From e09a65ff7ebbf3a0ef95bc54a357cba7ba1ba0eb Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Mon, 8 Jun 2026 11:39:19 -0700 Subject: [PATCH 1/2] chore(azldev): Update alzdev version to latest --- .azldev-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azldev-version b/.azldev-version index 89cffb13077..95552389490 100644 --- a/.azldev-version +++ b/.azldev-version @@ -1 +1 @@ -44f81cce609aef9b1352ad628f1a658822bdfa30 +0256227f5434d9e00d7c8501b16848efa400a72b From 615f5a8a34ab88d812986fee3f2d2972cc4d2a22 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 10 Jun 2026 15:05:20 -0700 Subject: [PATCH 2/2] ci: add smoketest on updated azldev pin --- .github/workflows/azldev-smoke.yml | 86 ++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 .github/workflows/azldev-smoke.yml diff --git a/.github/workflows/azldev-smoke.yml b/.github/workflows/azldev-smoke.yml new file mode 100644 index 00000000000..4e27d8b5f92 --- /dev/null +++ b/.github/workflows/azldev-smoke.yml @@ -0,0 +1,86 @@ +# Smoke-test the azldev version pinned in .azldev-version. +# +# When a PR bumps .azldev-version (or touches the runner image / this workflow), +# build the runner container with that exact pin and confirm the resulting +# binary can (a) run and (b) parse every component definition in the repo via +# `azldev component list`. This catches the two failure modes of a version bump: +# the pin doesn't `go install`, or the new version breaks on the repo's TOMLs. +name: "azldev Smoke Test" + +on: + pull_request: + branches: ["4.0"] + paths: + - ".azldev-version" + - ".github/workflows/containers/azldev-runner.Dockerfile" + - ".github/workflows/azldev-smoke.yml" + workflow_dispatch: + +# Cancel in-progress runs of this workflow if a new run is triggered. +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} + cancel-in-progress: true + +permissions: {} + +jobs: + smoke: + name: "comp list" + runs-on: ubuntu-latest + timeout-minutes: 30 + permissions: + contents: read + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Validate .azldev-version format + run: | + set -euo pipefail + version="$(tr -d '\n' < .azldev-version)" + if [ -z "$version" ]; then + echo "::error::.azldev-version is empty" + exit 1 + fi + # Restrict to the charset Go module versions use (commit SHAs, tags, + # pseudo-versions). This blocks shell metacharacters so the value is + # safe to pass straight through to `docker build --build-arg` below. + if ! printf '%s' "$version" | grep -Eq '^[0-9A-Za-z._+-]+$'; then + echo "::error::.azldev-version contains unexpected characters: '$version'" + exit 1 + fi + echo "azldev version pin: $version" + + - name: Build azldev runner container + run: | + set -euo pipefail + docker build \ + --build-arg UID="$(id -u)" \ + --build-arg AZLDEV_VERSION="$(cat .azldev-version)" \ + -t localhost/azldev-runner \ + -f .github/workflows/containers/azldev-runner.Dockerfile \ + .github/workflows/containers/ + + # `component list` only parses TOML, so no mock sandbox flags are needed + # here (contrast with the render/build checks). Mount the checkout rw to + # match the documented /workdir convention and avoid surprises if azldev + # writes a cache. + - name: Smoke-test azldev + run: | + set -euo pipefail + docker run --rm \ + -v "$GITHUB_WORKSPACE:/workdir" \ + localhost/azldev-runner \ + bash -eu -o pipefail -c ' + echo "=== azldev version ===" + azldev --version + echo "=== azldev component list ===" + count=$(azldev component list -a -q -O json | jq length) + echo "azldev resolved ${count} component(s)" + if [ "${count}" -le 0 ]; then + echo "::error::azldev component list returned no components" + exit 1 + fi + '