Set up automation for updating pytype and pyright versions.

[Mr-Sunglasses]

fix: #11484

[Akuli]

Thanks! Before merging this, I will figure out why the CI is failing on this pull request, and test this in my fork.

[JelleZijlstra]

Did you consider setting up a Dependabot configuration instead? That would be preferable since it means we can rely on a well-tested, widely used tool instead of having to write the script ourselves.

[AlexWaygood]

Did you consider setting up a Dependabot configuration instead? That would be preferable since it means we can rely on a well-tested, widely used tool instead of having to write the script ourselves.

We can't do that for pyright because of the unique way we pin pyright in pyproject.toml. Perhaps we could do a handrolled solution for pyright and do dependabot for everything else, though

[Avasam]

About dependabot, I'll repost this conversation: jakebailey/pyright-action#9 (comment)

Renovate could possibly do it. Otherwise it looks like it might be possible to Contributing new ecosystems

There's also the option of using https://pypi.org/project/pyright/ and updating our scripts to get the version from requirements.txt rather than pyproject.toml (just like we do for mypy). That way dependabot can pick it up.
Edit: Similarly, it could go in a package.json to avoid using the python wrapper #11484 (comment)

iirc, the sole reason the version is stored in pyproject.toml currently is to deduplicate it.

[jakebailey]

You can pin pyright in a package.json and dependabot will update that for you; the work to pull it out of the JSON file in CI is about the same as doing TOML:

jq -r '.devDependencies.pyright' < ./path.to/package.json

[AlexWaygood]

Renovate could possibly do it. Otherwise it looks like it might be possible to Contributing new ecosystems

I use renovate over at https://github.com/AlexWaygood/typeshed-stats and it works fine, though it's a bit of a pain to configure it correctly. I'd prefer dependabot if possible; @jakebailey's suggestion of reading the pyright version from a json file sounds great if it'll work with dependabot.

[jakebailey]

For a more concrete example of how to do this in GHA: https://github.com/microsoft/TypeChat/blob/main/.github/workflows/ci.python.yml#L49

But if you find this too cumbersome, I feel like I should probably add something to the action that lets you give it a package.json to read.

[AlexWaygood]

I still think a solution that uses dependabot rather than a custom Python script would be simpler, easier to maintain, and less prone to bugs (since dependabot is widely used and well tested)

[Mr-Sunglasses]

I still think a solution that uses dependabot rather than a custom Python script would be simpler, easier to maintain, and less prone to bugs (since dependabot is widely used and well tested)

Yes if it can be solved by dependabot, nothing is better than that.