Bump XMLCoder 0.18.1 and fix CI workflow regressions

[dependabot]

Bumps github.com/coreoffice/xmlcoder from 0.18.0 to 0.18.1.

Release notes

Sourced from github.com/coreoffice/xmlcoder's releases.

0.18.1

What's Changed

• fix: Pretty print elements with intrinsic values on a single line by @​weppos in CoreOffice/XMLCoder#296

New Contributors

• @​weppos made their first contribution in CoreOffice/XMLCoder#296

Full Changelog: CoreOffice/XMLCoder@0.18.0...0.18.1

Commits

• b2b5d72 fix: Pretty print elements with intrinsic values on a single line (#296)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Perform an AI-assisted review on

[claude]

Code Review

Overview

This PR is labeled as a Dependabot bump for XMLCoder (0.18.0 → 0.18.1), but it also contains extensive CI workflow changes that go well beyond the dependency update. The XMLCoder bump itself is a safe patch release (pretty-print bugfix). The CI changes deserve separate scrutiny.

---

XMLCoder Dependency Bump

No concerns. XMLCoder 0.18.1 is a patch release fixing pretty-print formatting for elements with intrinsic values (CoreOffice/XMLCoder#296). The Package.resolved update is correct and the change is low-risk.

---

CI Workflow Changes

Potential Bug: WASM Matrix Entry

# Before (two separate matrix entries implied)
swift:
  - version: "6.2"

# After (a single entry with an array value)
swift:
  - version: ["6.2", "6.3"]

This is likely a bug. A matrix entry where version is an array ["6.2", "6.3"] does not expand into two jobs — it creates one job where matrix.swift.version is the string ["6.2", "6.3"]. If the intent is to test both Swift 6.2 and 6.3 in the WASM job, it should be:

swift:
  - version: "6.2"
  - version: "6.3"

Floating Action Version Pin

# Before
uses: brightdigit/swift-build@v1.5.0

# After
uses: brightdigit/swift-build@v1

Pinning to a major version tag (@v1) rather than a specific release (@v1.5.0) introduces non-determinism — the workflow behavior could silently change when v1 is force-pushed to a newer commit. Consider keeping the specific version pin, or at minimum pinning to a full SHA.

Trailing Whitespace

Several lines in the diff have trailing whitespace (e.g., osVersion: "26.4" and download-platform: true blocks). Minor, but worth cleaning up.

Scope Creep

The CI changes (action version bumps, matrix consolidation, new Swift 6.3 and Windows/Android entries, download-platform: true additions) are unrelated to the XMLCoder bump. These are meaningful CI changes that would be easier to review, revert, or bisect if they were in a separate PR.

---

Summary

Area	Status
XMLCoder 0.18.0 → 0.18.1	✅ Safe to merge
WASM matrix version: ["6.2", "6.3"]	⚠️ Likely bug — won't expand into two jobs
swift-build@v1 floating pin	⚠️ Prefer pinned version for reproducibility
Action version bumps (checkout@v6, codecov@v6, etc.)	✅ Reasonable updates
Swift 6.3 added to Linux/Windows/Android matrices	✅ Good coverage expansion
Trailing whitespace	ℹ️ Minor cleanup needed

The WASM matrix entry should be fixed before merging. The floating swift-build pin is worth reconsidering. Everything else looks good.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.65%. Comparing base (bf0315d) to head (3877936).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #123      +/-   ##
==========================================
- Coverage   78.40%   77.65%   -0.76%     
==========================================
  Files          74       74              
  Lines        1973     1553     -420     
==========================================
- Hits         1547     1206     -341     
+ Misses        426      347      -79     

Flag	Coverage Δ
5.10	66.06% <ø> (?)
6.0	76.88% <ø> (?)
6.1	76.88% <ø> (?)
6.2	76.88% <ø> (?)
6.3	76.88% <ø> (?)
ios18.5	76.88% <ø> (?)
ios26.4	76.88% <ø> (?)
jammy	77.65% <ø> (?)
macos	76.88% <ø> (-0.07%)	⬇️
macos-14	?
macos-15	?
macos-26	?
noble	77.65% <ø> (?)
spm	77.65% <ø> (?)
swift-5.10	?
swift-6.0	?
swift-6.1	?
swift-6.1.2	?
swift-6.2	?
swift-6.2.1	?
swift-6.2.3	?
swift-6.3-nightly	?
tvos18.5	76.88% <ø> (?)
tvos26.4	76.88% <ø> (?)
ubuntu	?
ubuntu-jammy	?
ubuntu-noble	?
visionos2.5	76.88% <ø> (?)
visionos26.4	76.88% <ø> (?)
watchos11.5	76.88% <ø> (?)
watchos26.4	76.88% <ø> (?)
xcode-15.4.	?
xcode-16.4.	?
xcode-26.0.	?
xcode-26.1.	?
xcode-26.2.	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

Code Review

Overview

This PR is labeled as a Dependabot bump of XMLCoder from 0.18.0 to 0.18.1, but the diff contains substantial CI/CD workflow changes well beyond the dependency update. This is atypical for a Dependabot PR and warrants careful review of the workflow changes.

---

Package.resolved (XMLCoder bump)

• Straightforward patch version bump (0.18.0 → 0.18.1)
• The upstream change is a bug fix for pretty-printing elements with intrinsic values on a single line — low risk, no API changes
• Approved as-is

---

CI Workflow Changes (.github/workflows/syndikit.yml)

These changes are unrelated to the XMLCoder bump and represent significant CI infrastructure updates:

Potential Issues

• actions/checkout@v6: The latest stable release of actions/checkout is v4. There is no known stable v6. This could cause CI failures across every job in the workflow. Should be verified before merging.

• brightdigit/swift-build@v1 (floating tag): Previously pinned to @v1.5.0. Moving to a floating major version tag (@v1) reduces reproducibility — future patch/minor updates to that action will automatically apply without explicit review.

Positive Changes

• sersoft-gmbh/swift-coverage-action@v4 → v5: Legitimate version upgrade
• codecov/codecov-action@v4 → v6: Legitimate version upgrade
• Android coverage step properly gated behind steps.build.outputs.contains-code-coverage == 'true' — avoids spurious failures
• Windows matrix now includes Swift 6.3 builds
• Android matrix now includes Swift 6.2 and 6.3
• Swift 6.x compat suite: swiftlang/swift:nightly-6.3-noble → swift:6.3 is a good move once 6.3 is stable
• download-platform: true added for simulator targets on Xcode 26.4 — likely required for those runners

Coverage Reduction Concerns

• macOS: Xcode 26.0, 26.1, and 26.2 removed; only 26.4 retained. If 26.4 is the final release, this is acceptable, but it reduces historical coverage across release candidates.
• iOS/watchOS/tvOS/visionOS: Consolidated from three Xcode versions to one (26.4 only) — same concern.

Minor Nits

• Trailing whitespace on several added lines (e.g., the osVersion: "26.4" lines)
• nightly: true removed from the Ubuntu Swift 6.3 matrix entry — verify this is intentional and that 6.3 is now a stable release

---

Summary

Area	Status
XMLCoder 0.18.1 bump	✅ Safe to merge
actions/checkout@v6	⚠️ Needs verification — v6 may not exist
Floating swift-build@v1 tag	⚠️ Minor reproducibility concern
CI matrix reduction	⚠️ Acceptable if Xcode 26.4 is the stable release
Coverage gating improvements	✅ Good change

Recommendation: Verify that actions/checkout@v6 is a valid, stable release before merging. The XMLCoder bump itself is fine, but the workflow changes should be validated independently of the dependency PR — ideally split into a separate PR for clarity.

[claude]

Code Review

Overview

This PR is labeled as a dependency bump (XMLCoder 0.18.0 → 0.18.1) but the diff includes a substantial CI/CD workflow overhaul — far beyond what Dependabot would generate. The actual changes span three areas:

1. Package.resolved — XMLCoder bump (patch fix: pretty-print elements with intrinsic values)
2. Package@swift-6.0.swift — Adds zlib linker flag for Android builds
3. .github/workflows/syndikit.yml — Major CI restructuring

---

Positive Changes

• Dynamic matrix (configure job): The new logic to run a minimal matrix on feature branches and full matrix on main/release branches is a good CI optimization — saves resources without sacrificing coverage on important refs.
• Concurrency groups: Adding cancel-in-progress: true is a sensible improvement to avoid wasting runner minutes on superseded commits.
• build-wasm consolidation: Merging the separate wasm job into build-ubuntu via a type matrix dimension reduces duplication and is cleaner.
• Android zlib linker fix in Package@swift-6.0.swift: Correctly addresses the known zlib linking issue on Android (referenced in CLAUDE.md) and is appropriately scoped to Android only.
• Conditional coverage uploads: Guarding coverage steps with if: steps.build.outputs.contains-code-coverage == 'true' is more robust than unconditionally running them.

---

Issues and Concerns

1. PR scope mismatch
The PR title says "Bump XMLCoder 0.18.0 → 0.18.1" but ~450 lines of CI workflow changes are included. If Dependabot opened this PR and commits were pushed on top, the PR should be re-titled or the CI changes should be split into a separate PR for clarity and reviewability.

2. actions/checkout@v6 — verify this version exists
The diff replaces actions/checkout@v4 with @v6 throughout. As of the current date, the latest stable release of actions/checkout is v4. Using an unpublished major version will cause all jobs to fail. This should be verified before merging.

3. fail-fast removed from build-ubuntu
The original build-wasm job had fail-fast: false. The new unified build-ubuntu job no longer sets this, meaning a single matrix failure (e.g., one Swift version on one OS) will cancel remaining jobs, losing diagnostic information across the matrix.

4. Coverage regression on Windows and Android
Coverage uploads were removed from the build-windows and build-android jobs. If these platforms had coverage data contributing to Codecov, those flags (windows-*, android-*) will now go missing. Intentional or oversight?

5. brightdigit/swift-build@v1.5.0 → @v1 (floating version)
Pinned action versions are more reproducible. Switching to @v1 means any future v1.x release could silently change build behavior. If the intent is "always latest v1", this is fine — but it's worth being explicit about the tradeoff.

6. fail_ci_if_error: true removed from Codecov uploads
The original workflow had fail_ci_if_error: true on Codecov uploads to catch token/configuration problems. Removing it means broken coverage uploads will silently pass CI.

7. Lint condition change

# Before
if: ${{ !contains(github.event.head_commit.message, 'ci skip') }}

# After
if: ${{ always() && !cancelled() && !failure() }}

The new condition runs lint even when upstream build jobs were skipped (e.g., Windows/Android skipped on feature branches via if: needs.configure.outputs.full-matrix == 'true'). Skipped jobs don't set failure() to true, so this should work correctly — but worth confirming the behavior with skipped dependencies.

8. Nightly Swift removed from source compat suite
swiftlang/swift:nightly-6.3-noble was replaced with swift:6.3. If 6.3 is now stable this is correct, but if the intent was to catch regressions against nightly builds this is a loss.

---

Minor / Style

• The curl installation step in build-ubuntu (apt-get install -y curl) is fragile and adds latency. Most Swift container images include curl; worth checking if this step is actually needed.
• Trailing whitespace was cleaned up in several places — good hygiene.
• Several macOS matrix entries updated from "26.x" to "26.4" consolidation — reduces CI cost, acceptable tradeoff.

---

Summary

Area	Verdict
XMLCoder bump	✅ Safe patch-level update
Android zlib fix	✅ Correct and well-scoped
CI dynamic matrix	✅ Good optimization
checkout@v6	⚠️ Needs verification — may not exist
fail-fast removal	⚠️ Minor regression in debuggability
Coverage regression	⚠️ Windows/Android coverage lost
PR scope vs title	⚠️ Should be retitled or split

The XMLCoder bump and Android fix are straightforwardly good. The CI changes are mostly improvements but the actions/checkout@v6 reference is a blocking concern — if that version doesn't exist, every job in the workflow will fail immediately.

[claude]

Code Review

Overview

This PR does two things:

1. Bumps XMLCoder from 0.18.0 → 0.18.1 (patch fix for pretty-printing intrinsic values)
2. Significantly refactors the CI workflow — consolidating jobs, adding a dynamic matrix, updating action versions, and pruning the macOS build matrix

---

XMLCoder Bump

• Straightforward patch bump. The upstream fix (pretty-print elements with intrinsic values on a single line) is a formatting-only change and is very unlikely to affect SyndiKit's decoding logic.
• Package.resolved is correctly updated. ✅

---

Package@swift-6.0.swift — Android zlib linker fix

linkerSettings: [.linkedLibrary("z", .when(platforms: [.android]))]

• This is a targeted fix for Android builds that need explicit zlib linking. Correct use of platform condition. ✅

---

CI Workflow — Positives

• Dynamic matrix via configure job: Fast-path for PRs (only noble/Swift 6.3) and full matrix for main/releases is a solid CI cost-reduction strategy. ✅
• Concurrency group with cancel-in-progress: Prevents wasted runner time on stale pushes. ✅
• Coverage steps made conditional on steps.build.outputs.contains-code-coverage == 'true': Avoids spurious failures when no coverage data is generated. ✅
• build-wasm merged into build-ubuntu with matrix type: Good consolidation that removes job duplication. ✅
• swift:6.3 in source compat suite (was swiftlang/swift:nightly-6.3-noble): Correct now that 6.3 is stable. ✅
• Android Swift matrix expanded to 6.1, 6.2, 6.3. ✅

---

CI Workflow — Issues and Concerns

🔴 actions/checkout@v6 — Verify this tag exists

Every job uses actions/checkout@v6, but the latest published release of that action is v4. If v6 does not exist, all jobs will fail at checkout. Please verify this tag is actually published before merging. If it doesn't exist, revert to actions/checkout@v4.

🟡 brightdigit/swift-build@v1 — Floating major version pin

The previous pin was brightdigit/swift-build@v1.5.0 (exact). The new pin is brightdigit/swift-build@v1 (floating major). If a breaking change is published under v1, CI will silently break. Consider pinning to a specific version (e.g. v1.5.1) or at minimum v1.5 for more stability.

🟡 fail-fast default changed silently

The original workflow had fail-fast: false explicitly on every matrix. That has been removed, meaning the default (fail-fast: true) now applies. If one matrix entry fails, GitHub will cancel the rest mid-run. This makes debugging cross-platform failures harder. Consider adding fail-fast: false back explicitly if the original behavior was intentional.

🟡 scheme parameter dropped from build-ubuntu and build-android

The old build-ubuntu and build-android steps passed scheme: ${{ env.PACKAGE_NAME }}. The new brightdigit/swift-build@v1 calls in those jobs no longer include this parameter. If v1 of the action doesn't fall back to a sensible default, this could cause build failures. Worth confirming the action's new default behavior.

🟡 lint job — build-wasm removed from needs

The lint job previously listed build-wasm in its needs. That job is gone, which is correct. However the condition if: ${{ always() && !cancelled() && !failure() }} now means lint runs even when Windows/Android builds are skipped (by the if: needs.configure.outputs.full-matrix == 'true' guards). This is probably intentional and desirable — just confirming it's expected.

🟡 Android API level: 34 → 36

The Android test matrix changed from [28, 33, 34] to [28, 33, 36]. The comment explaining the 32-bit ARM/zlib issue with API 21 has also been removed. If API 36 images are not available in the CI environment yet, these jobs will fail. Verify runner availability for API 36.

🟡 macOS matrix reduced significantly

Xcode 26.0, 26.1, and 26.2 entries are replaced with a single 26.4 entry. This is a reasonable pruning, but worth confirming intentional: if users are still on older Xcode 26.x betas, regressions there won't be caught.

---

Summary

The XMLCoder bump and the Android zlib fix are clean and correct. The CI refactor is a meaningful improvement overall, but the actions/checkout@v6 version needs verification before this lands — if that tag doesn't exist it will break every job. The fail-fast and floating action pin changes are lower-risk but worth a second look.