Merge pull request #3330 from PolicyEngine/add-country-package-update-cron

Add cron-based country package update workflow

Author: anth-volk

.github/scripts/check_updates.py

@@ -0,0 +1,229 @@
+#!/usr/bin/env python3
+"""
+Check for PolicyEngine country package updates and generate PR summary.
+
+Checks PyPI for newer versions of country packages pinned in
+pyproject.toml. If updates are found, edits pyproject.toml, creates a
+changelog fragment, and writes a PR summary file.
+"""
+
+import os
+import re
+import sys
+
+import requests
+
+# Packages to track — must match the exact names used in pyproject.toml
+PACKAGES = ["policyengine_us", "policyengine_uk"]
+
+# Map package names to GitHub repos (for fetching changelogs)
+REPO_MAP = {
+    "policyengine_us": "PolicyEngine/policyengine-us",
+    "policyengine_uk": "PolicyEngine/policyengine-uk",
+}
+
+
+def get_current_versions(pyproject_content):
+    """Extract current pinned versions from pyproject.toml."""
+    versions = {}
+    for pkg in PACKAGES:
+        pattern = rf"{pkg.replace('_', '[-_]')}==([0-9]+\.[0-9]+\.[0-9]+)"
+        match = re.search(pattern, pyproject_content)
+        if match:
+            versions[pkg] = match.group(1)
+    return versions
+
+
+def get_latest_versions():
+    """Fetch latest versions from PyPI."""
+    versions = {}
+    for pkg in PACKAGES:
+        pypi_name = pkg.replace("_", "-")
+        resp = requests.get(f"https://pypi.org/pypi/{pypi_name}/json")
+        if resp.status_code == 200:
+            versions[pkg] = resp.json()["info"]["version"]
+    return versions
+
+
+def find_updates(current, latest):
+    """Return dict of packages that have newer versions on PyPI."""
+    updates = {}
+    for pkg in PACKAGES:
+        if pkg in current and pkg in latest and current[pkg] != latest[pkg]:
+            updates[pkg] = {"old": current[pkg], "new": latest[pkg]}
+    return updates
+
+
+def update_pyproject(content, updates):
+    """Replace pinned versions in pyproject.toml content."""
+    for pkg, versions in updates.items():
+        pattern = rf"({pkg.replace('_', '[-_]')}==)[0-9]+\.[0-9]+\.[0-9]+"
+        content = re.sub(pattern, rf"\g<1>{versions['new']}", content)
+    return content
+
+
+def fetch_changelog(pkg):
+    """Fetch CHANGELOG.md from the package's GitHub repo."""
+    repo = REPO_MAP.get(pkg)
+    if not repo:
+        return None
+    # Try main first, then master
+    for branch in ("main", "master"):
+        url = f"https://raw.githubusercontent.com/{repo}/{branch}/CHANGELOG.md"
+        resp = requests.get(url)
+        if resp.status_code == 200:
+            return resp.text
+    return None
+
+
+def parse_version(version_str):
+    """Parse a version string into a comparable tuple."""
+    return tuple(map(int, version_str.split(".")))
+
+
+def parse_changelog(text):
+    """Parse Keep-a-Changelog markdown into structured entries."""
+    if not text:
+        return []
+
+    entries = []
+    current_entry = None
+    current_category = None
+
+    for line in text.splitlines():
+        version_match = re.match(r"^##\s+\[(\d+\.\d+\.\d+)\]", line)
+        if version_match:
+            current_entry = {
+                "version": version_match.group(1),
+                "changes": {},
+            }
+            entries.append(current_entry)
+            current_category = None
+            continue
+
+        if current_entry is None:
+            continue
+
+        category_match = re.match(r"^###\s+(\w+)", line)
+        if category_match:
+            current_category = category_match.group(1).lower()
+            continue
+
+        item_match = re.match(r"^-\s+(.+)", line)
+        if item_match and current_category:
+            current_entry["changes"].setdefault(current_category, [])
+            current_entry["changes"][current_category].append(item_match.group(1))
+
+    return entries
+
+
+def get_changes_between(changelog, old_version, new_version):
+    """Extract changelog entries between two versions."""
+    old_v = parse_version(old_version)
+    new_v = parse_version(new_version)
+    return [
+        e
+        for e in changelog
+        if "version" in e and old_v < parse_version(e["version"]) <= new_v
+    ]
+
+
+def format_changes(entries):
+    """Format changelog entries as markdown sections."""
+    buckets = {"added": [], "changed": [], "fixed": [], "removed": []}
+    for entry in entries:
+        for cat, items in entry.get("changes", {}).items():
+            if cat in buckets:
+                buckets[cat].extend(items)
+
+    sections = []
+    for cat, items in buckets.items():
+        if items:
+            sections.append(
+                f"### {cat.capitalize()}\n" + "\n".join(f"- {item}" for item in items)
+            )
+    return "\n\n".join(sections) if sections else "No detailed changes available."
+
+
+def generate_summary(updates):
+    """Build a PR summary with version table and changelogs."""
+    parts = []
+
+    table = "| Package | Old Version | New Version |\n|---------|-------------|-------------|\n"
+    for pkg, v in updates.items():
+        table += f"| {pkg} | {v['old']} | {v['new']} |\n"
+    parts.append(table)
+
+    for pkg, v in updates.items():
+        changelog_text = fetch_changelog(pkg)
+        changelog = parse_changelog(changelog_text) if changelog_text else None
+        if changelog:
+            entries = get_changes_between(changelog, v["old"], v["new"])
+            if entries:
+                formatted = format_changes(entries)
+                parts.append(
+                    f"## What Changed ({pkg} {v['old']} → {v['new']})\n\n{formatted}"
+                )
+            else:
+                parts.append(
+                    f"## What Changed ({pkg} {v['old']} → {v['new']})\n\n"
+                    "No changelog entries found between these versions."
+                )
+
+    return "\n\n".join(parts)
+
+
+def write_github_output(key, value):
+    """Write a key=value pair to the GitHub Actions output file."""
+    path = os.environ.get("GITHUB_OUTPUT")
+    if path:
+        with open(path, "a") as f:
+            f.write(f"{key}={value}\n")
+
+
+def main():
+    with open("pyproject.toml", "r") as f:
+        content = f.read()
+
+    current = get_current_versions(content)
+    print(f"Current versions: {current}")
+
+    latest = get_latest_versions()
+    print(f"Latest versions:  {latest}")
+
+    updates = find_updates(current, latest)
+    if not updates:
+        print("No updates available.")
+        write_github_output("has_updates", "false")
+        return 0
+
+    print(f"Updates available: {updates}")
+
+    # Update pyproject.toml
+    new_content = update_pyproject(content, updates)
+    with open("pyproject.toml", "w") as f:
+        f.write(new_content)
+
+    # Generate PR summary
+    summary = generate_summary(updates)
+    with open("pr_summary.md", "w") as f:
+        f.write(summary)
+
+    # Create changelog fragment(s) in changelog.d/
+    for pkg, v in updates.items():
+        pretty = pkg.replace("_", " ").replace("policyengine", "PolicyEngine")
+        fragment = f"changelog.d/update-{pkg.replace('_', '-')}-{v['new']}.changed.md"
+        with open(fragment, "w") as f:
+            f.write(f"Update {pretty} to {v['new']}.\n")
+
+    # Set outputs
+    write_github_output("has_updates", "true")
+    updates_str = ", ".join(f"{pkg} to {v['new']}" for pkg, v in updates.items())
+    write_github_output("updates_summary", updates_str)
+
+    print("Updates prepared successfully!")
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

.github/scripts/create_pr.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+#
+# Create or update a PR for country package updates.
+#
+# Reads pr_summary.md and creates a new PR (or updates an existing one)
+# on the given branch.
+#
+# Usage: ./create_pr.sh <branch-name>
+#
+# Environment: GH_TOKEN must be set for the gh CLI.
+set -euo pipefail
+
+BRANCH="${1:?Usage: create_pr.sh <branch-name>}"
+
+if [[ ! -f pr_summary.md ]]; then
+  echo "Error: pr_summary.md not found"
+  exit 1
+fi
+
+PR_SUMMARY=$(cat pr_summary.md)
+
+PR_BODY="## Summary
+
+Automated country-package version bump.
+
+## Version Updates
+
+${PR_SUMMARY}
+
+---
+Generated automatically by GitHub Actions"
+
+# Re-use an existing PR on this branch if one is open
+EXISTING_PR=$(gh pr list --head "$BRANCH" --json number --jq '.[0].number' 2>/dev/null || true)
+
+if [[ -n "$EXISTING_PR" ]]; then
+  echo "Updating existing PR #${EXISTING_PR}"
+  gh api --method PATCH "/repos/{owner}/{repo}/pulls/${EXISTING_PR}" \
+    -f body="$PR_BODY"
+else
+  echo "Creating new PR"
+  gh pr create \
+    --title "Update country packages" \
+    --body "$PR_BODY" \
+    --base master
+fi

.github/workflows/pr.yml

@@ -35,15 +35,18 @@ jobs:
   test_container_builds:
     name: Docker
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
       - name: Log in to the Container registry
-        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.POLICYENGINE_DOCKER }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build container
         run: docker build -t ghcr.io/policyengine/policyengine docker
   test_env_vars:

.github/workflows/push.yml

@@ -111,15 +111,18 @@ jobs:
     name: Docker
     runs-on: ubuntu-latest
     needs: ensure-model-version-aligns-with-sim-api
+    permissions:
+      contents: read
+      packages: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
       - name: Log in to the Container registry
-        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
-          password: ${{ secrets.POLICYENGINE_DOCKER }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build container
         run: docker build -t ghcr.io/policyengine/policyengine docker
       - name: Push container

.github/workflows/update-country-packages.yaml

@@ -0,0 +1,60 @@
+name: Update country packages
+
+on:
+  schedule:
+    - cron: "*/30 * * * *" # Every 30 minutes
+  workflow_dispatch:
+
+jobs:
+  update:
+    name: Check for country package updates
+    runs-on: ubuntu-latest
+    if: github.repository == 'PolicyEngine/policyengine-api'
+    steps:
+      - name: Generate GitHub App token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          ref: master
+          token: ${{ steps.app-token.outputs.token }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: pip install requests
+
+      - name: Check for updates
+        id: check
+        run: python .github/scripts/check_updates.py
+
+      - name: No updates available
+        if: steps.check.outputs.has_updates != 'true'
+        run: echo "::notice::All country packages are up to date."
+
+      - name: Commit and push
+        if: steps.check.outputs.has_updates == 'true'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          BRANCH="bot/update-country-packages"
+          git checkout -b "$BRANCH"
+          git add pyproject.toml changelog.d/
+          git commit -m "Update country packages (${{ steps.check.outputs.updates_summary }})"
+          git push -f origin "$BRANCH"
+
+      - name: Create or update PR
+        if: steps.check.outputs.has_updates == 'true'
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+        run: |
+          chmod +x .github/scripts/create_pr.sh
+          .github/scripts/create_pr.sh bot/update-country-packages

changelog.d/add-country-package-update-cron.changed.md

@@ -0,0 +1 @@
+Replace push-based country package bump with cron-based workflow that polls PyPI every 30 minutes. Fix Docker login to use GITHUB_TOKEN instead of expired PAT.