chore(azldev): Update alzdev version to latest

.azldev-version

@@ -1 +1 @@
-44f81cce609aef9b1352ad628f1a658822bdfa30
+0256227f5434d9e00d7c8501b16848efa400a72b

.github/workflows/azldev-smoke.yml

@@ -0,0 +1,86 @@
+# Smoke-test the azldev version pinned in .azldev-version.
+#
+# When a PR bumps .azldev-version (or touches the runner image / this workflow),
+# build the runner container with that exact pin and confirm the resulting
+# binary can (a) run and (b) parse every component definition in the repo via
+# `azldev component list`. This catches the two failure modes of a version bump:
+# the pin doesn't `go install`, or the new version breaks on the repo's TOMLs.
+name: "azldev Smoke Test"
+
+on:
+  pull_request:
+    branches: ["4.0"]
+    paths:
+      - ".azldev-version"
+      - ".github/workflows/containers/azldev-runner.Dockerfile"
+      - ".github/workflows/azldev-smoke.yml"
+  workflow_dispatch:
+
+# Cancel in-progress runs of this workflow if a new run is triggered.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  smoke:
+    name: "comp list"
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Validate .azldev-version format
+        run: |
+          set -euo pipefail
+          version="$(tr -d '\n' < .azldev-version)"
+          if [ -z "$version" ]; then
+            echo "::error::.azldev-version is empty"
+            exit 1
+          fi
+          # Restrict to the charset Go module versions use (commit SHAs, tags,
+          # pseudo-versions). This blocks shell metacharacters so the value is
+          # safe to pass straight through to `docker build --build-arg` below.
+          if ! printf '%s' "$version" | grep -Eq '^[0-9A-Za-z._+-]+$'; then
+            echo "::error::.azldev-version contains unexpected characters: '$version'"
+            exit 1
+          fi
+          echo "azldev version pin: $version"
+
+      - name: Build azldev runner container
+        run: |
+          set -euo pipefail
+          docker build \
+            --build-arg UID="$(id -u)" \
+            --build-arg AZLDEV_VERSION="$(cat .azldev-version)" \
+            -t localhost/azldev-runner \
+            -f .github/workflows/containers/azldev-runner.Dockerfile \
+            .github/workflows/containers/
+
+      # `component list` only parses TOML, so no mock sandbox flags are needed
+      # here (contrast with the render/build checks). Mount the checkout rw to
+      # match the documented /workdir convention and avoid surprises if azldev
+      # writes a cache.
+      - name: Smoke-test azldev
+        run: |
+          set -euo pipefail
+          docker run --rm \
+            -v "$GITHUB_WORKSPACE:/workdir" \
+            localhost/azldev-runner \
+            bash -eu -o pipefail -c '
+              echo "=== azldev version ==="
+              azldev --version
+              echo "=== azldev component list ==="
+              count=$(azldev component list -a -q -O json | jq length)
+              echo "azldev resolved ${count} component(s)"
+              if [ "${count}" -le 0 ]; then
+                echo "::error::azldev component list returned no components"
+                exit 1
+              fi
+            '