From 701d028a9041dfd2b70b54ff3dd53cc712e20a4a Mon Sep 17 00:00:00 2001 From: Artur Shiriev Date: Tue, 9 Jun 2026 16:03:02 +0300 Subject: [PATCH] ci: add weekly scheduled dependency check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mondays 06:00 UTC, plus workflow_dispatch for manual runs. Calls _checks.yml so the suite stays identical to PR/main runs. On schedule failure, opens (or comments on) a tracking GitHub issue labelled scheduled-failure so dependency rot doesn't sit silent. cancel-in-progress: false on this concurrency group — unlike docs.yml, we want the scheduled run to finish even if another fires before it. Mirrors modern-di's pattern. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/scripts/report-scheduled-failure.sh | 27 ++++++++++++++++++++ .github/workflows/scheduled.yml | 28 +++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100755 .github/scripts/report-scheduled-failure.sh create mode 100644 .github/workflows/scheduled.yml diff --git a/.github/scripts/report-scheduled-failure.sh b/.github/scripts/report-scheduled-failure.sh new file mode 100755 index 0000000..7065008 --- /dev/null +++ b/.github/scripts/report-scheduled-failure.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +set -euo pipefail + +LABEL="scheduled-failure" +TITLE="Scheduled dependency check failed" + +# Ensure the label exists. --force makes this idempotent: creates if absent, +# updates color/description without error if present. +gh label create "$LABEL" \ + --color "FBCA04" \ + --description "Weekly dependency check failures" \ + --force + +# Find an open issue with our label, if any. --jq '.[0].number // empty' +# yields the first number or an empty string when there are no matches. +existing=$(gh issue list --label "$LABEL" --state open --json number --jq '.[0].number // empty') + +if [ -z "$existing" ]; then + body=$(printf '%s\n\n%s\n\n%s\n\n%s' \ + "The weekly scheduled dependency check failed." \ + "First failing run: ${RUN_URL}" \ + "Likely cause: a transitive dev or lint dependency (ruff, ty, eof-fixer, pytest, typing-extensions) released a breaking change. Reproduce locally with \`just install\` then \`just lint\` and \`just test\`." \ + "Close this issue once fixed. The next scheduled failure will open a fresh issue.") + gh issue create --title "$TITLE" --label "$LABEL" --body "$body" +else + gh issue comment "$existing" --body "Failed again: ${RUN_URL}" +fi diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml new file mode 100644 index 0000000..b1fe433 --- /dev/null +++ b/.github/workflows/scheduled.yml @@ -0,0 +1,28 @@ +name: scheduled-dep-check +on: + schedule: + - cron: "0 6 * * 1" # Mondays 06:00 UTC + workflow_dispatch: {} + +concurrency: + group: scheduled-dep-check + cancel-in-progress: false + +jobs: + checks: + uses: ./.github/workflows/_checks.yml + + report-failure: + needs: checks + if: failure() && github.event_name == 'schedule' + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + steps: + - uses: actions/checkout@v6 + - name: Open or update tracking issue + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: bash .github/scripts/report-scheduled-failure.sh