feat: [#446] add dependencies update automation script and skill#447
Merged
josecelano merged 4 commits intotorrust:mainfrom Apr 13, 2026
Merged
Conversation
Add `scripts/update-dependencies.sh` to automate the dependency update
workflow. The script handles the full lifecycle from branch creation
to optional PR creation:
1. Verifies a clean working tree
2. Fetches and fast-forwards the base branch from the upstream remote
3. Creates (or recreates) the feature branch
4. Runs `cargo update` and captures the full output
5. Exits early if no Cargo.lock changes are produced
6. Optionally runs `./scripts/pre-commit.sh`
7. Commits the `Cargo.lock` changes with the full `cargo update`
output in the commit body (signed by default via `git commit -S`)
8. Pushes the branch to the fork remote
9. Optionally creates a PR via `gh pr create`
Usage:
./scripts/update-dependencies.sh \
--branch 446-update-dependencies \
--push-remote josecelano \
--create-pr
See `./scripts/update-dependencies.sh --help` for all options.
Also adds `worktree` to project-words.txt (used in function name
`ensure_clean_worktree`) and documents the script in
`docs/contributing/README.md`.
Member
Author
|
ACK 08bef3e |
1 similar comment
Member
Author
|
ACK 08bef3e |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
This PR adds comprehensive automation for the dependency update workflow:
1. Scripts
scripts/update-dependencies.sh: Fully automated dependency update lifecycle2. Documentation
docs/contributing/README.md: Added Dependency Update Automation section with usage examples.github/skills/dev/maintenance/update-dependencies/skill.md: Comprehensive Agent Skill for the workflow3. Project Configuration
project-words.txt: Added 'worktree' for spell checking4. Documentation Consistency
AGENTS.md: Added GPG commit signing requirement.github/skills/dev/git-workflow/commit-changes/skill.md:Workflow
Simple updates (no issue required):
./scripts/update-dependencies.sh --branch update-dependencies --push-remote {fork-remote} --create-prComplex updates (with issue):
./scripts/update-dependencies.sh --branch {issue-number}-update-dependencies --push-remote {fork-remote} --create-prAll commits are signed with GPG (-S).
Related