CPython Patch PR Action docs

CPython patch automation

Eliminate manual CPython patch rollouts

The CPython Patch PR Action hunts down every pinned runtime in your repository, compares it with the upstream patch list, and opens ready-to-merge pull requests with changelog context. These docs explain how the action reads files, how to scope tracks per product, and how to keep security + governance teams informed about each bump.

Copy a workflow Review configuration Inspect example outputs

Why this action exists

Security and platform teams no longer need spreadsheets for CPython patches—the action tracks every release channel.

Who it serves

Platform, DevOps, and security engineers responsible for pinned runtimes across APIs, CLIs, and infrastructure code.

What the docs cover

Architecture, workflow recipes, configuration reference, troubleshooting playbooks, tests, and contribution guides.

Patch scenarios on autopilot

Decide how aggressive your rollout should be: scheduled weekly bumps, gated dry runs, or patch-only notifications. Every scenario has a walkthrough with copy-paste YAML and permission requirements.

Architecture tour

Understand how the scanner walks repos, detects pins, and drafts PRs.

Open architecture ↗

Workflow recipes

Scheduled, on-demand, and dry-run flows with approvals.

Browse recipes ↗

Examples & outputs

See the PR body, logs, and JSON outputs before shipping.

View examples ↗

Rollout playbooks

Mix and match recipes to fit each repository. These quick links highlight the most referenced guides.

Workflow recipes — Scheduled, nightly, and approval-gated jobs.
Configuration reference — Every input, env var, permission, and output.
Examples & outputs — Before/after diffs, log excerpts, and files_changed payloads.
Development handbook — Local dev server, scripts, and release hygiene.