Skip to content

ci: add dependency health checks#62

Merged
rian-be merged 3 commits into
mainfrom
issue-54-dependency-health
Jul 1, 2026
Merged

ci: add dependency health checks#62
rian-be merged 3 commits into
mainfrom
issue-54-dependency-health

Conversation

@rian-be

@rian-be rian-be commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR adds repeatable dependency health checks to the CI pipeline for ModularityKit.Mutator and documents the same workflow for local use.

Highlights

CI workflow

  • Add a dedicated dependency-health job to pr-check.yml.
  • Run dotnet list package --vulnerable --include-transitive for security coverage.
  • Run dotnet list package --outdated --include-transitive for package freshness.
  • Keep the dependency check separate from publishing and release automation.

Local workflow

  • Add a small helper script at scripts/dependencies/check_package_health.py.
  • Make the same check runnable locally after restore.
  • Document the command and remediation path in README.md.
  • Ignore Python bytecode artifacts with __pycache__/ and *.pyc.

Why

The repository has multiple package surfaces across runtime, governance, Redis, examples, benchmarks, and tests. A shared dependency check keeps vulnerability and outdated-package signal visible in CI without requiring manual inspection across projects.

The helper script keeps the local command aligned with CI and makes the output easier to act on while still relying on native dotnet list package behavior.

Checks

  • python3 -m py_compile scripts/dependencies/check_package_health.py
  • python3 -m scripts.dependencies.check_package_health --help
  • git diff --check

Closes

@github-actions github-actions Bot added documentation Documentation updates and additions ci CI/CD and repository automation changes performance Performance improvements or regressions labels Jul 1, 2026
@rian-be rian-be self-assigned this Jul 1, 2026
@rian-be rian-be marked this pull request as ready for review July 1, 2026 14:18
@rian-be rian-be merged commit 0dd4b59 into main Jul 1, 2026
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci CI/CD and repository automation changes documentation Documentation updates and additions performance Performance improvements or regressions

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Task]: Add dependency and security checks to CI

1 participant