name: Dependency Updates

on:
  schedule:
    - cron: '0 2 * * 1'  # Every Monday at 2 AM
  workflow_dispatch:

jobs:
  update-dependencies:
    name: Update Dependencies
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'
        
    - name: Install pip-tools
      run: |
        python -m pip install --upgrade pip
        pip install pip-tools
        
    - name: Update requirements
      run: |
        pip-compile --upgrade requirements.in
        pip-compile --upgrade requirements-dev.in
        
    - name: Check for security vulnerabilities
      run: |
        pip install safety
        safety check --json --output safety-report.json
        
    - name: Create Pull Request
      uses: peter-evans/create-pull-request@v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: 'chore: update dependencies'
        title: '🔧 Automated dependency updates'
        body: |
          ## Automated Dependency Updates
          
          This PR updates dependencies to their latest versions.
          
          ### 📋 Changes
          - Updated Python packages to latest versions
          - Security vulnerability fixes
          - Performance improvements
          
          ### 🔍 Security Report
          - [ ] No critical vulnerabilities
          - [ ] No high severity issues
          - [ ] Dependencies up to date
          
          ### 🧪 Testing
          - [ ] All tests pass
          - [ ] No breaking changes
          - [ ] Performance maintained
          
          **Auto-generated by GitHub Actions**
        branch: dependency-updates
        delete-branch: true