From ecef842cb5f7f7dff31476c27c516c0d37c71283 Mon Sep 17 00:00:00 2001 From: yangdx Date: Tue, 2 Dec 2025 03:47:47 +0800 Subject: [PATCH 1/3] Update GitHub Actions to use latest versions (v6) --- .github/workflows/copilot-setup-steps.yml | 4 ++-- .github/workflows/docker-build-lite.yml | 2 +- .github/workflows/docker-build-manual.yml | 2 +- .github/workflows/docker-publish.yml | 2 +- .github/workflows/linting.yaml | 4 ++-- .github/workflows/pypi-publish.yml | 4 ++-- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 6b946ed1..618b80b4 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -23,10 +23,10 @@ jobs: # If you do not check out your code, Copilot will do this for you. steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Python 3.11 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.11' diff --git a/.github/workflows/docker-build-lite.yml b/.github/workflows/docker-build-lite.yml index 9cbe6289..652c5649 100644 --- a/.github/workflows/docker-build-lite.yml +++ b/.github/workflows/docker-build-lite.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 diff --git a/.github/workflows/docker-build-manual.yml b/.github/workflows/docker-build-manual.yml index de459d5a..31027304 100644 --- a/.github/workflows/docker-build-manual.yml +++ b/.github/workflows/docker-build-manual.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Fetch all history for tags diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 6c290d59..b81d4f53 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Fetch all history for tags diff --git a/.github/workflows/linting.yaml b/.github/workflows/linting.yaml index aa054369..7aef7d13 100644 --- a/.github/workflows/linting.yaml +++ b/.github/workflows/linting.yaml @@ -14,10 +14,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v6 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v6 with: python-version: '3.x' diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 14c2bcc5..5c35eee2 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 # Fetch all history for tags @@ -40,7 +40,7 @@ jobs: echo "Frontend files:" ls -lh lightrag/api/webui/ | head -10 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" From 0f19f80fdbdc2f6dd08a7aea35013f1fead00030 Mon Sep 17 00:00:00 2001 From: yangdx Date: Tue, 2 Dec 2025 04:28:59 +0800 Subject: [PATCH 2/3] Configure comprehensive Dependabot for Python and frontend dependencies - Add pip ecosystem with grouping - Add bun ecosystem for webui - Set weekly update schedule - Configure cooldown periods - Ignore numpy breaking changes --- .github/dependabot.yml | 157 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index be006de9..ff191bf1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,6 +3,8 @@ # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem version: 2 updates: + # Enable version updates for GitHub Actions + # Workflow files stored in the default location of `.github/workflows` - package-ecosystem: github-actions directory: / groups: @@ -11,3 +13,158 @@ updates: - "*" # Group all Actions updates into a single larger pull request schedule: interval: weekly + labels: + - "dependencies" + - "github-actions" + open-pull-requests-limit: 5 + + # Configuration for pip (Python dependencies) + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + cooldown: + default-days: 5 + semver-major-days: 30 + semver-minor-days: 7 + semver-patch-days: 3 + groups: + # Core dependencies - LLM providers and embeddings + llm-providers: + patterns: + - "openai" + - "anthropic" + - "google-*" + - "boto3" + - "botocore" + - "ollama" + update-types: + - "minor" + - "patch" + # Storage backends + storage: + patterns: + - "neo4j" + - "pymongo" + - "redis" + - "psycopg*" + - "asyncpg" + - "milvus*" + - "qdrant*" + update-types: + - "minor" + - "patch" + # Data processing and ML + data-processing: + patterns: + # - "numpy" + - "scipy" + - "pandas" + - "tiktoken" + - "transformers" + - "torch*" + update-types: + - "minor" + - "patch" + # Web framework and API + web-framework: + patterns: + - "fastapi" + - "uvicorn" + - "gunicorn" + - "starlette" + - "pydantic*" + update-types: + - "minor" + - "patch" + # Development and testing tools + dev-tools: + patterns: + - "pytest*" + - "ruff" + - "pre-commit" + - "black" + - "mypy" + update-types: + - "minor" + - "patch" + # Minor and patch updates for everything else + python-minor-patch: + patterns: + - "*" + update-types: + - "minor" + - "patch" + ignore: + # numpy updates are disabled due to potential breaking changes + - dependency-name: "numpy" + labels: + - "dependencies" + - "python" + open-pull-requests-limit: 10 + + # Configuration for bun (Frontend dependencies) + - package-ecosystem: "bun" + directory: "/lightrag_webui" + schedule: + interval: "weekly" + cooldown: + default-days: 5 + semver-major-days: 30 + semver-minor-days: 7 + semver-patch-days: 3 + groups: + # React ecosystem + react: + patterns: + - "react" + - "react-dom" + - "react-router*" + - "@types/react*" + update-types: + - "minor" + - "patch" + # UI components and styling + ui-components: + patterns: + - "@radix-ui/*" + - "tailwind*" + - "@tailwindcss/*" + - "lucide-react" + - "class-variance-authority" + - "clsx" + update-types: + - "minor" + - "patch" + # Graph visualization + graph-viz: + patterns: + - "sigma" + - "@sigma/*" + - "graphology*" + update-types: + - "minor" + - "patch" + # Build tools and dev dependencies + build-tools: + patterns: + - "vite" + - "@vitejs/*" + - "typescript" + - "eslint*" + - "@eslint/*" + - "prettier" + update-types: + - "minor" + - "patch" + # All other minor and patch updates + frontend-minor-patch: + patterns: + - "*" + update-types: + - "minor" + - "patch" + labels: + - "dependencies" + - "frontend" + open-pull-requests-limit: 10 From f93bda585951ea2a743a4db915b1af37ef9feaab Mon Sep 17 00:00:00 2001 From: yangdx Date: Tue, 2 Dec 2025 04:50:28 +0800 Subject: [PATCH 3/3] Enable numpy updates in dependabot configuration - Re-enable numpy in data-processing group - Remove numpy from ignore list - Allow minor and patch updates - Remove breaking change comment --- .github/dependabot.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ff191bf1..62ffb6b5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -57,7 +57,7 @@ updates: # Data processing and ML data-processing: patterns: - # - "numpy" + - "numpy" - "scipy" - "pandas" - "tiktoken" @@ -95,9 +95,6 @@ updates: update-types: - "minor" - "patch" - ignore: - # numpy updates are disabled due to potential breaking changes - - dependency-name: "numpy" labels: - "dependencies" - "python"