chore: harden release workflow and update release runbook#83
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📥 CommitsReviewing files that changed from the base of the PR and between c0e6c4742dce39f64b52a90a0ceecf48f74e7f9b and 43065d0. 📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThe PR refactors the changeset-release GitHub Actions workflow to use a title-based version-bump guard and GitHub App token authentication, adds explicit bump commit/title settings, replaces changelog push steps with a comprehensive validation/build/VSIX inspection sequence, and expands release documentation rebranded for Zoo Code. ChangesRelease Process Automation and Documentation
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related issues
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/changeset-release.yml (1)
7-7:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winSkip validate-approve on
closedevents.The workflow triggers on
types: [closed, opened, labeled]. When the bot's version-bump PR merges, Job 1 is correctly suppressed by the title-based loop guard — but Job 2'sif:does not filter ongithub.event.action, so the full validation pipeline (install, build, bundle, vsix package, metadata checks) re-runs on theclosedevent and then attempts to auto-approve an already-merged PR. Add an action filter to skip closed-event runs.🛠️ Proposed fix
if: > github.event_name == 'pull_request' && + github.event.action != 'closed' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.user.login == vars.RELEASE_BOT_LOGIN && github.event.pull_request.title == 'Zoo Code changeset version bump'Also applies to: 75-79
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/changeset-release.yml at line 7, The workflow currently triggers on pull_request types including "closed", and the second job (the validation/auto-approve job that lacks an action filter) runs on closed events and tries to approve an already-merged PR; update that job's existing if: condition (the job that performs install/build/bundle/vsix/metadata checks and auto-approve) to also require github.event.action != 'closed' (e.g. add && github.event.action != 'closed' to its if: expression), and apply the same change to the other occurrences around the 75-79 region so closed-event runs are skipped.
🧹 Nitpick comments (2)
.roo/commands/release.md (1)
69-74: ⚡ Quick winMake the staging command robust when no release image exists.
Step 7 makes the image optional, but the sample
git addcommand always includesreleases/[version]-release.png. Consider showing an optional/conditional add pattern to avoid failed copy-paste runs.Suggested doc tweak
- git add .changeset/v[version].md README.md releases/[version]-release.png + git add .changeset/v[version].md README.md + # If generated: + git add releases/[version]-release.png🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.roo/commands/release.md around lines 69 - 74, The git add sample in the release staging steps currently always includes releases/[version]-release.png which breaks copy-paste when no image exists; change the single git add line so the image is added conditionally (e.g., keep adding .changeset/v[version].md and README.md unconditionally and add releases/[version]-release.png only if the file exists, or split into two commands where the second command only runs when the file is present) and update the example line in .roo/commands/release.md accordingly so users won’t get errors when no release image is present..github/workflows/changeset-release.yml (1)
12-12: ⚡ Quick winCentralize the version-bump PR title to avoid drift.
The literal
"Zoo Code changeset version bump"is duplicated at lines 23 and 79 in job-levelif:conditions in addition toenv.VERSION_BUMP_PR_TITLEon line 12. GitHub Actions does not expose the workflow-levelenvcontext inside job-levelif:expressions, soenv.VERSION_BUMP_PR_TITLEcannot be reused there — butvars.*is available at job-level. Promoting this to a repo/org variable (e.g.vars.VERSION_BUMP_PR_TITLE) lets all three sites reference one source of truth and prevents the loop guard and validate-approve gate from silently desynchronizing from the title actually sent tochangesets/action.♻️ Proposed refactor
env: REPO_PATH: ${{ github.repository }} GIT_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || 'main' }} - VERSION_BUMP_PR_TITLE: Zoo Code changeset version bump + VERSION_BUMP_PR_TITLE: ${{ vars.VERSION_BUMP_PR_TITLE }}if: > ( github.event_name == 'pull_request' && github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' && - github.event.pull_request.title != 'Zoo Code changeset version bump' ) || + github.event.pull_request.title != vars.VERSION_BUMP_PR_TITLE ) || github.event_name == 'workflow_dispatch'if: > github.event_name == 'pull_request' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.user.login == vars.RELEASE_BOT_LOGIN && - github.event.pull_request.title == 'Zoo Code changeset version bump' + github.event.pull_request.title == vars.VERSION_BUMP_PR_TITLEThen add
VERSION_BUMP_PR_TITLEalongsideRELEASE_APP_ID/RELEASE_BOT_LOGINin the repo variables documented in the PR description.Also applies to: 23-23, 79-79
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/changeset-release.yml at line 12, Replace the duplicated literal PR title with a single repo-level variable and reference it via vars: create a repository variable named VERSION_BUMP_PR_TITLE (value "Zoo Code changeset version bump"), update the two job-level if: expressions that currently contain the literal string to use vars.VERSION_BUMP_PR_TITLE, and update the workflow-level env (the top-level VERSION_BUMP_PR_TITLE env) to reference vars.VERSION_BUMP_PR_TITLE so all three sites (workflow env and both job if expressions) come from the same repo variable.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/changeset-release.yml:
- Around line 116-119: The workflow step uses a non-existent pnpm filter
'@roo-code/build' which causes the build to be skipped; either replace
'@roo-code/build' with the correct workspace package name (e.g., the actual
package that needs building) or remove that filter line entirely so only 'pnpm
--filter `@roo-code/vscode-webview` build' runs; update the step where the filters
are declared to reference the correct package identifier(s) or drop the invalid
'@roo-code/build' entry so downstream vsix artifacts are built from the intended
package.
---
Outside diff comments:
In @.github/workflows/changeset-release.yml:
- Line 7: The workflow currently triggers on pull_request types including
"closed", and the second job (the validation/auto-approve job that lacks an
action filter) runs on closed events and tries to approve an already-merged PR;
update that job's existing if: condition (the job that performs
install/build/bundle/vsix/metadata checks and auto-approve) to also require
github.event.action != 'closed' (e.g. add && github.event.action != 'closed' to
its if: expression), and apply the same change to the other occurrences around
the 75-79 region so closed-event runs are skipped.
---
Nitpick comments:
In @.github/workflows/changeset-release.yml:
- Line 12: Replace the duplicated literal PR title with a single repo-level
variable and reference it via vars: create a repository variable named
VERSION_BUMP_PR_TITLE (value "Zoo Code changeset version bump"), update the two
job-level if: expressions that currently contain the literal string to use
vars.VERSION_BUMP_PR_TITLE, and update the workflow-level env (the top-level
VERSION_BUMP_PR_TITLE env) to reference vars.VERSION_BUMP_PR_TITLE so all three
sites (workflow env and both job if expressions) come from the same repo
variable.
In @.roo/commands/release.md:
- Around line 69-74: The git add sample in the release staging steps currently
always includes releases/[version]-release.png which breaks copy-paste when no
image exists; change the single git add line so the image is added conditionally
(e.g., keep adding .changeset/v[version].md and README.md unconditionally and
add releases/[version]-release.png only if the file exists, or split into two
commands where the second command only runs when the file is present) and update
the example line in .roo/commands/release.md accordingly so users won’t get
errors when no release image is present.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 6e951dac-426f-44e7-aa54-966a47f9fe3d
📥 Commits
Reviewing files that changed from the base of the PR and between 7535a56 and c0e6c4742dce39f64b52a90a0ceecf48f74e7f9b.
📒 Files selected for processing (2)
.github/workflows/changeset-release.yml.roo/commands/release.md
| uses: actions/create-github-app-token@v3 | ||
| with: | ||
| app-id: ${{ vars.RELEASE_APP_ID }} | ||
| private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} |
There was a problem hiding this comment.
An org level admin needs to generate this, ref: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/managing-private-keys-for-github-apps#generating-private-keys
c0e6c47 to
43065d0
Compare
|
Closing in favour of: #142 |
Summary
R00-B0Tactor check with a GitHub App token approach (actions/create-github-app-token@v3) so the changeset job can push and open PRs without triggering loop-prevention rules onGITHUB_TOKEN.POSTHOG_API_KEYto the validate step so the packaged artifact matches what ships.pnpm --filter ./src vsix(includesmkdirp ../bin) instead of bareexec vsce package..roo/commands/release.mdfor Zoo Code identity (zoo-codepackage name,ZooCodeOrganizationpublisher) and expands the runbook with the full release sequence: changeset prep → version-bump PR → tag → publish.Required repository settings
Before the workflow can run end-to-end:
RELEASE_APP_IDRELEASE_BOT_LOGINapp/roomoteRELEASE_APP_PRIVATE_KEY.pem)Test plan
mainand confirm Job 1 opens a PR titled "Zoo Code changeset version bump" authored byapp/roomotechangelog-readylabel, and auto-approvesSummary by CodeRabbit