chore(version-scanner): configure GHA to use targets file for multi-version scanning#17538
Conversation
…g under _safe_read_file
…nd hybrid packages
There was a problem hiding this comment.
Code Review
This pull request introduces support for scanning multiple target dependencies and versions simultaneously using a YAML targets file. It refactors file reading operations into a centralized, safe helper function, updates the CLI to accept a --targets-file argument, and adds comprehensive tests for the new functionality. The review feedback highlights three key areas for improvement: catching ValueError to robustly handle potential UnicodeDecodeError exceptions during file reading, enforcing that version numbers in the targets YAML file are quoted strings to prevent float truncation (e.g., 3.10 becoming 3.1), and tightening CLI argument validation to prevent confusing combinations of single-target options and the targets file.
There was a problem hiding this comment.
Comment for reviewer: we pulled out the match variable from many of the following tests to consolidate into a sample_match test fixture, reducing duplication.
…on-generated-packages
…loat versions, and argument validation
d7f1e71 to
66eabc1
Compare
This PR configures the Automated Dependency Version Scanner GHA workflow to use a YAML targets file instead of hardcoded dependency/version parameters, and limits scanning to the 31 handwritten and hybrid packages for speed.