From 61175c24d27205e8fabc5f248ed31ecd2cb088a8 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Mon, 13 Apr 2026 23:18:23 +0200 Subject: [PATCH 01/16] feat: adopt auto-changelog v6 --checkDeps for dependency bump validation - Add --checkDeps to validate-changelog.sh to catch missing dep entries - Add --checkDeps --fix to update-changelog.sh to auto-generate dep entries - Add fix-changelogs workflow to auto-fix changelogs on release branches --- .github/workflows/fix-changelogs.yml | 45 ++++++++++++++++++++++++++++ scripts/update-changelog.sh | 4 +-- scripts/validate-changelog.sh | 4 +-- 3 files changed, 49 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/fix-changelogs.yml diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml new file mode 100644 index 00000000000..1f8c33f6650 --- /dev/null +++ b/.github/workflows/fix-changelogs.yml @@ -0,0 +1,45 @@ +name: Fix Changelogs + +on: + push: + branches: + - 'release/*' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + +jobs: + fix-changelogs: + name: Fix changelogs + runs-on: ubuntu-latest + steps: + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v2 + with: + is-high-risk-environment: false + cache-node-modules: true + node-version: 22.x + + - name: Checkout branch by name + run: git checkout "${GITHUB_REF#refs/heads/}" + + - name: Run changelog update + run: yarn changelog:update + + - name: Commit and push if changed + run: | + if git diff --quiet; then + echo "No changelog changes detected." + exit 0 + fi + echo "Changelog changes detected:" + git diff --stat + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add -A '*.md' + git commit -m "fix: auto-update changelogs for release" + git push diff --git a/scripts/update-changelog.sh b/scripts/update-changelog.sh index 7cd56390105..f281c58114d 100755 --- a/scripts/update-changelog.sh +++ b/scripts/update-changelog.sh @@ -15,7 +15,7 @@ shift # remove package name from arguments branch=$(git rev-parse --abbrev-ref HEAD) if [[ $branch =~ ^release/ ]]; then - yarn auto-changelog update --prettier --tag-prefix "${package_name}@" --rc "$@" + yarn auto-changelog update --prettier --tag-prefix "${package_name}@" --rc --checkDeps --fix "$@" else - yarn auto-changelog update --prettier --tag-prefix "${package_name}@" "$@" + yarn auto-changelog update --prettier --tag-prefix "${package_name}@" --checkDeps --fix "$@" fi diff --git a/scripts/validate-changelog.sh b/scripts/validate-changelog.sh index 19dabb36202..74d4320e926 100755 --- a/scripts/validate-changelog.sh +++ b/scripts/validate-changelog.sh @@ -11,7 +11,7 @@ package_name="$1" shift # remove package name from arguments if [[ "${GITHUB_REF:-}" =~ '^release/' ]]; then - yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --rc "$@" + yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --rc --checkDeps "$@" else - yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" "$@" + yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --checkDeps "$@" fi From a83983a847c3e5a42c0c260b539cf6aa0a444253 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Mon, 13 Apr 2026 23:41:37 +0200 Subject: [PATCH 02/16] fix: correct --checkDeps usage and handle main branch - --checkDeps/--fix are validate-only flags, revert from update-changelog.sh - Skip --checkDeps on main branch to avoid "HEAD is same as base" error - Workflow uses validate --checkDeps --fix with PR number for auto-fixing --- .github/workflows/fix-changelogs.yml | 20 ++++++++++++++++++++ scripts/update-changelog.sh | 4 ++-- scripts/validate-changelog.sh | 12 ++++++++++-- 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index 1f8c33f6650..617111ad58a 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -30,6 +30,26 @@ jobs: - name: Run changelog update run: yarn changelog:update + - name: Get PR number for this branch + id: pr + run: | + PR_NUMBER=$(gh pr list --head "${GITHUB_REF#refs/heads/}" --json number --jq '.[0].number') + if [ -n "$PR_NUMBER" ]; then + echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" + echo "Found PR #$PR_NUMBER" + else + echo "No PR found for this branch" + fi + env: + GH_TOKEN: ${{ github.token }} + + - name: Fix missing dependency bump entries + if: steps.pr.outputs.number != '' + run: > + yarn workspaces foreach --all --no-private --parallel --interlaced --verbose + run changelog:validate --fix --currentPr "${{ steps.pr.outputs.number }}" + continue-on-error: true + - name: Commit and push if changed run: | if git diff --quiet; then diff --git a/scripts/update-changelog.sh b/scripts/update-changelog.sh index f281c58114d..7cd56390105 100755 --- a/scripts/update-changelog.sh +++ b/scripts/update-changelog.sh @@ -15,7 +15,7 @@ shift # remove package name from arguments branch=$(git rev-parse --abbrev-ref HEAD) if [[ $branch =~ ^release/ ]]; then - yarn auto-changelog update --prettier --tag-prefix "${package_name}@" --rc --checkDeps --fix "$@" + yarn auto-changelog update --prettier --tag-prefix "${package_name}@" --rc "$@" else - yarn auto-changelog update --prettier --tag-prefix "${package_name}@" --checkDeps --fix "$@" + yarn auto-changelog update --prettier --tag-prefix "${package_name}@" "$@" fi diff --git a/scripts/validate-changelog.sh b/scripts/validate-changelog.sh index 74d4320e926..834e3b86742 100755 --- a/scripts/validate-changelog.sh +++ b/scripts/validate-changelog.sh @@ -10,8 +10,16 @@ fi package_name="$1" shift # remove package name from arguments +# Enable --checkDeps only on non-main branches to avoid +# "HEAD is the same as the base branch" errors on main. +branch=$(git rev-parse --abbrev-ref HEAD) +check_deps_args=() +if [[ "$branch" != "main" && "$branch" != "HEAD" ]]; then + check_deps_args=(--checkDeps) +fi + if [[ "${GITHUB_REF:-}" =~ '^release/' ]]; then - yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --rc --checkDeps "$@" + yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --rc "${check_deps_args[@]+"${check_deps_args[@]}"}" "$@" else - yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --checkDeps "$@" + yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" "${check_deps_args[@]+"${check_deps_args[@]}"}" "$@" fi From 02fd3022035bfa006c9853e8eeaaa7eb396bcb18 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Mon, 13 Apr 2026 23:48:03 +0200 Subject: [PATCH 03/16] fix: trigger fix-changelogs via @metamaskbot check-deps PR comment --- .github/workflows/fix-changelogs.yml | 61 ++++++++++++++++------------ 1 file changed, 36 insertions(+), 25 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index 617111ad58a..f3e4c8cf58b 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -1,65 +1,76 @@ name: Fix Changelogs on: - push: - branches: - - 'release/*' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true + issue_comment: + types: [created] permissions: contents: write + pull-requests: write jobs: fix-changelogs: name: Fix changelogs + if: > + github.event.issue.pull_request && + contains(github.event.comment.body, '@metamaskbot check-deps') runs-on: ubuntu-latest steps: + - name: Get PR head ref + id: pr + run: | + PR_DATA=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} --jq '{ref: .head.ref, sha: .head.sha}') + echo "ref=$(echo "$PR_DATA" | jq -r .ref)" >> "$GITHUB_OUTPUT" + echo "sha=$(echo "$PR_DATA" | jq -r .sha)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ github.token }} + + - name: React to comment + run: gh api repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions -f content='+1' + env: + GH_TOKEN: ${{ github.token }} + - name: Checkout and setup environment uses: MetaMask/action-checkout-and-setup@v2 with: is-high-risk-environment: false cache-node-modules: true node-version: 22.x + ref: ${{ steps.pr.outputs.ref }} - name: Checkout branch by name - run: git checkout "${GITHUB_REF#refs/heads/}" + run: git checkout "${{ steps.pr.outputs.ref }}" - name: Run changelog update run: yarn changelog:update - - name: Get PR number for this branch - id: pr - run: | - PR_NUMBER=$(gh pr list --head "${GITHUB_REF#refs/heads/}" --json number --jq '.[0].number') - if [ -n "$PR_NUMBER" ]; then - echo "number=$PR_NUMBER" >> "$GITHUB_OUTPUT" - echo "Found PR #$PR_NUMBER" - else - echo "No PR found for this branch" - fi - env: - GH_TOKEN: ${{ github.token }} - - name: Fix missing dependency bump entries - if: steps.pr.outputs.number != '' run: > yarn workspaces foreach --all --no-private --parallel --interlaced --verbose - run changelog:validate --fix --currentPr "${{ steps.pr.outputs.number }}" + run changelog:validate --fix --currentPr "${{ github.event.issue.number }}" continue-on-error: true - name: Commit and push if changed + id: commit run: | if git diff --quiet; then - echo "No changelog changes detected." + echo "changed=false" >> "$GITHUB_OUTPUT" exit 0 fi - echo "Changelog changes detected:" git diff --stat git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git add -A '*.md' git commit -m "fix: auto-update changelogs for release" git push + echo "changed=true" >> "$GITHUB_OUTPUT" + + - name: Comment result + run: | + if [ "${{ steps.commit.outputs.changed }}" = "true" ]; then + gh pr comment "${{ github.event.issue.number }}" --body "Changelogs updated and pushed." + else + gh pr comment "${{ github.event.issue.number }}" --body "No changelog changes needed." + fi + env: + GH_TOKEN: ${{ github.token }} From 14d02981ec476a263c93e3ae19489ad4f461e839 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Mon, 13 Apr 2026 23:50:10 +0200 Subject: [PATCH 04/16] revert: remove --checkDeps from validate-changelog.sh Keep dependency bump validation opt-in via @metamaskbot check-deps only. --- scripts/validate-changelog.sh | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/scripts/validate-changelog.sh b/scripts/validate-changelog.sh index 834e3b86742..19dabb36202 100755 --- a/scripts/validate-changelog.sh +++ b/scripts/validate-changelog.sh @@ -10,16 +10,8 @@ fi package_name="$1" shift # remove package name from arguments -# Enable --checkDeps only on non-main branches to avoid -# "HEAD is the same as the base branch" errors on main. -branch=$(git rev-parse --abbrev-ref HEAD) -check_deps_args=() -if [[ "$branch" != "main" && "$branch" != "HEAD" ]]; then - check_deps_args=(--checkDeps) -fi - if [[ "${GITHUB_REF:-}" =~ '^release/' ]]; then - yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --rc "${check_deps_args[@]+"${check_deps_args[@]}"}" "$@" + yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" --rc "$@" else - yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" "${check_deps_args[@]+"${check_deps_args[@]}"}" "$@" + yarn auto-changelog validate --prettier --tag-prefix "${package_name}@" "$@" fi From 9c0924fc97111c626cb4c8c68682aa432eed33c4 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Mon, 13 Apr 2026 23:51:37 +0200 Subject: [PATCH 05/16] fix: use env vars to prevent code injection in fix-changelogs workflow --- .github/workflows/fix-changelogs.yml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index f3e4c8cf58b..cb172203da0 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -19,16 +19,18 @@ jobs: - name: Get PR head ref id: pr run: | - PR_DATA=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} --jq '{ref: .head.ref, sha: .head.sha}') + PR_DATA=$(gh api "repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}" --jq '{ref: .head.ref, sha: .head.sha}') echo "ref=$(echo "$PR_DATA" | jq -r .ref)" >> "$GITHUB_OUTPUT" echo "sha=$(echo "$PR_DATA" | jq -r .sha)" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ github.event.issue.number }} - name: React to comment - run: gh api repos/${{ github.repository }}/issues/comments/${{ github.event.comment.id }}/reactions -f content='+1' + run: gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${COMMENT_ID}/reactions" -f content='+1' env: GH_TOKEN: ${{ github.token }} + COMMENT_ID: ${{ github.event.comment.id }} - name: Checkout and setup environment uses: MetaMask/action-checkout-and-setup@v2 @@ -36,10 +38,12 @@ jobs: is-high-risk-environment: false cache-node-modules: true node-version: 22.x - ref: ${{ steps.pr.outputs.ref }} + ref: ${{ steps.pr.outputs.sha }} - name: Checkout branch by name - run: git checkout "${{ steps.pr.outputs.ref }}" + run: git checkout "$PR_REF" + env: + PR_REF: ${{ steps.pr.outputs.ref }} - name: Run changelog update run: yarn changelog:update @@ -47,8 +51,10 @@ jobs: - name: Fix missing dependency bump entries run: > yarn workspaces foreach --all --no-private --parallel --interlaced --verbose - run changelog:validate --fix --currentPr "${{ github.event.issue.number }}" + run changelog:validate --fix --currentPr "$PR_NUMBER" continue-on-error: true + env: + PR_NUMBER: ${{ github.event.issue.number }} - name: Commit and push if changed id: commit @@ -67,10 +73,12 @@ jobs: - name: Comment result run: | - if [ "${{ steps.commit.outputs.changed }}" = "true" ]; then - gh pr comment "${{ github.event.issue.number }}" --body "Changelogs updated and pushed." + if [ "$CHANGED" = "true" ]; then + gh pr comment "$PR_NUMBER" --body "Changelogs updated and pushed." else - gh pr comment "${{ github.event.issue.number }}" --body "No changelog changes needed." + gh pr comment "$PR_NUMBER" --body "No changelog changes needed." fi env: GH_TOKEN: ${{ github.token }} + PR_NUMBER: ${{ github.event.issue.number }} + CHANGED: ${{ steps.commit.outputs.changed }} From f3192c679afbdcfda0a6daf402cafb7f550f2b2e Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 00:13:13 +0200 Subject: [PATCH 06/16] fix: skip fix-changelogs workflow on fork PRs --- .github/workflows/fix-changelogs.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index cb172203da0..637a0f4ba76 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -9,12 +9,28 @@ permissions: pull-requests: write jobs: - fix-changelogs: - name: Fix changelogs + is-fork-pull-request: + name: Determine whether this PR is from a fork if: > github.event.issue.pull_request && contains(github.event.comment.body, '@metamaskbot check-deps') runs-on: ubuntu-latest + outputs: + IS_FORK: ${{ steps.is-fork.outputs.IS_FORK }} + steps: + - uses: actions/checkout@v4 + - name: Determine whether this PR is from a fork + id: is-fork + run: echo "IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "${PR_NUMBER}")" >> "$GITHUB_OUTPUT" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ github.event.issue.number }} + + fix-changelogs: + name: Fix changelogs + needs: is-fork-pull-request + if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }} + runs-on: ubuntu-latest steps: - name: Get PR head ref id: pr From 925ca1126cba99e431c29666bd132296904b565d Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 00:24:01 +0200 Subject: [PATCH 07/16] fix: address code review findings in fix-changelogs workflow - Add missing --checkDeps flag to validate step - Fix shell quoting bug in fork detection - Narrow git add to **/CHANGELOG.md only - Report validation failures in PR comment instead of swallowing them - Use chore: prefix for automated commit message --- .github/workflows/fix-changelogs.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index 637a0f4ba76..506424d6dd4 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -21,7 +21,9 @@ jobs: - uses: actions/checkout@v4 - name: Determine whether this PR is from a fork id: is-fork - run: echo "IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "${PR_NUMBER}")" >> "$GITHUB_OUTPUT" + run: | + IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "$PR_NUMBER") + echo "IS_FORK=$IS_FORK" >> "$GITHUB_OUTPUT" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_NUMBER: ${{ github.event.issue.number }} @@ -65,9 +67,10 @@ jobs: run: yarn changelog:update - name: Fix missing dependency bump entries + id: validate run: > yarn workspaces foreach --all --no-private --parallel --interlaced --verbose - run changelog:validate --fix --currentPr "$PR_NUMBER" + run changelog:validate --checkDeps --fix --currentPr "$PR_NUMBER" continue-on-error: true env: PR_NUMBER: ${{ github.event.issue.number }} @@ -82,8 +85,8 @@ jobs: git diff --stat git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add -A '*.md' - git commit -m "fix: auto-update changelogs for release" + git add -A '**/CHANGELOG.md' + git commit -m "chore: auto-update changelogs for release" git push echo "changed=true" >> "$GITHUB_OUTPUT" @@ -91,6 +94,8 @@ jobs: run: | if [ "$CHANGED" = "true" ]; then gh pr comment "$PR_NUMBER" --body "Changelogs updated and pushed." + elif [ "$VALIDATE_OUTCOME" = "failure" ]; then + gh pr comment "$PR_NUMBER" --body "Changelog validation failed. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." else gh pr comment "$PR_NUMBER" --body "No changelog changes needed." fi @@ -98,3 +103,4 @@ jobs: GH_TOKEN: ${{ github.token }} PR_NUMBER: ${{ github.event.issue.number }} CHANGED: ${{ steps.commit.outputs.changed }} + VALIDATE_OUTCOME: ${{ steps.validate.outcome }} From a62d2ee0c3c54a81caa95194e22bc9941686e43d Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 00:29:33 +0200 Subject: [PATCH 08/16] fix: address review feedback for fix-changelogs workflow - Add concurrency group to prevent racing on duplicate triggers - Add if: always() to comment step so users always get feedback - Add comment explaining branch checkout purpose - Remove -A flag from git add (only staging tracked CHANGELOG.md files) - Improve step name and commit message for clarity --- .github/workflows/fix-changelogs.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index 506424d6dd4..bfac08a587d 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -4,6 +4,10 @@ on: issue_comment: types: [created] +concurrency: + group: fix-changelogs-${{ github.event.issue.number }} + cancel-in-progress: true + permissions: contents: write pull-requests: write @@ -58,6 +62,7 @@ jobs: node-version: 22.x ref: ${{ steps.pr.outputs.sha }} + # Checkout by branch name so update-changelog.sh can detect release branches - name: Checkout branch by name run: git checkout "$PR_REF" env: @@ -66,7 +71,7 @@ jobs: - name: Run changelog update run: yarn changelog:update - - name: Fix missing dependency bump entries + - name: Validate and fix dependency bump entries id: validate run: > yarn workspaces foreach --all --no-private --parallel --interlaced --verbose @@ -85,12 +90,13 @@ jobs: git diff --stat git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add -A '**/CHANGELOG.md' - git commit -m "chore: auto-update changelogs for release" + git add '**/CHANGELOG.md' + git commit -m "chore: auto-fix dependency bump changelog entries" git push echo "changed=true" >> "$GITHUB_OUTPUT" - name: Comment result + if: always() run: | if [ "$CHANGED" = "true" ]; then gh pr comment "$PR_NUMBER" --body "Changelogs updated and pushed." From b6cf542abe7e60f50f50e602ddc743087047316f Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 00:30:48 +0200 Subject: [PATCH 09/16] fix: remove unnecessary yarn changelog:update step --- .github/workflows/fix-changelogs.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index bfac08a587d..cb1ac87d978 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -62,15 +62,12 @@ jobs: node-version: 22.x ref: ${{ steps.pr.outputs.sha }} - # Checkout by branch name so update-changelog.sh can detect release branches + # Checkout by branch name so validate-changelog.sh can detect release branches - name: Checkout branch by name run: git checkout "$PR_REF" env: PR_REF: ${{ steps.pr.outputs.ref }} - - name: Run changelog update - run: yarn changelog:update - - name: Validate and fix dependency bump entries id: validate run: > From b516c86357762ecbf04e5319fe398c8313abffb1 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 00:39:34 +0200 Subject: [PATCH 10/16] fix: move reaction step first and report push failures in comment --- .github/workflows/fix-changelogs.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index cb1ac87d978..7159b84e229 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -38,6 +38,12 @@ jobs: if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }} runs-on: ubuntu-latest steps: + - name: React to comment + run: gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${COMMENT_ID}/reactions" -f content='+1' + env: + GH_TOKEN: ${{ github.token }} + COMMENT_ID: ${{ github.event.comment.id }} + - name: Get PR head ref id: pr run: | @@ -48,12 +54,6 @@ jobs: GH_TOKEN: ${{ github.token }} PR_NUMBER: ${{ github.event.issue.number }} - - name: React to comment - run: gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${COMMENT_ID}/reactions" -f content='+1' - env: - GH_TOKEN: ${{ github.token }} - COMMENT_ID: ${{ github.event.comment.id }} - - name: Checkout and setup environment uses: MetaMask/action-checkout-and-setup@v2 with: @@ -97,6 +97,8 @@ jobs: run: | if [ "$CHANGED" = "true" ]; then gh pr comment "$PR_NUMBER" --body "Changelogs updated and pushed." + elif [ "$COMMIT_OUTCOME" = "failure" ]; then + gh pr comment "$PR_NUMBER" --body "Failed to push changelog fixes. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." elif [ "$VALIDATE_OUTCOME" = "failure" ]; then gh pr comment "$PR_NUMBER" --body "Changelog validation failed. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." else @@ -106,4 +108,5 @@ jobs: GH_TOKEN: ${{ github.token }} PR_NUMBER: ${{ github.event.issue.number }} CHANGED: ${{ steps.commit.outputs.changed }} + COMMIT_OUTCOME: ${{ steps.commit.outcome }} VALIDATE_OUTCOME: ${{ steps.validate.outcome }} From 455620a060fef9eff2a5590a6d3b49c6753c947a Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 00:53:46 +0200 Subject: [PATCH 11/16] fix: remove unnecessary checkout from fork detection job --- .github/workflows/fix-changelogs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index 7159b84e229..36e14906708 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -22,7 +22,6 @@ jobs: outputs: IS_FORK: ${{ steps.is-fork.outputs.IS_FORK }} steps: - - uses: actions/checkout@v4 - name: Determine whether this PR is from a fork id: is-fork run: | From 9069a65735fd3fa4ccfc9b2295f2c0e4a574f353 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 13:40:27 +0200 Subject: [PATCH 12/16] feat: auto-trigger fix-changelogs on release PR open - Add pull_request opened trigger for release/* branches targeting main - Use github.event.issue.number || github.event.pull_request.number for both triggers - Conditionally show reaction only for comment triggers --- .github/workflows/fix-changelogs.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/fix-changelogs.yml index 36e14906708..e221307c980 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/fix-changelogs.yml @@ -3,9 +3,12 @@ name: Fix Changelogs on: issue_comment: types: [created] + pull_request: + branches: [main] + types: [opened] concurrency: - group: fix-changelogs-${{ github.event.issue.number }} + group: fix-changelogs-${{ github.event.issue.number || github.event.pull_request.number }} cancel-in-progress: true permissions: @@ -16,8 +19,8 @@ jobs: is-fork-pull-request: name: Determine whether this PR is from a fork if: > - github.event.issue.pull_request && - contains(github.event.comment.body, '@metamaskbot check-deps') + (github.event_name == 'pull_request' && startsWith(github.head_ref, 'release/')) || + (github.event.issue.pull_request && contains(github.event.comment.body, '@metamaskbot check-deps')) runs-on: ubuntu-latest outputs: IS_FORK: ${{ steps.is-fork.outputs.IS_FORK }} @@ -25,11 +28,11 @@ jobs: - name: Determine whether this PR is from a fork id: is-fork run: | - IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "$PR_NUMBER") + IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "$PR_NUMBER" --repo "$GITHUB_REPOSITORY") echo "IS_FORK=$IS_FORK" >> "$GITHUB_OUTPUT" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ github.event.issue.number }} + PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }} fix-changelogs: name: Fix changelogs @@ -38,6 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: React to comment + if: github.event_name == 'issue_comment' run: gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${COMMENT_ID}/reactions" -f content='+1' env: GH_TOKEN: ${{ github.token }} @@ -51,7 +55,7 @@ jobs: echo "sha=$(echo "$PR_DATA" | jq -r .sha)" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ github.token }} - PR_NUMBER: ${{ github.event.issue.number }} + PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }} - name: Checkout and setup environment uses: MetaMask/action-checkout-and-setup@v2 @@ -74,7 +78,7 @@ jobs: run changelog:validate --checkDeps --fix --currentPr "$PR_NUMBER" continue-on-error: true env: - PR_NUMBER: ${{ github.event.issue.number }} + PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }} - name: Commit and push if changed id: commit @@ -105,7 +109,7 @@ jobs: fi env: GH_TOKEN: ${{ github.token }} - PR_NUMBER: ${{ github.event.issue.number }} + PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }} CHANGED: ${{ steps.commit.outputs.changed }} COMMIT_OUTCOME: ${{ steps.commit.outcome }} VALIDATE_OUTCOME: ${{ steps.validate.outcome }} From 5a137b13b3c147f9b58a308612367919e290451b Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 13:42:40 +0200 Subject: [PATCH 13/16] fix: rename workflow to update-changelogs - Rename file from fix-changelogs.yml to update-changelogs.yml - Update workflow name, job names, and concurrency group - Rename bot command to @metamaskbot update-changelogs --- .../{fix-changelogs.yml => update-changelogs.yml} | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) rename .github/workflows/{fix-changelogs.yml => update-changelogs.yml} (95%) diff --git a/.github/workflows/fix-changelogs.yml b/.github/workflows/update-changelogs.yml similarity index 95% rename from .github/workflows/fix-changelogs.yml rename to .github/workflows/update-changelogs.yml index e221307c980..2d40924a957 100644 --- a/.github/workflows/fix-changelogs.yml +++ b/.github/workflows/update-changelogs.yml @@ -1,4 +1,4 @@ -name: Fix Changelogs +name: Update Changelogs on: issue_comment: @@ -8,7 +8,7 @@ on: types: [opened] concurrency: - group: fix-changelogs-${{ github.event.issue.number || github.event.pull_request.number }} + group: update-changelogs-${{ github.event.issue.number || github.event.pull_request.number }} cancel-in-progress: true permissions: @@ -20,7 +20,7 @@ jobs: name: Determine whether this PR is from a fork if: > (github.event_name == 'pull_request' && startsWith(github.head_ref, 'release/')) || - (github.event.issue.pull_request && contains(github.event.comment.body, '@metamaskbot check-deps')) + (github.event.issue.pull_request && contains(github.event.comment.body, '@metamaskbot update-changelogs')) runs-on: ubuntu-latest outputs: IS_FORK: ${{ steps.is-fork.outputs.IS_FORK }} @@ -35,7 +35,7 @@ jobs: PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }} fix-changelogs: - name: Fix changelogs + name: Update changelogs needs: is-fork-pull-request if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }} runs-on: ubuntu-latest From 61a4b9ebe2439c2ed38087b8065aea4aa0a495a7 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 13:52:39 +0200 Subject: [PATCH 14/16] fix: add job timeout and defensive git add separator --- .github/workflows/update-changelogs.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-changelogs.yml b/.github/workflows/update-changelogs.yml index 2d40924a957..a8d27a8b0aa 100644 --- a/.github/workflows/update-changelogs.yml +++ b/.github/workflows/update-changelogs.yml @@ -39,6 +39,7 @@ jobs: needs: is-fork-pull-request if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }} runs-on: ubuntu-latest + timeout-minutes: 30 steps: - name: React to comment if: github.event_name == 'issue_comment' @@ -90,7 +91,7 @@ jobs: git diff --stat git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add '**/CHANGELOG.md' + git add -- '**/CHANGELOG.md' git commit -m "chore: auto-fix dependency bump changelog entries" git push echo "changed=true" >> "$GITHUB_OUTPUT" From f4aabbbfb7bb5e787f8a9631dbe79f98359ba9a3 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Tue, 14 Apr 2026 14:16:31 +0200 Subject: [PATCH 15/16] fix: address remaining review findings - Add git fetch before branch checkout (shallow clone has no branch refs) - Handle partial fix case: report remaining errors when fixes are pushed - Handle skipped steps: detect when earlier steps fail and report accurately - Rename job ID from fix-changelogs to update-changelogs for consistency --- .github/workflows/update-changelogs.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/update-changelogs.yml b/.github/workflows/update-changelogs.yml index a8d27a8b0aa..6febdaca7f0 100644 --- a/.github/workflows/update-changelogs.yml +++ b/.github/workflows/update-changelogs.yml @@ -34,7 +34,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }} - fix-changelogs: + update-changelogs: name: Update changelogs needs: is-fork-pull-request if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }} @@ -66,9 +66,11 @@ jobs: node-version: 22.x ref: ${{ steps.pr.outputs.sha }} - # Checkout by branch name so validate-changelog.sh can detect release branches - - name: Checkout branch by name - run: git checkout "$PR_REF" + # Fetch and checkout by branch name so git push targets the correct branch + - name: Checkout PR branch + run: | + git fetch origin "$PR_REF" + git checkout "$PR_REF" env: PR_REF: ${{ steps.pr.outputs.ref }} @@ -99,12 +101,16 @@ jobs: - name: Comment result if: always() run: | - if [ "$CHANGED" = "true" ]; then + if [ "$CHANGED" = "true" ] && [ "$VALIDATE_OUTCOME" = "failure" ]; then + gh pr comment "$PR_NUMBER" --body "Changelogs updated and pushed, but some validation errors remain. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." + elif [ "$CHANGED" = "true" ]; then gh pr comment "$PR_NUMBER" --body "Changelogs updated and pushed." elif [ "$COMMIT_OUTCOME" = "failure" ]; then gh pr comment "$PR_NUMBER" --body "Failed to push changelog fixes. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." elif [ "$VALIDATE_OUTCOME" = "failure" ]; then gh pr comment "$PR_NUMBER" --body "Changelog validation failed. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." + elif [ "$VALIDATE_OUTCOME" = "skipped" ] || [ "$COMMIT_OUTCOME" = "skipped" ]; then + gh pr comment "$PR_NUMBER" --body "Workflow failed before changelog validation. Check the [workflow run]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID) for details." else gh pr comment "$PR_NUMBER" --body "No changelog changes needed." fi From e8bd7beccc98bb3d33e5ce133f3852b18d32a6f0 Mon Sep 17 00:00:00 2001 From: Salah-Eddine Saakoun Date: Wed, 15 Apr 2026 12:33:05 +0200 Subject: [PATCH 16/16] fix: fetch origin/main for --checkDeps base branch comparison Shallow clone with fetch-depth: 1 doesn't include origin/main, causing --checkDeps to fail with "could not resolve base branch". --- .github/workflows/update-changelogs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-changelogs.yml b/.github/workflows/update-changelogs.yml index 6febdaca7f0..43fc79acfa1 100644 --- a/.github/workflows/update-changelogs.yml +++ b/.github/workflows/update-changelogs.yml @@ -66,10 +66,10 @@ jobs: node-version: 22.x ref: ${{ steps.pr.outputs.sha }} - # Fetch and checkout by branch name so git push targets the correct branch + # Fetch main for --checkDeps base comparison, and the PR branch for push - name: Checkout PR branch run: | - git fetch origin "$PR_REF" + git fetch origin main "$PR_REF" git checkout "$PR_REF" env: PR_REF: ${{ steps.pr.outputs.ref }}