to setup.cfg + adding a .pyup.yml breaks WebUI

    Moving to setup.cfg + adding a .pyup.yml breaks WebUI

    I am unsure what my error is to cause the PyUP Web UI to render unusable (screenshot attached). I might try reversing the logic to only update: False on setup.cfg

    I can't remove the .pyup.yml as I don't want setup.cfg to have it's dependencies updated / pinned.

    What's my best way forward? This has also stopped any PRs being made. So I am sure my .yml is at fault here.

    • Said .pyup.yml: https://github.com/pypa/bandersnatch/blob/master/.pyup.yml Original yml - Before any PRs:
    search: False
    update: all
    
    requirements:
      - requirements_docs.txt:
        update: all
        pin: True
      - requirements_test.txt:
        update: all
        pin: True
      - requirements.txt:
        update: all
        pin: True
    
    assignees:
      - cooper
    

    Screen Shot 2019-06-18 at 6 11 50 AM

    opened by cooperlees 9
  • Add option for commit message template

    Add option for commit message template

    The commit messages generated by pyup do not match the commit message requirements for one of my projects. Please add an option to specify the commit message. e.g.

    # Configure the commit message template
    # default: "Update ${packagename} from ${old_version} to ${new_version}"
    # allowed variables: packagename, old_version, new_version
    commit_message_template: "Requirements: Push ${packagename} to ${new_version}"
    
    enhancement 
    opened by htgoebel 9
  • pyup bot chokes on requirements files (but not the pyup.io service)

    pyup bot chokes on requirements files (but not the pyup.io service)

    I've been attempting to run the pyup bot myself, because I have a repo that I'm not comfortable giving the pyup.io service write access to. I was surprised to find that instead of creating an initial PR, it created an Issue (eg: https://github.com/testbhearsum/balrog2/issues/33) claiming everything was up to date already.

    If I use the service, I get a PR like https://github.com/testbhearsum/balrog/pull/3 instead.

    I did some digging and it appears that the multi-line format of my requirements files is causing some issues. After https://github.com/pyupio/pyup/blob/ad58c9bd3706065e21513b9bc41222b1488c6246/pyup/requirements.py#L188 is run, "parseable_line" ends up being something like: "asynctest==0.10.0 asynctest==0.10.0" -- which clearly is not correct.

    I'm pretty sure my requirements files are OK, as pip parses them fine.

    opened by bhearsum 9
  • 500 error at https://pyup.io/account/repos/fetch-repos/

    500 error at https://pyup.io/account/repos/fetch-repos/

    Trying to sync my repos I'm getting an alert: "An unknown error occurred. Please contact support at [email protected]."

    Looking in the console, I'm getting a 500 response from https://pyup.io/account/repos/fetch-repos/ sure enough if I go to that url I get 500 too.

    I got this the other day, I think it was intermittent then but seems to be constant now.

    opened by samuelcolvin 9
  • Customizeable commit messages

    Customizeable commit messages

    Hi @jayfk! We spoke via email a while ago about allowing for customizable commit messages; this PR is meant to implement that feature.

    This commit allows for commit messages to be modified in .pyup.yml. The documentation will need to be updated with something like the following blob:

    # configure commit messages for pinned dependencies
    # default: "Pin {name} to latest version {new_version}"
    # allowed: any string containing format strings {name}, {old_version}, and/or {new_version}
    commit_msg_pin: "Pin {name} to latest version {new_version}"
    
    # configure commit messages for un-pinned dependencies
    # default: "Update {name} from {old_version} to {new_version}"
    # allowed: any string containing format strings {name}, {old_version}, and/or {new_version}
    commit_msg_update: "Update {name} from {old_version} to {new_version}"
    

    I did not see any method of updating the docs from this code-base (did I miss something in docs/?), but would be happy to do that update if you could point me in the right direction.

    opened by TheKevJames 8
  • Reduce cross-repository issue reference noise

    Reduce cross-repository issue reference noise

    Hello. I've noticed that the pyup-bot embeds a dependency's changelog in pull requests. For example, this version pinning PR of Django Rest Framework for the patchwork project. Because DRF's changelog references issues/PRs, your version pinning PR in turn creates a ton of cross-repository issue references. For example, you can see https://github.com/encode/django-rest-framework/pull/3288 which currently has 5 issue references from 5 separate pyup-bot PRs.

    This isn't a huge problem yet since usage seems to be limited, but this will scale poorly at even tens or even hundreds of projects. A few possible fixes:

    • don't embed the changelog (after all, the PR already includes a link to the actual changelog).
    • wrap the embedded changelog in triple back ticks so GitHub doesn't create the issue references.
    • wrap the embedded hyperlinks and issue numbers in backticks (this seems like it would be error-prone).
    opened by rpkilby 8
  • URL in changelog broken by issue number redaction

    URL in changelog broken by issue number redaction

    Hi

    In this PR: mozilla/treeherder#3784

    The changelog section contains this URL: https://django-filter.readthedocs.io/en/master/guide/migration.htmlmigrating-to-2-0

    Whereas the actual URL in the original changelog is: https://django-filter.readthedocs.io/en/master/guide/migration.html#migrating-to-2-0

    I'm presuming the # was removed by the process that sanitizes the GitHub issue numbers (ie converts #123 to 123).

    Please could the regex be tightened up, to avoid false positives?

    bug 
    opened by edmorley 7
  • LTS

    LTS

    We're using Django, and they've updated to 2.0, but there is LTS for 1.11 until April 2020. We plan on using that (our libraries are not all up). Is there a way to specify that we want updates less than x.x - expiring on some date? If not, I request that feature.

    new feature 
    opened by SillyInventor 7
  • Error - Unknown Error

    Error - Unknown Error

    Hello there,

    I'm not sure it is the right place to ask any question. I hope it is...

    I have a problem with this repository: https://pyup.io/account/repos/github/DEKHTIARJonathan/keras-datasets/

    image

    I have a massive Error - Unknown error and no idea what could have cause this ... I have tried to change a few things but nothing seems to have an effect ...

    Thanks for the help buddies !

    Best Regards,

    Jonathan

    opened by DEKHTIARJonathan 7
  • Support `requires_python` field to detect Python 3 support

    Support `requires_python` field to detect Python 3 support

    Multiple packages providers prefer to define requires_python: ">=3.7" instead of individual Programming Language :: Python classifiers for each new version supported.

    For example: https://github.com/pallets/werkzeug/pull/2528

    pyup should detect this field when provided on pypy (eg: https://pypi.org/pypi/werkzeug/json) to avoid flagging packages as not supporting Python 3, when they are in fact strictly requesting it.

    This would resolve similar problems identified in #202, #269

    opened by fmigneault 0
  • AssertionError: none

    AssertionError: none

    After installing pyup via pip and trying it out, I keep getting this AssertionError which is confusing as isinstance(base_url, str) shouldn't return None in this case. Does anybody know why it comes to that and/or how to fix this? Both the repo String and the user-token String are valid, I double checked that already.

    Thanks in advance guys

    pyup --repo=oliverweinm/MCBDD2022 --user-token=<REDACTED_HERE> --initial Traceback (most recent call last): File "/usr/local/bin/pyup", line 8, in sys.exit(main()) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1130, in call return self.main(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1055, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.9/site-packages/click/core.py", line 760, in invoke return __callback(*args, **kwargs) File "/usr/local/lib/python3.9/site-packages/pyup/cli.py", line 50, in main bot.update(branch=branch, initial=initial) File "/usr/local/lib/python3.9/site-packages/pyup/bot.py", line 121, in update self.configure(**kwargs) File "/usr/local/lib/python3.9/site-packages/pyup/bot.py", line 106, in configure repo=self.user_repo, File "/usr/local/lib/python3.9/site-packages/pyup/bot.py", line 38, in user_repo self._user_repo = self.provider.get_repo(token=self.user_token, name=self.repo_name) File "/usr/local/lib/python3.9/site-packages/pyup/providers/github.py", line 40, in get_repo return self._api(token).get_repo(name) File "/usr/local/lib/python3.9/site-packages/pyup/providers/github.py", line 32, in _api self.__api = Github(self.__token, base_url=self.url, timeout=50, verify=verify) File "/usr/local/lib/python3.9/site-packages/github/MainClass.py", line 123, in init assert isinstance(base_url, str), base_url AssertionError: None

    bug 
    opened by oliverweinm 1
  • False positives related to celery and sub depencies

    False positives related to celery and sub depencies

    Recent reports seem to indicate false positive related to celery. https://pyup.io/repos/github/crim-ca/weaver/commits/?page=1#0d9d2e845c11a48a39cab0a73962ce87dae6428f

    | Package | Installed | Affected | Info |
    |---------|--------------|----------|-----------------------------------------------------------------------------------------------------------| | celery | 3.1.26.post2 | <5.2.0 | Celery 5.2.0 updates 'kombu' to v5.2.1, which includes dependencies updates that resolve security issues. |

    I actually have version 4.4.2 pinned (as shown below) for quite a long time.

    https://github.com/crim-ca/weaver/commit/4370852a5b27d3bfafd96f9e3df580f3c6d3da54 celery[mongodb]==4.4.2; sys_platform != "win32"

    I only started getting issues last week (due to 5.2.x release), but it seems broken because my builds are not even able to find those versions on pypi. Anyway, the "installed" version is completely wrong, so something bad must be happening. Because I'm not even on the same major version, it is really hard for me to know if this is an actual security issue or just a detection problem on pyup side.

    opened by fmigneault 0
  • Add a cli flag for running as an integration

    Add a cli flag for running as an integration

    Currently there is no way to enable the integration flag which the providers uses to filter out some actions.

    It is possible to run the bot using an oauth app e.g. via github actions, however it will fail due to having no access to endpoints such as /user/emails.

    With this PR supplying the --integration will enable restricted tokens to function as expected.

    Fixed #411

    opened by DamianZaremba 3
  • Support for running under GitHub apps

    Support for running under GitHub apps

    Currently you cannot execute the bot using a signed token from a GitHub app such as within GitHub actions due to the API calls which are gated by the integration flag.

    Run pyup --provider=github --provider_url=https://api.github.com --repo=${GITHUB_REPOSITORY} --user-token=***
    Traceback (most recent call last):
      File "/opt/hostedtoolcache/Python/3.9.5/x64/bin/pyup", line 8, in <module>
        sys.exit(main())
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/click/core.py", line 1137, in __call__
        return self.main(*args, **kwargs)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/click/core.py", line 1062, in main
        rv = self.invoke(ctx)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/click/core.py", line 763, in invoke
        return __callback(*args, **kwargs)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/pyup/cli.py", line 50, in main
        bot.update(branch=branch, initial=initial)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/pyup/bot.py", line 123, in update
        self.apply_updates(
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/pyup/bot.py", line 173, in apply_updates
        (pr for pr in self.pull_requests if
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/pyup/bot.py", line 62, in pull_requests
        self.req_bundle.pull_requests = [
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/pyup/bot.py", line 62, in <listcomp>
        self.req_bundle.pull_requests = [
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/pyup/providers/github.py", line 293, in iter_issues
        extra_kwargs["creator"] = creator.login
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/github/AuthenticatedUser.py", line 232, in login
        self._completeIfNotSet(self._login)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/github/GithubObject.py", line 299, in _completeIfNotSet
        self._completeIfNeeded()
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/github/GithubObject.py", line 303, in _completeIfNeeded
        self.__complete()
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/github/GithubObject.py", line 310, in __complete
        headers, data = self._requester.requestJsonAndCheck("GET", self._url.value)
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/github/Requester.py", line 317, in requestJsonAndCheck
        return self.__check(
      File "/opt/hostedtoolcache/Python/3.9.5/x64/lib/python3.9/site-packages/github/Requester.py", line 342, in __check
        raise self.__createException(status, responseHeaders, output)
    github.GithubException.GithubException: 403 {"message": "Resource not accessible by integration", "documentation_url": "https://docs.github.com/rest/reference/users#get-the-authenticated-user"}
    
    opened by DamianZaremba 0
  • Update get_committer_data for latest PyGithub

    Update get_committer_data for latest PyGithub

    v1.55 of PyGithub changed get_emails to return a named tuple (#1890) rather than a dict directly from the decoded API response.

    Update the code to access the fields as a property rather than by index & bump the pin so 1.55 is the minimum version.

    Fixes #409

    opened by DamianZaremba 1
An installation and dependency system for Python

Pyflow Simple is better than complex - The Zen of Python Pyflow streamlines working with Python projects and files. It's an easy-to-use CLI app with a

David O'Connor 1.2k Dec 23, 2022
pip-run - dynamic dependency loader for Python

pip-run provides on-demand temporary package installation for a single interpreter run. It replaces this series of commands (or their Windows equivale

Jason R. Coombs 79 Dec 14, 2022
Install All Basic Termux Packages To Your Phone

~All-Packages~ The Easiest Way To Install All Termux Packages ?? Tool By ⒹⓈ᭄ʜʏᴅʀᴀ✘๛ˢᴸ ?? Contact Me On ?? >> AVAILABLE ON : Termux >> TESTED ON : Term

ⒹⓈ ʜʏͥᴅᷧʀᷟᴀ✘๛ˢᴸ 7 Nov 12, 2022
A set of tools to keep your pinned Python dependencies fresh.

pip-tools = pip-compile + pip-sync A set of command line tools to help you keep your pip-based packages fresh, even when you've pinned them. You do pi

Jazzband 6.5k Dec 29, 2022
Python PyPi staging server and packaging, testing, release tool

devpi: PyPI server and packaging/testing/release tool This repository contains three packages comprising the core devpi system on the server and clien

null 629 Jan 1, 2023
A PDM plugin that packs your packages into a zipapp

pdm-packer A PDM plugin that packs your packages into a zipapp Requirements pdm-packer requires Python >=3.7 Installation If you have installed PDM wi

Frost Ming 23 Dec 29, 2022
If you have stars in your Pipfile and you don't want them, this project is for you!

unstar-pipfile If you have stars in your Pipfile, this project is for you! unstar-pipfile is a tool to scan Pipfile.lock and replace any stars in Pipf

null 2 Jul 26, 2022
Dotpkg - Package manager for your dotfiles

Dotpkg A package manager for your dotfiles. Usage First make sure to have Python

FW 4 Mar 18, 2022
A tool to upgrade dependencies to the latest versions

pip-check-updates A tool to upgrade dependencies to the latest versions, inspired by npm-check-updates Install From PyPi pip install pip-check-updates

Zeheng Li 12 Jan 6, 2023
A PyPI mirror client according to PEP 381 http://www.python.org/dev/peps/pep-0381/

This is a PyPI mirror client according to PEP 381 + PEP 503 http://www.python.org/dev/peps/pep-0381/. bandersnatch >=4.0 supports Linux, MacOSX + Wind

Python Packaging Authority 345 Dec 28, 2022
The Python Package Index

Warehouse Warehouse is the software that powers PyPI. See our development roadmap, documentation, and architectural overview. Getting Started You can

Python Packaging Authority 3.1k Jan 1, 2023
The Python package installer

pip - The Python Package Installer pip is the package installer for Python. You can use pip to install packages from the Python Package Index and othe

Python Packaging Authority 8.4k Dec 30, 2022
Install and Run Python Applications in Isolated Environments

pipx — Install and Run Python Applications in Isolated Environments Documentation: https://pipxproject.github.io/pipx/ Source Code: https://github.com

null 5.8k Dec 31, 2022
:package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.

THE PROJECT IS ARCHIVED Forks: https://github.com/orsinium/forks DepHell -- project management for Python. Why it is better than all other tools: Form

DepHell 1.7k Dec 30, 2022
Python Development Workflow for Humans.

Pipenv: Python Development Workflow for Humans [ ~ Dependency Scanning by PyUp.io ~ ] Pipenv is a tool that aims to bring the best of all packaging wo

Python Packaging Authority 23.5k Jan 6, 2023
A PyPI mirror client according to PEP 381 http://www.python.org/dev/peps/pep-0381/

This is a PyPI mirror client according to PEP 381 + PEP 503 http://www.python.org/dev/peps/pep-0381/. bandersnatch >=4.0 supports Linux, MacOSX + Wind

Python Packaging Authority 345 Dec 28, 2022
Simple Library Management made with Python

Installation pip install mysql-connector-python NOTE: You must make a database (library) & and table (books, student) to hold all data. Languange and

SonLyte 10 Oct 21, 2021
PokerFace is a Python package for various poker tools.

PokerFace is a Python package for various poker tools. The following features are present in PokerFace... Types for cards and their componen

Juho Kim 21 Dec 29, 2022
Example for how to package a Python library based on Cython.

Cython sample module This project is an example of a module that can be built using Cython. It is an upgrade from a similar model developed by Arin Kh

Juan José García Ripoll 4 Aug 28, 2022