Dependency Health Check #112
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependency Health Check | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| # Run every day at 6 AM UTC (cron: 0 6 * * * – daily) | |
| - cron: '0 6 * * *' | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| dependency-health: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v3 | |
| with: | |
| version: 9.0.0 | |
| run_install: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - name: Setup pnpm cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile --prefer-offline | |
| # NOTE: If this fails with ERR_PNPM_LOCKFILE_MISSING_DEPENDENCY, | |
| # run locally: rm pnpm-lock.yaml && pnpm install --no-frozen-lockfile | |
| - name: Security Audit | |
| run: | | |
| pnpm audit --audit-level=moderate || echo "Security vulnerabilities detected" | |
| continue-on-error: true | |
| - name: Build packages | |
| run: | | |
| echo "Building packages in dependency order..." | |
| pnpm --filter @castquest/neo-ux-core build | |
| pnpm --filter @castquest/sdk build | |
| pnpm --filter @castquest/core-services build | |
| continue-on-error: false | |
| env: | |
| CI: false | |
| - name: Check Version Consistency | |
| id: version-check | |
| run: | | |
| echo "Checking TypeScript versions..." | |
| TS_VERSIONS=$(find . -name "package.json" -not -path "*/node_modules/*" -exec grep -h '"typescript"' {} \; | sort -u | wc -l) | |
| echo "ts_versions=$TS_VERSIONS" >> $GITHUB_OUTPUT | |
| echo "Checking @types/node versions..." | |
| NODE_TYPES_VERSIONS=$(find . -name "package.json" -not -path "*/node_modules/*" -exec grep -h '"@types/node"' {} \; | sort -u | wc -l) | |
| echo "node_types_versions=$NODE_TYPES_VERSIONS" >> $GITHUB_OUTPUT | |
| echo "Checking Next.js versions..." | |
| NEXT_VERSIONS=$(find . -name "package.json" -not -path "*/node_modules/*" -exec grep -h '"next"' {} \; | sort -u | wc -l) | |
| echo "next_versions=$NEXT_VERSIONS" >> $GITHUB_OUTPUT | |
| # Allow up to 2 Next.js versions: frames uses 14.2.18, admin/web use 14.2.35 | |
| if [ "$TS_VERSIONS" -le 2 ] && [ "$NODE_TYPES_VERSIONS" -le 2 ] && [ "$NEXT_VERSIONS" -le 2 ]; then | |
| echo "Version consistency check passed ✓" | |
| echo "consistent=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Version consistency check failed ✗" | |
| echo "TypeScript versions: $TS_VERSIONS (should be ≤2)" | |
| echo "@types/node versions: $NODE_TYPES_VERSIONS (should be ≤2)" | |
| echo "Next.js versions: $NEXT_VERSIONS (should be ≤2)" | |
| echo "consistent=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Upload Health Report | |
| uses: actions/[email protected] | |
| if: always() | |
| with: | |
| name: version-report | |
| path: | | |
| package.json | |
| pnpm-lock.yaml | |
| - name: Comment on PR | |
| if: github.event_name == 'pull_request' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const versionConsistent = '${{ steps.version-check.outputs.consistent }}' === 'true'; | |
| const versionEmoji = versionConsistent ? '✅' : '❌'; | |
| const comment = `## 🏥 Dependency Health Check | |
| **Status:** ${versionConsistent ? '✅ Healthy' : '⚠️ Inconsistent Versions Detected'} | |
| **Version Consistency:** ${versionEmoji} ${versionConsistent ? 'Consistent' : 'Inconsistent'} | |
| ### Version Summary | |
| - TypeScript versions: ${{ steps.version-check.outputs.ts_versions }} | |
| - @types/node versions: ${{ steps.version-check.outputs.node_types_versions }} | |
| - Next.js versions: ${{ steps.version-check.outputs.next_versions }} | |
| --- | |
| ${!versionConsistent ? '⚠️ **Action Required:** Please address version inconsistencies before merging.' : '✅ All checks passed! Safe to merge.'} | |
| `; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: comment | |
| }); | |
| - name: Create Issue on Failure | |
| if: failure() && (github.event_name == 'schedule' || github.event_name == 'push') | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const title = '🚨 Dependency Health Check Failed'; | |
| const body = `## Automated Health Check Failure | |
| A scheduled dependency health check has detected issues in the repository. | |
| **Workflow Run:** ${context.payload.repository.html_url}/actions/runs/${context.runId} | |
| **Triggered by:** ${context.eventName} | |
| **Timestamp:** ${new Date().toISOString()} | |
| ### Recommended Actions | |
| 1. Review the workflow run logs for detailed error information | |
| 2. Check for version inconsistencies across packages | |
| 3. Verify all builds complete successfully | |
| 4. Review security audit results | |
| This issue was automatically created by the Dependency Health Check workflow. | |
| `; | |
| github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: title, | |
| body: body, | |
| labels: ['dependencies', 'automated', 'health-check'] | |
| }); |