Merge pull request #201 from JaclynCodes/copilot/update-environment-variables

Add automated dependency update workflow with configurable environment variables :)

Author: JaclynCodes

.github/workflows/update_dependencies.yml

@@ -0,0 +1,123 @@
+name: Update Dependencies
+
+on:
+  schedule:
+    # Run at 9:00 AM UTC every Monday
+    - cron: 0 9 * * 1
+  # Allow manual runs
+  workflow_dispatch:
+    inputs:
+      package:
+        description: >
+          Specific package to update (e.g., numpy, librosa).
+          Leave empty to check all packages.
+        required: false
+      version:
+        description: >
+          Target version for the package. Leave empty to use latest.
+        required: false
+
+env:
+  PYTHON_VERSION: 3.11
+  PIP_VERSION: 24.0
+
+jobs:
+  check-and-update:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'JaclynCodes'
+    permissions:
+      contents: write  # Needed to push changes
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Use default token for now, can be updated to use PAT if needed
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set Git author
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Upgrade pip
+        run: |
+          python -m pip install --upgrade pip==${{ env.PIP_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt
+
+      - name: Check for updates
+        id: check_updates
+        run: |
+          # Install pip-tools for dependency management
+          pip install pip-tools
+
+          # Check for outdated packages
+          echo "Checking for outdated packages..."
+          pip list --outdated > outdated.txt
+          cat outdated.txt
+
+          if [ -s outdated.txt ]; then
+            echo "updates_available=true" >> $GITHUB_OUTPUT
+          else
+            echo "updates_available=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Update dependencies
+        if: steps.check_updates.outputs.updates_available == 'true'
+        run: |
+          # Create a new branch for the update
+          BRANCH_NAME="automated/update-dependencies-$(date +%Y%m%d)"
+          git checkout -b "$BRANCH_NAME"
+
+          # If specific package and version provided, update that
+          if [ -n "${{ inputs.package }}" ]; then
+            if [ -n "${{ inputs.version }}" ]; then
+              echo "Updating ${{ inputs.package }} to version \
+          ${{ inputs.version }}"
+              # Use word boundaries to match exact package name
+              sed -i "s/^${{ inputs.package }}[>=<].*/${{ inputs.package }}==\
+          ${{ inputs.version }}/" requirements.txt
+            else
+              echo "Updating ${{ inputs.package }} to latest \
+          compatible version"
+              # Get latest version compatible with constraints
+              LATEST=$(pip index versions "${{ inputs.package }}" | \
+          grep "Available versions:" | head -1 | cut -d: -f2 | \
+          tr ',' '\n' | head -1 | xargs)
+              if [ -z "$LATEST" ]; then
+                echo "Error: Could not determine latest version for \
+          ${{ inputs.package }}"
+                exit 1
+              fi
+              # Use word boundaries to match exact package name
+              sed -i "s/^${{ inputs.package }}[>=<].*/${{ inputs.package }}>=\
+          $LATEST/" requirements.txt
+            fi
+          else
+            echo "No specific package provided for update."
+            echo "Please run manually with package name to update."
+            echo "Bulk updates require manual review and are not \
+          automated."
+            exit 0
+          fi
+
+          # Commit changes if there are any
+          if git diff --quiet requirements.txt; then
+            echo "No changes to commit"
+            exit 0
+          else
+            git add requirements.txt
+            COMMIT_MSG="Update ${{ inputs.package }} dependency"
+            git commit -m "$COMMIT_MSG"
+            git push origin "$BRANCH_NAME"
+
+            # Create PR using GitHub CLI would go here if available
+            echo "Branch $BRANCH_NAME created with updates"
+          fi

docs/README.md

@@ -12,6 +12,7 @@ Welcome to the Symphonic-Joules documentation! This directory contains comprehen
 - **[Performance Optimization](performance-optimization.md)** - Best practices for efficient code
 - **[Test Performance Guide](test-performance-guide.md)** - Writing fast and efficient tests
 - **[Archive Review Process](archive-review-process.md)** - Guidelines for reviewing uploaded code and archives
+- **[GitHub Workflows](workflows.md)** - Automated workflows and CI/CD documentation
 - **[FAQ](faq.md)** - Frequently asked questions
 
 ## 🎯 Quick Navigation
@@ -27,6 +28,7 @@ Welcome to the Symphonic-Joules documentation! This directory contains comprehen
 - [Architecture Overview](architecture.md)
 - [Archive Review Process](archive-review-process.md)
 - [Test Performance Guide](test-performance-guide.md)
+- [GitHub Workflows](workflows.md)
 - [API Reference](api-reference.md)
 
 ## 🔄 Keeping Documentation Updated

docs/workflows.md

@@ -0,0 +1,84 @@
+# GitHub Workflows
+
+This document describes the GitHub Actions workflows used in the Symphonic-Joules project.
+
+## Available Workflows
+
+### Update Dependencies
+
+**File:** `.github/workflows/update_dependencies.yml`
+
+**Purpose:** Automates checking and updating Python package dependencies.
+
+**Triggers:**
+- **Schedule:** Runs automatically every Monday at 9:00 AM UTC
+- **Manual:** Can be triggered manually via GitHub Actions UI
+
+**Environment Variables:**
+- `PYTHON_VERSION`: The Python version used for updates (default: 3.11)
+- `PIP_VERSION`: The pip version used (default: 24.0)
+
+**Manual Trigger Options:**
+- `package`: Specify a particular package to update (e.g., `numpy`, `librosa`)
+- `version`: Specify the target version for the package (leave empty for latest)
+
+**What It Does:**
+1. Checks out the repository
+2. Sets up Python environment with configured version
+3. Installs current dependencies
+4. Checks for outdated packages
+5. (Optional) Updates specific package if provided
+6. Creates a new branch with updates
+7. Commits and pushes changes
+
+**Usage Examples:**
+
+**Check all packages for updates:**
+- Go to Actions tab
+- Select "Update Dependencies" workflow
+- Click "Run workflow"
+- Leave inputs empty
+- Click "Run workflow"
+
+**Update specific package:**
+- Go to Actions tab
+- Select "Update Dependencies" workflow
+- Click "Run workflow"
+- Enter package name (e.g., `numpy`)
+- Optionally enter version (e.g., `1.24.0`)
+- Click "Run workflow"
+
+**Notes:**
+- The workflow only runs if the repository owner is `JaclynCodes`
+- Changes are pushed to a new branch with format `automated/update-dependencies-YYYYMMDD`
+- Manual review is recommended before merging dependency updates
+- The workflow uses GitHub Actions bot for commits
+
+## Other Workflows
+
+### CI (Continuous Integration)
+**File:** `.github/workflows/blank.yml`
+- Runs on push and pull requests to main branch
+- Performs linting, testing, and builds
+
+### CodeQL Advanced
+**File:** `.github/workflows/codeql.yml`
+- Security scanning workflow
+- Runs on schedule and PR events
+
+### License Check
+**File:** `.github/workflows/license-check.yml`
+- Validates license compliance
+
+### Static Content Deployment
+**File:** `.github/workflows/static.yml`
+- Deploys static content to GitHub Pages
+
+## Contributing
+
+When adding or modifying workflows:
+1. Follow YAML best practices
+2. Use environment variables for configuration
+3. Add appropriate documentation
+4. Test workflows before merging
+5. Follow the repository's contribution guidelines