feat(version-bump): replace inline bash scripts with TypeScript#13
Open
GoogilyBoogily wants to merge 1 commit into
Open
feat(version-bump): replace inline bash scripts with TypeScript#13GoogilyBoogily wants to merge 1 commit into
GoogilyBoogily wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR migrates the version-bump composite action from inline bash to typed TypeScript scripts, aiming to improve portability and reduce shell-related risk while keeping the action YAML as a step orchestrator.
Changes:
- Added TypeScript implementations for version bumping and release PR creation/auto-merge/tagging.
- Updated the
version-bumpcomposite action to calldist/*.jsscripts instead of inline bash. - Updated npm dependencies (notably
@actions/github) and introduced anundicioverride.
Reviewed changes
Copilot reviewed 4 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/bump-version.ts | Implements version calculation (including prerelease) and changelog update/commit logic. |
| src/release-pr.ts | Implements release branch creation, PR creation, auto-merge enablement, merge polling, and tagging. |
| actions/version-bump/action.yml | Replaces inline bash with Node script invocations; simplifies dry-run handling. |
| package.json | Adds semver, @actions/http-client, upgrades @actions/github, and adds an undici override. |
| package-lock.json | Locks updated dependency graph for the new/updated packages. |
| dist/bump-version.js | Built JS output for the new bump script. |
| dist/release-pr.js | Built JS output for the new release PR script. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+49
to
+52
| await exec.exec('git', ['checkout', baseBranch]); | ||
| await exec.exec('git', ['pull', 'origin', baseBranch]); | ||
| await exec.exec('git', ['tag', '-m', `v${newVersion}`, `v${newVersion}`]); | ||
| await exec.exec('git', ['push', 'origin', `v${newVersion}`]); |
Comment on lines
+20
to
22
| "overrides": { | ||
| "undici": "^8.3.0" | ||
| } |
GoogilyBoogily
force-pushed
the
feat/git-utils
branch
from
1e700e9 to
c7d5c5f
Compare
GoogilyBoogily
force-pushed
the
feat/version-bump-ts
branch
from
c6a77f4 to
1c72cb4
Compare
GoogilyBoogily
force-pushed
the
feat/git-utils
branch
from
c7d5c5f to
d9ddd86
Compare
GoogilyBoogily
force-pushed
the
feat/version-bump-ts
branch
from
1c72cb4 to
4aeba69
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces ~110 lines of inline bash in
version-bump/action.ymlwith typed TypeScript scripts. The action YAML becomes a thin orchestrator of named steps.src/bump-version.tssemverpackage for dry-run version simulation (nonpx semverinvocation)CHANGELOG.mdviaString.replaceinstead ofsed -i(portable, no GNU/BSD difference)new_version, writes step summarysrc/release-pr.tsoctokit.rest.pulls.createinstead ofgh pr create(eliminates shell injection surface from string interpolation)octokit.graphql(enablePullRequestAutoMerge)actions/version-bump/action.ymlsetup-gitcomposite action (from previous PR)dist/validate-changelog.js,dist/bump-version.js,dist/release-pr.jsdry-runinput controls both bump simulation and PR skippackage.jsonsemver,@actions/http-client;@actions/githubupgraded to^9.1.1overrides.undicito resolve transitive vulnerability in@actions/http-client;npm auditis cleanTest plan
dry-run: true— logs expected version, no commits or PRs creatednpm auditshows 0 vulnerabilitiesvalidate-scriptsCI passes