From 389a4c868f7ca4366c6554069b3bcb708c361787 Mon Sep 17 00:00:00 2001 From: Saravana Achu Mac Date: Tue, 5 May 2026 13:36:04 -0700 Subject: [PATCH] ci(deps): add dependency health workflow --- .github/workflows/dependency-health.yml | 58 +++++++++++++++++++++++++ package.json | 1 + scripts/dependency-health.sh | 58 +++++++++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 .github/workflows/dependency-health.yml create mode 100755 scripts/dependency-health.sh diff --git a/.github/workflows/dependency-health.yml b/.github/workflows/dependency-health.yml new file mode 100644 index 0000000..7ad1412 --- /dev/null +++ b/.github/workflows/dependency-health.yml @@ -0,0 +1,58 @@ +name: Dependency Health — NoteLett + +on: + workflow_dispatch: + schedule: + - cron: "21 9 * * 1" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + dependency-health: + name: Dependency health report + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Checkout common-plat (for @bytelyst/* packages) + uses: actions/checkout@v4 + with: + repository: saravanakumardb1/learning_ai_common_plat + path: learning_ai_common_plat + token: ${{ secrets.GH_PAT }} + + - name: Link common-platform workspace path + run: | + mkdir -p ../learning_ai + ln -sfn "$GITHUB_WORKSPACE/learning_ai_common_plat" ../learning_ai/learning_ai_common_plat + + - uses: actions/setup-node@v4 + with: + node-version: 22 + cache: pnpm + cache-dependency-path: pnpm-lock.yaml + + - name: Enable pnpm + run: corepack enable + + - name: Build @bytelyst/* packages + working-directory: learning_ai_common_plat + run: | + pnpm install --frozen-lockfile + pnpm build + + - name: Install workspace dependencies + run: pnpm install --frozen-lockfile + + - name: Run dependency health script + run: bash scripts/dependency-health.sh | tee dependency-health-report.txt + + - name: Upload dependency health report + if: always() + uses: actions/upload-artifact@v4 + with: + name: dependency-health-report + path: dependency-health-report.txt + if-no-files-found: error diff --git a/package.json b/package.json index 3f8c635..50f72cd 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,7 @@ "smoke:local": "bash scripts/local-smoke.sh", "smoke:compose": "bash scripts/compose-smoke.sh", "audit:release-guards": "bash scripts/release-guard-audit.sh", + "dependency:health": "bash scripts/dependency-health.sh", "verify": "pnpm run typecheck && pnpm run test && pnpm run build", "prepare": "husky" }, diff --git a/scripts/dependency-health.sh b/scripts/dependency-health.sh new file mode 100755 index 0000000..a8d7ed0 --- /dev/null +++ b/scripts/dependency-health.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash +# Dependency health report for NoteLett and common-platform package compatibility. + +set -euo pipefail + +ROOT="$(git rev-parse --show-toplevel)" +cd "$ROOT" + +echo "=== Runtime ===" +node --version +pnpm --version + +echo "" +echo "=== Key dependency versions ===" +node <<'NODE' +const fs = require('fs'); +const packages = [ + ['root', 'package.json'], + ['backend', 'backend/package.json'], + ['web', 'web/package.json'], + ['mobile', 'mobile/package.json'], +]; +const keys = [ + '@bytelyst/api-client', + '@bytelyst/auth-client', + '@bytelyst/datastore', + '@bytelyst/fastify-core', + '@bytelyst/llm', + '@bytelyst/platform-client', + '@bytelyst/react-auth', + '@playwright/test', + 'expo', + 'fastify', + 'next', + 'react', + 'react-native', + 'vitest', +]; +for (const [label, file] of packages) { + const pkg = JSON.parse(fs.readFileSync(file, 'utf8')); + const deps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) }; + console.log(`[${label}]`); + for (const key of keys) { + if (deps[key]) console.log(`${key}=${deps[key]}`); + } +} +NODE + +echo "" +echo "=== TypeScript compatibility sweep ===" +pnpm run typecheck + +echo "" +echo "=== Outdated dependency report (non-blocking) ===" +pnpm outdated -r --long || true + +echo "" +echo "Dependency health check completed."