dependency-canary #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dependency-canary | |
| on: | |
| schedule: | |
| - cron: "0 5 * * 1" | |
| workflow_dispatch: | |
| inputs: | |
| dependency: | |
| description: "Dependency to probe (all or exact package id)" | |
| required: false | |
| default: "all" | |
| version: | |
| description: "Target version or 'latest'" | |
| required: false | |
| default: "latest" | |
| permissions: | |
| contents: read | |
| jobs: | |
| validate-dispatch-inputs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Validate dependency input (fail-closed) | |
| if: github.event_name == 'workflow_dispatch' | |
| shell: bash | |
| run: >- | |
| dep="${{ github.event.inputs.dependency || 'all' }}"; [[ "${dep}" == "all" || "${dep}" == "SharpCompress" || "${dep}" == "Microsoft.IO.RecyclableMemoryStream" || "${dep}" == "System.Text.Json" ]] && { echo "OK: dependency input='${dep}'"; exit 0; }; echo "FAIL: unsupported dependency input='${dep}'" >&2; echo "Allowed: all, SharpCompress, Microsoft.IO.RecyclableMemoryStream, System.Text.Json" >&2; exit 1 | |
| canary: | |
| needs: [validate-dispatch-inputs] | |
| if: github.event_name != 'pull_request' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| dependency: | |
| - SharpCompress | |
| - Microsoft.IO.RecyclableMemoryStream | |
| - System.Text.Json | |
| runs-on: ubuntu-latest | |
| env: | |
| QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup .NET | |
| uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4 | |
| with: | |
| dotnet-version: | | |
| 8.0.x | |
| 10.0.102 | |
| - name: Run dependency canary update + focused tests | |
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.dependency == 'all' || github.event.inputs.dependency == matrix.dependency | |
| shell: bash | |
| run: | | |
| bash -euo pipefail tools/ci/bin/dependency-canary.sh "${{ matrix.dependency }}" "${{ github.event.inputs.version || 'latest' }}" | |
| - name: Assert QODANA_TOKEN present | |
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.dependency == 'all' || github.event.inputs.dependency == matrix.dependency | |
| shell: bash | |
| run: | | |
| test -n "${QODANA_TOKEN:-}" || (echo "FAIL: QODANA_TOKEN missing" >&2; exit 1) | |
| echo "OK: QODANA_TOKEN present" | |
| - name: Run Qodana | |
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.dependency == 'all' || github.event.inputs.dependency == matrix.dependency | |
| uses: JetBrains/qodana-action@42dad391966aca8ca344ca2340a7f43a5507e9b2 # v2025.3.1 | |
| with: | |
| args: --linter=jetbrains/qodana-dotnet:2025.3 | |
| results-dir: artifacts/ci/qodana | |
| upload-result: false | |
| use-caches: false | |
| - name: Run Qodana contract validator | |
| if: github.event_name != 'workflow_dispatch' || github.event.inputs.dependency == 'all' || github.event.inputs.dependency == matrix.dependency | |
| shell: bash | |
| env: | |
| CI_DEFER_ARTIFACT_LINK_RESOLUTION: "1" | |
| run: bash -euo pipefail tools/ci/bin/run.sh qodana | |
| - name: Upload canary artifacts | |
| if: always() && (github.event_name != 'workflow_dispatch' || github.event.inputs.dependency == 'all' || github.event.inputs.dependency == matrix.dependency) | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 | |
| with: | |
| name: canary-${{ matrix.dependency }} | |
| path: | | |
| artifacts/ci/qodana/ | |
| if-no-files-found: error |