Skip to content

Release v3.0.0#5

Merged
phukon merged 8 commits intomainfrom
next
Jan 14, 2025
Merged

Release v3.0.0#5
phukon merged 8 commits intomainfrom
next

Conversation

@phukon
Copy link
Owner

@phukon phukon commented Jan 14, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

Release Notes

  • New Features

    • Introduced semantic release workflow for package versioning.
    • Added support for new release branch next.

  • Configuration Updates

    • Updated package version to 3.0.0-next.1.
    • Added new dependencies for semantic release.
    • Enhanced GitHub Actions release workflow with improved permissions.

  • Bug Fixes

    • Improved GPG key management and configuration handling.
    • Enhanced error handling for key generation and configuration processes.

  • Internal Improvements

    • Refined command execution and key fingerprint retrieval methods.
    • Added backup mechanism for GPG configuration files.

phukon and others added 6 commits January 14, 2025 04:51
@phukon
ci: setup release workflow
d5988c1
@phukon
fix(gpg): preserve and restore GPG configurations
4d8a638 
- Add backup system for existing GPG configurations
- Implement restore functionality on reset
- Use append mode for file operations to prevent data loss

BREAKING CHANGE: GPG configuration handling now includes backup/restore
mechanism. Users' existing configurations will be preserved in a .backup file in their gpg config directory.
@phukon
refactor: accumulate stdout then check for string
f0bfe42 
Might miss the keyword if it's split across chunks.
@phukon
fix(security): prevent command injection in git config
1030c2d 
- Replace string interpolation with execFile to avoid shell injection
- Use array arguments instead of command string concatenation
@phukon
fix(gpg): extract only primary key fingerprint
6ba7ff4
@semantic-release-bot
chore(release): 3.0.0-next.1 [skip ci]
270ae05 
# [3.0.0-next.1](v2.1.1...v3.0.0-next.1) (2025-01-14)

### Bug Fixes

* **gpg:** extract only primary key fingerprint ([6ba7ff4](6ba7ff4))
* **gpg:** preserve and restore GPG configurations ([4d8a638](4d8a638))
* **security:** prevent command injection in git config ([1030c2d](1030c2d))
* update GitHub Actions workflow to use npm publish ([64fcb03](64fcb03))
* update GitHub Actions workflow to use npm publish instead of pnpm ([4b8154a](4b8154a))
* update GitHub Actions workflow to use pnpm for publishing ([f7486ae](f7486ae))

### BREAKING CHANGES

* **gpg:** GPG configuration handling now includes backup/restore
mechanism. Users' existing configurations will be preserved in a .backup file in their gpg config directory.
@coderabbitai
Copy link

coderabbitai bot commented Jan 14, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

This pull request introduces significant changes to the project's release and configuration management. The modifications focus on implementing semantic versioning with semantic-release, enhancing GPG key and configuration handling, and updating the CI/CD workflow. The changes span multiple files, including GitHub workflows, npm configuration, package metadata, and several utility scripts in the source code, with a particular emphasis on improving cross-platform GPG key management and release processes.

Changes

File Change Summary
.github/workflows/release.yml - Added next branch trigger
- Updated permissions with id-token: write
- Replaced NODE_AUTH_TOKEN with NPM_TOKEN
- Changed release command to npx semantic-release
.npmignore - Removed jest.config.js from ignore list
- Added release.config.cjs to ignore list
package.json - Updated version to 3.0.0-next.1
- Added @semantic-release/git and semantic-release dependencies
- Added publishConfig with provenance: true
release.config.cjs - New configuration file for semantic release
- Defined release branches and plugins
src/commands/reset.ts - Added restoreGPGConfig function
- Modified reset function to conditionally restore GPG config on Linux
src/utils/checkSecretKeys.ts - Simplified secret key detection logic
- Consolidated output processing
src/utils/createKey.ts - Added error handling for GPG process initialization
src/utils/linuxConfig.ts - Added backupGpgConfig function
- Modified addExtraConfig to backup GPG config
src/utils/setGitConfig.ts - Updated GPG key fingerprint retrieval method
- Changed command execution to execFile

Sequence Diagram

sequenceDiagram
    participant Workflow as GitHub Workflow
    participant SemanticRelease as Semantic Release
    participant NPM as NPM Registry
    participant GitHub as GitHub Releases

    Workflow->>SemanticRelease: Trigger release
    SemanticRelease->>SemanticRelease: Analyze commits
    SemanticRelease->>NPM: Publish package
    SemanticRelease->>GitHub: Create release
    GitHub->>Workflow: Release completed
Loading

Poem

🐰 A Rabbit's Release Rhyme 🚀

Semantic magic, version's delight,
Next branch triggers, workflows so bright
GPG configs dance, keys take their flight
From Linux to npm, everything's right
Release, my friends, with rabbit's might! 🌈

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4b8154a and 5e0e0ea.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (9)
  • .github/workflows/release.yml (2 hunks)
  • .npmignore (1 hunks)
  • package.json (2 hunks)
  • release.config.cjs (1 hunks)
  • src/commands/reset.ts (2 hunks)
  • src/utils/checkSecretKeys.ts (1 hunks)
  • src/utils/createKey.ts (1 hunks)
  • src/utils/linuxConfig.ts (4 hunks)
  • src/utils/setGitConfig.ts (2 hunks)

Finishing Touches

  • 📝 Generate Docstrings (Beta)
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@phukon phukon merged commit 8dddff0 into main Jan 14, 2025
1 check passed
@github-actions
Copy link

github-actions bot commented Jan 14, 2025

🎉 This PR is included in version 3.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phukon @semantic-release-bot