Skip to content

fix: include workflow-templates in release auto-pin updates#1826

Merged
marcusrbrown merged 1 commit intomainfrom
fix/release-pin-workflow-templates
Mar 19, 2026
Merged

fix: include workflow-templates in release auto-pin updates#1826
marcusrbrown merged 1 commit intomainfrom
fix/release-pin-workflow-templates

Conversation

@marcusrbrown
Copy link
Copy Markdown
Member

@marcusrbrown marcusrbrown commented Mar 19, 2026

Summary

Adds workflow-templates/ to the release script's auto-pin mappings, closing the recursive release loop seen in PR #1825.

The cycle: root package released → Renovate updates workflow-templates/*.yaml SHA pins → generates @bfra.me/.github patch changeset → triggers another release → repeat.

Fix

Added @bfra.me/.github to WORKFLOW_PIN_MAPPINGS with three workflow template files:

File Pattern
workflow-templates/renovate-changesets.yaml renovate-changeset.yaml@SHA # vVERSION
workflow-templates/renovate.yaml renovate.yaml@SHA # vVERSION
workflow-templates/update-repo-settings.yaml update-repo-settings.yaml@SHA # vVERSION

Uses versionPrefix: 'v' since workflow templates use v4.13.0 format (vs 0.2.26 for actions).

Now when any release runs, the auto-pin PR includes ALL internal references — both the action workflow files AND the workflow templates.

@marcusrbrown
fix: include workflow-templates in release auto-pin updates
f5fbb0b 
When the root package @bfra.me/.github is released, update SHA pins in
workflow-templates/ (renovate-changesets, renovate, update-repo-settings)
to prevent Renovate from creating follow-up PRs that trigger recursive
release cycles.
@bfra-me bfra-me bot added scripts Changes to automation scripts typescript Changes to TypeScript code and configuration labels Mar 19, 2026
@bfra-me bfra-me bot requested a review from fro-bot March 19, 2026 11:51
@marcusrbrown marcusrbrown enabled auto-merge (squash) March 19, 2026 11:53
fro-bot
fro-bot approved these changes Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@fro-bot fro-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verdict: PASS

Blocking issues

None

Non-blocking concerns

None

Missing tests

No tests exist for scripts/release.ts. The file is a release orchestration script with complex git/GitHub API interactions that would benefit from unit tests, particularly for the updateInternalWorkflowPins regex matching logic. Adding tests would help catch issues like pattern drift in future changes. However, this is pre-existing and not introduced by this PR.

Risk assessment: LOW

Rationale:

This is a well-scoped, targeted fix that adds workflow-templates to the existing auto-pin mechanism. The changes correctly address the recursive release loop described in PR #1825.

Code Review:

  1. Pattern correctness verified: The regex patterns correctly match the uses: lines in the three workflow templates:

    • renovate-changesets.yaml → matches renovate-changeset.yaml workflow reference
    • renovate.yaml → matches renovate.yaml workflow reference
    • update-repo-settings.yaml → matches update-repo-settings.yaml workflow reference

  2. Version prefix is correct: The root package @bfra.me/.github uses semver versioning (e.g., 4.13.1), and workflow templates prefix with v (e.g., # v4.13.0). The versionPrefix: 'v' correctly produces the expected format.

  3. Mapping structure follows existing patterns: The new mapping entry follows the same WorkflowPinMapping interface used by existing mappings for renovate-changesets and update-repository-settings actions.

  4. TypeScript type-check passes: No type errors introduced.

  5. Logic integration: The updateInternalWorkflowPins function already iterates over all WORKFLOW_PIN_MAPPINGS entries, so the new mapping will automatically be included in the release pinning workflow without additional changes.

Verified in templates:

# workflow-templates/renovate-changesets.yaml:17
uses: bfra-me/.github/.github/workflows/renovate-changeset.yaml@d36ffbc... # v4.13.0

# workflow-templates/renovate.yaml:46
uses: bfra-me/.github/.github/workflows/renovate.yaml@d36ffbc... # v4.13.0

# workflow-templates/update-repo-settings.yaml:16
uses: bfra-me/.github/.github/workflows/update-repo-settings.yaml@d36ffbc... # v4.13.0

All patterns match the actual uses: lines with SHA pins and version comments.

Run Summary
Field Value
Event pull_request
Repository bfra-me/.github
Run ID 23293520050
Cache hit
Session ses_2fa0fb445ffekXDymIVJKOxDsp

@marcusrbrown marcusrbrown merged commit 57ad95d into main Mar 19, 2026
12 checks passed
@marcusrbrown marcusrbrown deleted the fix/release-pin-workflow-templates branch March 19, 2026 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fro-bot fro-bot fro-bot approved these changes

Assignees

@marcusrbrown marcusrbrown

Labels

scripts Changes to automation scripts typescript Changes to TypeScript code and configuration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcusrbrown @fro-bot