diff --git a/.github/workflows/agent-review-pr.yml b/.github/workflows/agent-review-pr.yml index 5d2d1e8..9a17f7d 100644 --- a/.github/workflows/agent-review-pr.yml +++ b/.github/workflows/agent-review-pr.yml @@ -37,7 +37,7 @@ jobs: node-version: [20.x, 22.x, 24.x] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkout PR (workflow_dispatch) if: github.event_name == 'workflow_dispatch' @@ -67,12 +67,12 @@ jobs: steps: - name: Generate review bot token id: review-bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.LLM_EXE_REVIEW_BOT_APP_ID }} + client-id: ${{ vars.LLM_EXE_REVIEW_BOT_CLIENT_ID }} private-key: ${{ secrets.LLM_EXE_REVIEW_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ steps.review-bot-token.outputs.token }} @@ -146,16 +146,16 @@ jobs: steps: - name: Generate review bot token id: review-bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.LLM_EXE_REVIEW_BOT_APP_ID }} + client-id: ${{ vars.LLM_EXE_REVIEW_BOT_CLIENT_ID }} private-key: ${{ secrets.LLM_EXE_REVIEW_BOT_PRIVATE_KEY }} - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Approve or skip diff --git a/.github/workflows/auto-merge-main-pr.yml b/.github/workflows/auto-merge-main-pr.yml index 9c5cd51..2bf3b18 100644 --- a/.github/workflows/auto-merge-main-pr.yml +++ b/.github/workflows/auto-merge-main-pr.yml @@ -30,13 +30,13 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'development' || github.event_name == 'pull_request' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Get PR number for development to main diff --git a/.github/workflows/bot-respond.yml b/.github/workflows/bot-respond.yml index c96e40f..754ecff 100644 --- a/.github/workflows/bot-respond.yml +++ b/.github/workflows/bot-respond.yml @@ -26,17 +26,17 @@ jobs: steps: - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Configure git run: | git config --global user.name "llm-exe-bot[bot]" - git config --global user.email "${{ secrets.APP_ID }}+llm-exe-bot[bot]@users.noreply.github.com" + git config --global user.email "${{ vars.APP_BOT_USER_ID }}+llm-exe-bot[bot]@users.noreply.github.com" - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ steps.bot-token.outputs.token }} diff --git a/.github/workflows/check-semantic-versioning.yml b/.github/workflows/check-semantic-versioning.yml index 42e5649..6823b28 100644 --- a/.github/workflows/check-semantic-versioning.yml +++ b/.github/workflows/check-semantic-versioning.yml @@ -16,7 +16,7 @@ jobs: enforce-semantic-version: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Fetch all tags run: git fetch --tags diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml index 84d37a2..5ead5dd 100644 --- a/.github/workflows/create-draft-release.yml +++ b/.github/workflows/create-draft-release.yml @@ -21,7 +21,7 @@ jobs: if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Get all draft releases id: get_drafts @@ -97,8 +97,8 @@ jobs: - name: Clean up release notes id: clean_release_notes run: | - # Remove automation-related commits (chore: bump version, Draft PR for release, Bump Version on PR to Main, docs: sync) and remove "by @username in" from PR references - CLEANED_BODY=$(sed '/chore: bump version/Id; /Draft PR for release/Id; /Bump Version on PR to Main/Id; /docs: sync/Id' release_body.txt | sed -E 's/ by @[^ ]+ in/ /g') + # Remove automation-related commits and remove "by @username in" from PR references + CLEANED_BODY=$(sed '/chore: bump version/Id; /Draft PR for release/Id; /Bump Version on PR to Main/Id; /docs: sync/Id; /revert version bump after failed publish/Id' release_body.txt | sed -E 's/ by @[^ ]+ in/ /g') echo "$CLEANED_BODY" > cleaned_body.txt echo "Cleaned release notes:" cat cleaned_body.txt diff --git a/.github/workflows/draft-main-pr.yml b/.github/workflows/draft-main-pr.yml index 739c143..9aaf545 100644 --- a/.github/workflows/draft-main-pr.yml +++ b/.github/workflows/draft-main-pr.yml @@ -20,15 +20,15 @@ jobs: if: ${{ github.event_name == 'release' || !(github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'development' && github.event.pull_request.head.ref == 'bump-version-branch') }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Get the latest release version diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 17157d6..73eb23b 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -8,6 +8,7 @@ on: permissions: contents: write + pull-requests: write jobs: check-release-branch: @@ -31,7 +32,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} REPO: ${{ github.repository }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 @@ -120,9 +121,20 @@ jobs: needs: [publish-action] name: Revert Release to Draft runs-on: ubuntu-latest - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: + - name: Generate bot token + id: bot-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ steps.bot-token.outputs.token }} + - name: Revert release to draft run: | RELEASE_ID=$(jq -r .release.id "$GITHUB_EVENT_PATH") @@ -141,7 +153,7 @@ jobs: BODY_JSON=$(jq -Rs '.' < release_body.txt) response=$(curl -s -X PATCH \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${GH_TOKEN}" \ + -H "Authorization: Bearer ${{ steps.bot-token.outputs.token }}" \ https://api.github.com/repos/${{ github.repository }}/releases/$RELEASE_ID \ -d "{\"draft\": true, \"body\": ${BODY_JSON}}") if echo "$response" | jq -e '.id' > /dev/null; then @@ -151,3 +163,74 @@ jobs: echo "$response" | jq '.' exit 1 fi + env: + GH_TOKEN: ${{ steps.bot-token.outputs.token }} + + - name: Delete release tag + run: | + TAG_NAME=$(jq -r .release.tag_name "$GITHUB_EVENT_PATH") + echo "Deleting git tag: $TAG_NAME" + if gh api -X DELETE "repos/${{ github.repository }}/git/refs/tags/$TAG_NAME"; then + echo "Tag $TAG_NAME deleted — version bump logic will no longer treat this version as released" + else + echo "Could not delete tag $TAG_NAME" + fi + env: + GH_TOKEN: ${{ steps.bot-token.outputs.token }} + + - name: Revert version bump in development and update draft PR title + run: | + TAG_NAME=$(jq -r .release.tag_name "$GITHUB_EVENT_PATH") + FAILED_VERSION="${TAG_NAME#v}" + + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git fetch origin development + + CURRENT_DEV_VERSION=$(git show origin/development:package.json | jq -r '.version') + echo "Failed version: $FAILED_VERSION | Current version on development: $CURRENT_DEV_VERSION" + + if [ "$CURRENT_DEV_VERSION" != "$FAILED_VERSION" ]; then + echo "development was bumped to v$CURRENT_DEV_VERSION after the failed release — reverting to v$FAILED_VERSION" + + git checkout -b revert-version-bump origin/development + jq --arg v "$FAILED_VERSION" '.version = $v' package.json > package.tmp && mv package.tmp package.json + git add package.json + git commit -m "chore: revert version bump after failed publish of v$FAILED_VERSION" + git push origin revert-version-bump --force + + EXISTING=$(gh pr list --state open --head revert-version-bump --base development --json number --jq '.[0].number') + if [ -z "$EXISTING" ]; then + gh pr create \ + --title "chore: revert version bump after failed publish of v$FAILED_VERSION" \ + --body "The v$FAILED_VERSION publish failed. Reverting package.json so the next release attempt re-uses v$FAILED_VERSION." \ + --base development \ + --head revert-version-bump + fi + + REVERT_PR=$(gh pr list --state open --head revert-version-bump --base development --json number --jq '.[0].number') + gh pr merge "$REVERT_PR" --admin --squash --delete-branch --repo ${{ github.repository }} + echo "development reverted to v$FAILED_VERSION" + else + echo "development already at v$FAILED_VERSION — no version revert needed" + fi + + # Update the draft dev→main PR title immediately (draft-main-pr.yml will also + # update it when the revert PR merges, but this ensures it happens right away) + EXPECTED_TITLE="Draft PR for release version v$FAILED_VERSION" + PR_INFO=$(gh pr list --base main --head development --state open --json number,title --jq '.[0]') + if [ -n "$PR_INFO" ] && [ "$PR_INFO" != "null" ]; then + PR_NUMBER=$(echo "$PR_INFO" | jq -r '.number') + PR_TITLE=$(echo "$PR_INFO" | jq -r '.title') + if [ "$PR_TITLE" != "$EXPECTED_TITLE" ]; then + gh pr edit "$PR_NUMBER" --title "$EXPECTED_TITLE" --repo ${{ github.repository }} + echo "Updated dev→main PR #$PR_NUMBER title to: $EXPECTED_TITLE" + else + echo "PR title already correct: $PR_TITLE" + fi + else + echo "No open dev→main PR found — title update skipped" + fi + env: + GH_TOKEN: ${{ steps.bot-token.outputs.token }} + GITHUB_TOKEN: ${{ steps.bot-token.outputs.token }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e52313f..39992c3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -23,7 +23,7 @@ jobs: matrix: node-version: [20.x, 22.x, 24.x] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v6 @@ -41,7 +41,7 @@ jobs: name: Verify dist is in sync with source runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # The Action runs the committed dist/index.js, not src/. This job rebuilds the # bundle and fails if the committed output drifts from source, so a release can diff --git a/.github/workflows/update-prs-with-development.yml b/.github/workflows/update-prs-with-development.yml index 2e67cef..e7df36a 100644 --- a/.github/workflows/update-prs-with-development.yml +++ b/.github/workflows/update-prs-with-development.yml @@ -17,12 +17,12 @@ jobs: steps: - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: token: ${{ steps.bot-token.outputs.token }}