Weekly scheduled dependency-breakage check#200
Merged
Conversation
Captures decisions for a weekly GitHub Actions workflow that runs the existing lint + pytest matrix and opens a rolling tracking issue on failure, so dev/lint dependency regressions are caught during quiet periods between PRs.
Five tasks: (1) refactor ci.yml into reusable _checks.yml, (2) add gh CLI issue-management helper script, (3) add scheduled.yml with weekly cron + report-failure job, (4) live green/red-path validation on the branch, (5) open the PR. Implements planning/specs/2026-06-08-scheduled-dep-check-design.md.
ci.yml now delegates to a workflow_call-triggered _checks.yml. No behavior change for push/PR runs; same matrix, same commands, same concurrency. Prepares the ground for a sibling scheduled workflow to reuse the same jobs.
Maintains a single open issue labeled scheduled-failure: opens one on first failure, comments on subsequent failures while open. Idempotently creates the label with gh label create --force. Consumed by scheduled.yml in a later commit.
Runs the reusable _checks.yml every Monday at 06:00 UTC. On scheduled-event failure only, opens or updates a rolling GitHub issue via .github/scripts/report-scheduled-failure.sh. Manual workflow_dispatch failures intentionally do not report. Closes the implementation portion of planning/specs/2026-06-08-scheduled-dep-check-design.md.
When any permissions block is declared at job level, GitHub Actions sets unspecified permissions to none. The report-failure job runs actions/checkout@v4 which needs contents: read to clone the repo; without it the step can fail on private repos and is fragile on public repos.
…testing The implementation includes contents: read alongside issues: write on the report-failure job (required for actions/checkout when any job-level permissions block is declared). Update the spec text and YAML example accordingly. Also reframe the 'Testing the workflow' section: workflow_dispatch requires the workflow file on the default branch, so live testing of scheduled.yml itself is post-merge. ci.yml's refactor is fully exercised by the PR's pull_request run.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ci.ymlinto a reusable workflow_checks.yml(triggered viaworkflow_call).ci.ymlbecomes a thin caller; push/PR behavior is unchanged.scheduled.yml— runs_checks.ymlevery Monday at 06:00 UTC, also dispatchable via the Actions tab.report-failurejob opens or updates a single rolling tracking issue labeledscheduled-failure, viagh issueinvocations in.github/scripts/report-scheduled-failure.sh. Manualworkflow_dispatchfailures intentionally do not file issues.planning/specs/2026-06-08-scheduled-dep-check-design.md. Plan:planning/plans/2026-06-08-scheduled-dep-check-plan.md.What this catches
Because
just installdoesuv lock --upgrade, every CI run already uses freshest deps — but only when a PR exists. The scheduled run fills the quiet-period gap: a new ruff / ty / pytest / typing-extensions / eof-fixer release that breaks the existing matrix will be noticed within a week instead of waiting for the next contributor's red CI.Test plan
ci.ymlruns green on this PR (proves the reusable-workflow refactor preserved push/PR behavior — same matrix, same commands).scheduled-dep-checkmanually from the Actions tab (workflow_dispatch). Expected:checkspasses green,report-failureis skipped (if:guard excludes dispatch events).just install lint-ci→just install lint-ci && falseAND drop the&& github.event_name == 'schedule'half of theif:guard. Push, dispatch, confirm a new issue is filed with the correct title (Scheduled dependency check failed), label (scheduled-failure), and run URL. Then dispatch a second time and confirm a comment appears on the same issue rather than a second issue. Revert both temp edits before merging.Why post-merge for live
scheduled.ymltestingGitHub requires
workflow_dispatchworkflows to exist on the default branch before they can be dispatched. The refactoredci.ymlstill gets exercised on this PR (becausepull_requesttriggers don't have that constraint), so the reusable-workflow extraction is fully validated here.Files
.github/workflows/_checks.yml(new).github/workflows/ci.yml(rewritten as thin caller).github/workflows/scheduled.yml(new).github/scripts/report-scheduled-failure.sh(new, +x)planning/specs/2026-06-08-scheduled-dep-check-design.md(new)planning/plans/2026-06-08-scheduled-dep-check-plan.md(new)