chore: Adds version scanner CI/CD upgrades (#17425)

### Summary of Changes

This PR contains updates to the automated dependency version scanner
tool and its associated CI/CD workflow to support decoupled formatting,
clean console logs, and advisory (non-signalling) runs during rollout.

#### 1. GitHub Actions (GHA) Workflow Modernization
*   **Triggers & Scheduling:** 
* Configured the workflow to run on `main` and any branch matching
`'**version-scanner**'`
* Set the schedule to run hourly to test how the system behaves if we
choose to use it nightly
* Added a `workflow_dispatch` button in the GHA tab to simplify ad hoc
testing and demos during development.

#### 2. Scanner Script Refactoring (Decoupled Formatters)
*   Decoupled formatting code from reporting code.
*   Introduced specialized formatters:
* `format_for_raw_csv`: Generates clean, unformatted raw data for CSV
reporting.
* `format_for_spreadsheet`: Wraps matches with Google Sheets formulas
(such as `HYPERLINK` and string quotes to prevent float truncation) for
Google Sheets upload.
* `format_for_console`: Prepares a slim, readable console string for
stdout/logs (especially GHA logs).

#### 3. Output Simplification
* Removed some existing outputs that no longer made sense to to
declutter GHA runner logs.
* Ensure it prints matches in the clean console format and removed some
existing duplicate outputs.

#### 4. Advisory Runs (`--soft-fail`)
* Added a `--soft-fail` CLI flag to the python script to allow it to
exit with code `0` even if version matches are found (allowing the scan
to run and report findings in the logs without failing the GHA check and
blocking merges during development and prototyping phases).
* Integrated `--soft-fail` in the GHA workflow for now to support
development.

Author: chalmerlowe

.github/workflows/version_scanner.yml

@@ -0,0 +1,78 @@
+name: Version Scan
+
+on:
+  push:
+    branches:
+      - main
+      - '**version-scanner**'
+  schedule:
+    - cron: '0 * * * *' # Run hourly at the top of the hour
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  scan:
+    name: Version Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.14'
+          
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pyyaml
+          
+      - name: Run Version Scanner
+        run: |
+          # Uses -o to output a detailed, raw CSV to a file
+          # Uses --stdout to print a slim, easier to parse summary to the GitHub Actions UI
+          # Uses --soft-fail to temporarily limit causing CI/CD failures during the migration to full operation. 
+          python scripts/version_scanner/version_scanner.py -d python -v 3.7 --stdout -o version_scanner_output.csv --soft-fail
+          
+      - name: Upload CSV Results
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: version-scanner-results
+          path: version_scanner_output.csv
+          
+      - name: Create or update issue on finding
+        if: failure()
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          TITLE="Version Scanner found deprecated dependencies"
+          RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          
+          # Read the first 50 lines to prevent blowing up the issue body if it's massive
+          CSV_PREVIEW=$(head -n 50 version_scanner_output.csv)
+          
+          BODY="The [Version Scanner]($RUN_URL) found deprecated dependencies in the repository.
+          
+          **Matches Found:**
+          \`\`\`csv
+          $CSV_PREVIEW
+          \`\`\`
+          *(If there are more than 50 matches, see the workflow logs for the full list)*"
+
+          # Mirroring regenerate-all.yml: check if an issue already exists to prevent spam
+          EXISTING_ISSUE=$(gh issue list --state open --search "in:title \"$TITLE\"" --json number --jq '.[0].number')
+          
+          if [ -z "$EXISTING_ISSUE" ]; then
+            echo "WOULD HAVE CREATED ISSUE:"
+            echo "gh issue create --title \"$TITLE\" --body \"$BODY\""
+            # gh issue create --title "$TITLE" --body "$BODY"
+          else
+            echo "Issue #$EXISTING_ISSUE already exists."
+            echo "WOULD HAVE ADDED COMMENT:"
+            echo "gh issue comment \"$EXISTING_ISSUE\" --body \"Another scanner run found deprecated dependencies: $RUN_URL\""
+            # gh issue comment "$EXISTING_ISSUE" --body "Another scanner run found deprecated dependencies: $RUN_URL"
+          fi

scripts/version_scanner/regex_config.yaml

@@ -58,15 +58,15 @@ rules:
       - |
         sys\.version_info\s*<\s*\(3,\s*{minor_plus_one}\)
       - |
-        sys\.version_info\.minor\s*==\s*{minor}
+        sys\.version_info\.minor\s*==\s*{minor}(?!\d)
       - |
-        sys\.version_info\.minor\s*>=\s*{minor}
+        sys\.version_info\.minor\s*>=\s*{minor}(?!\d)
       - |
-        sys\.version_info\.minor\s*<=\s*{minor}
+        sys\.version_info\.minor\s*<=\s*{minor}(?!\d)
       - |
-        sys\.version_info\.minor\s*>\s*{minor_minus_one}
+        sys\.version_info\.minor\s*>\s*{minor_minus_one}(?!\d)
       - |
-        sys\.version_info\.minor\s*<\s*{minor_plus_one}
+        sys\.version_info\.minor\s*<\s*{minor_plus_one}(?!\d)
 
   - name: python_env_short
     description: Finds short python environment names often used in tox or nox.
@@ -87,7 +87,7 @@ rules:
       - "Python3.7"
     rules:
       - |
-        python3\.{minor}
+        python3\.{minor}(?!\d)
 
   - name: combined_version_string
     description: Finds combined version strings often used in class or variable names.
@@ -97,6 +97,6 @@ rules:
       - "Python37DeprecationWarning"
     rules:
       - |
-        Python{major}{minor}
+        Python{major}{minor}(?!\d)