From dfd14c8852c6ec66f40f11ae0b4254289bb0e812 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:30:14 -0500 Subject: [PATCH 01/11] update actions/checkout and actions/create-github-app-token versions for improved functionality --- .github/workflows/agent-review-pr.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/agent-review-pr.yml b/.github/workflows/agent-review-pr.yml index 5d2d1e8..f782bc5 100644 --- a/.github/workflows/agent-review-pr.yml +++ b/.github/workflows/agent-review-pr.yml @@ -37,7 +37,7 @@ jobs: node-version: [20.x, 22.x, 24.x] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Checkout PR (workflow_dispatch) if: github.event_name == 'workflow_dispatch' @@ -67,12 +67,12 @@ jobs: steps: - name: Generate review bot token id: review-bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.LLM_EXE_REVIEW_BOT_APP_ID }} + client-id: ${{ vars. LLM_EXE_REVIEW_BOT_CLIENT_ID }} private-key: ${{ secrets.LLM_EXE_REVIEW_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ steps.review-bot-token.outputs.token }} @@ -146,16 +146,16 @@ jobs: steps: - name: Generate review bot token id: review-bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.LLM_EXE_REVIEW_BOT_APP_ID }} + client-id: ${{ vars. LLM_EXE_REVIEW_BOT_CLIENT_ID }} private-key: ${{ secrets.LLM_EXE_REVIEW_BOT_PRIVATE_KEY }} - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Approve or skip From 89e8a7e4debc16f1f77f32e0bec1e708128a60a8 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:30:31 -0500 Subject: [PATCH 02/11] update actions/checkout and actions/create-github-app-token versions for improved functionality --- .github/workflows/auto-merge-main-pr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/auto-merge-main-pr.yml b/.github/workflows/auto-merge-main-pr.yml index 9c5cd51..2bf3b18 100644 --- a/.github/workflows/auto-merge-main-pr.yml +++ b/.github/workflows/auto-merge-main-pr.yml @@ -30,13 +30,13 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'development' || github.event_name == 'pull_request' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Get PR number for development to main From 66d205f7e9cd3edad6781465b4bc447b8b078ee5 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:30:58 -0500 Subject: [PATCH 03/11] update actions/create-github-app-token to v3 and actions/checkout to v6 for improved functionality --- .github/workflows/bot-respond.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bot-respond.yml b/.github/workflows/bot-respond.yml index c96e40f..17d083e 100644 --- a/.github/workflows/bot-respond.yml +++ b/.github/workflows/bot-respond.yml @@ -26,9 +26,9 @@ jobs: steps: - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Configure git @@ -36,7 +36,7 @@ jobs: git config --global user.name "llm-exe-bot[bot]" git config --global user.email "${{ secrets.APP_ID }}+llm-exe-bot[bot]@users.noreply.github.com" - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 token: ${{ steps.bot-token.outputs.token }} From 58908fea679e8ad08e24fba0ca0dad5c992ea472 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:31:07 -0500 Subject: [PATCH 04/11] update actions/checkout to v6 for improved functionality --- .github/workflows/check-semantic-versioning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-semantic-versioning.yml b/.github/workflows/check-semantic-versioning.yml index 42e5649..6823b28 100644 --- a/.github/workflows/check-semantic-versioning.yml +++ b/.github/workflows/check-semantic-versioning.yml @@ -16,7 +16,7 @@ jobs: enforce-semantic-version: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Fetch all tags run: git fetch --tags From f93acb596443b70b0d60d27eb5d12c6c1c645645 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:31:20 -0500 Subject: [PATCH 05/11] update actions/checkout to v6 and refine release notes cleanup process --- .github/workflows/create-draft-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-draft-release.yml b/.github/workflows/create-draft-release.yml index 84d37a2..5ead5dd 100644 --- a/.github/workflows/create-draft-release.yml +++ b/.github/workflows/create-draft-release.yml @@ -21,7 +21,7 @@ jobs: if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Get all draft releases id: get_drafts @@ -97,8 +97,8 @@ jobs: - name: Clean up release notes id: clean_release_notes run: | - # Remove automation-related commits (chore: bump version, Draft PR for release, Bump Version on PR to Main, docs: sync) and remove "by @username in" from PR references - CLEANED_BODY=$(sed '/chore: bump version/Id; /Draft PR for release/Id; /Bump Version on PR to Main/Id; /docs: sync/Id' release_body.txt | sed -E 's/ by @[^ ]+ in/ /g') + # Remove automation-related commits and remove "by @username in" from PR references + CLEANED_BODY=$(sed '/chore: bump version/Id; /Draft PR for release/Id; /Bump Version on PR to Main/Id; /docs: sync/Id; /revert version bump after failed publish/Id' release_body.txt | sed -E 's/ by @[^ ]+ in/ /g') echo "$CLEANED_BODY" > cleaned_body.txt echo "Cleaned release notes:" cat cleaned_body.txt From 1045f402ce4ec8b5408d94346e890a5e218c6384 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:31:39 -0500 Subject: [PATCH 06/11] update actions/checkout to v6 and actions/create-github-app-token to v3 for improved functionality --- .github/workflows/draft-main-pr.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/draft-main-pr.yml b/.github/workflows/draft-main-pr.yml index 739c143..9aaf545 100644 --- a/.github/workflows/draft-main-pr.yml +++ b/.github/workflows/draft-main-pr.yml @@ -20,15 +20,15 @@ jobs: if: ${{ github.event_name == 'release' || !(github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'development' && github.event.pull_request.head.ref == 'bump-version-branch') }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Get the latest release version From 253322c8c2aac2aae6991a8efe0cb6fd2694e8f5 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:31:57 -0500 Subject: [PATCH 07/11] update actions/checkout to v6 and actions/create-github-app-token to v3 for improved functionality and enhanced release handling --- .github/workflows/publish-release.yml | 91 +++++++++++++++++++++++++-- 1 file changed, 87 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 17157d6..73eb23b 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -8,6 +8,7 @@ on: permissions: contents: write + pull-requests: write jobs: check-release-branch: @@ -31,7 +32,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} REPO: ${{ github.repository }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 @@ -120,9 +121,20 @@ jobs: needs: [publish-action] name: Revert Release to Draft runs-on: ubuntu-latest - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: + - name: Generate bot token + id: bot-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ steps.bot-token.outputs.token }} + - name: Revert release to draft run: | RELEASE_ID=$(jq -r .release.id "$GITHUB_EVENT_PATH") @@ -141,7 +153,7 @@ jobs: BODY_JSON=$(jq -Rs '.' < release_body.txt) response=$(curl -s -X PATCH \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${GH_TOKEN}" \ + -H "Authorization: Bearer ${{ steps.bot-token.outputs.token }}" \ https://api.github.com/repos/${{ github.repository }}/releases/$RELEASE_ID \ -d "{\"draft\": true, \"body\": ${BODY_JSON}}") if echo "$response" | jq -e '.id' > /dev/null; then @@ -151,3 +163,74 @@ jobs: echo "$response" | jq '.' exit 1 fi + env: + GH_TOKEN: ${{ steps.bot-token.outputs.token }} + + - name: Delete release tag + run: | + TAG_NAME=$(jq -r .release.tag_name "$GITHUB_EVENT_PATH") + echo "Deleting git tag: $TAG_NAME" + if gh api -X DELETE "repos/${{ github.repository }}/git/refs/tags/$TAG_NAME"; then + echo "Tag $TAG_NAME deleted — version bump logic will no longer treat this version as released" + else + echo "Could not delete tag $TAG_NAME" + fi + env: + GH_TOKEN: ${{ steps.bot-token.outputs.token }} + + - name: Revert version bump in development and update draft PR title + run: | + TAG_NAME=$(jq -r .release.tag_name "$GITHUB_EVENT_PATH") + FAILED_VERSION="${TAG_NAME#v}" + + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git fetch origin development + + CURRENT_DEV_VERSION=$(git show origin/development:package.json | jq -r '.version') + echo "Failed version: $FAILED_VERSION | Current version on development: $CURRENT_DEV_VERSION" + + if [ "$CURRENT_DEV_VERSION" != "$FAILED_VERSION" ]; then + echo "development was bumped to v$CURRENT_DEV_VERSION after the failed release — reverting to v$FAILED_VERSION" + + git checkout -b revert-version-bump origin/development + jq --arg v "$FAILED_VERSION" '.version = $v' package.json > package.tmp && mv package.tmp package.json + git add package.json + git commit -m "chore: revert version bump after failed publish of v$FAILED_VERSION" + git push origin revert-version-bump --force + + EXISTING=$(gh pr list --state open --head revert-version-bump --base development --json number --jq '.[0].number') + if [ -z "$EXISTING" ]; then + gh pr create \ + --title "chore: revert version bump after failed publish of v$FAILED_VERSION" \ + --body "The v$FAILED_VERSION publish failed. Reverting package.json so the next release attempt re-uses v$FAILED_VERSION." \ + --base development \ + --head revert-version-bump + fi + + REVERT_PR=$(gh pr list --state open --head revert-version-bump --base development --json number --jq '.[0].number') + gh pr merge "$REVERT_PR" --admin --squash --delete-branch --repo ${{ github.repository }} + echo "development reverted to v$FAILED_VERSION" + else + echo "development already at v$FAILED_VERSION — no version revert needed" + fi + + # Update the draft dev→main PR title immediately (draft-main-pr.yml will also + # update it when the revert PR merges, but this ensures it happens right away) + EXPECTED_TITLE="Draft PR for release version v$FAILED_VERSION" + PR_INFO=$(gh pr list --base main --head development --state open --json number,title --jq '.[0]') + if [ -n "$PR_INFO" ] && [ "$PR_INFO" != "null" ]; then + PR_NUMBER=$(echo "$PR_INFO" | jq -r '.number') + PR_TITLE=$(echo "$PR_INFO" | jq -r '.title') + if [ "$PR_TITLE" != "$EXPECTED_TITLE" ]; then + gh pr edit "$PR_NUMBER" --title "$EXPECTED_TITLE" --repo ${{ github.repository }} + echo "Updated dev→main PR #$PR_NUMBER title to: $EXPECTED_TITLE" + else + echo "PR title already correct: $PR_TITLE" + fi + else + echo "No open dev→main PR found — title update skipped" + fi + env: + GH_TOKEN: ${{ steps.bot-token.outputs.token }} + GITHUB_TOKEN: ${{ steps.bot-token.outputs.token }} From 97e0dc1254046135f1a8187d461eae35e84cdbb3 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:32:18 -0500 Subject: [PATCH 08/11] update actions/checkout to v6 for consistency across jobs --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e52313f..39992c3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -23,7 +23,7 @@ jobs: matrix: node-version: [20.x, 22.x, 24.x] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v6 @@ -41,7 +41,7 @@ jobs: name: Verify dist is in sync with source runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 # The Action runs the committed dist/index.js, not src/. This job rebuilds the # bundle and fails if the committed output drifts from source, so a release can From 4dbe9f7dc9b4b10914aa334e89337e91bfd96a60 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 10:34:01 -0500 Subject: [PATCH 09/11] update actions/create-github-app-token to v3 and actions/checkout to v6 for improved functionality --- .github/workflows/update-prs-with-development.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-prs-with-development.yml b/.github/workflows/update-prs-with-development.yml index 2e67cef..e7df36a 100644 --- a/.github/workflows/update-prs-with-development.yml +++ b/.github/workflows/update-prs-with-development.yml @@ -17,12 +17,12 @@ jobs: steps: - name: Generate bot token id: bot-token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@v3 with: - app-id: ${{ secrets.APP_ID }} + client-id: ${{ vars.APP_CLIENT_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: token: ${{ steps.bot-token.outputs.token }} From 8efbd59caf5b3724d8dd0d52a6cd4e351c7dbf92 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 13:51:53 -0500 Subject: [PATCH 10/11] fix: remove extra space in client-id variable for create-github-app-token action --- .github/workflows/agent-review-pr.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/agent-review-pr.yml b/.github/workflows/agent-review-pr.yml index f782bc5..9a17f7d 100644 --- a/.github/workflows/agent-review-pr.yml +++ b/.github/workflows/agent-review-pr.yml @@ -69,7 +69,7 @@ jobs: id: review-bot-token uses: actions/create-github-app-token@v3 with: - client-id: ${{ vars. LLM_EXE_REVIEW_BOT_CLIENT_ID }} + client-id: ${{ vars.LLM_EXE_REVIEW_BOT_CLIENT_ID }} private-key: ${{ secrets.LLM_EXE_REVIEW_BOT_PRIVATE_KEY }} - uses: actions/checkout@v6 @@ -148,7 +148,7 @@ jobs: id: review-bot-token uses: actions/create-github-app-token@v3 with: - client-id: ${{ vars. LLM_EXE_REVIEW_BOT_CLIENT_ID }} + client-id: ${{ vars.LLM_EXE_REVIEW_BOT_CLIENT_ID }} private-key: ${{ secrets.LLM_EXE_REVIEW_BOT_PRIVATE_KEY }} - name: Generate bot token From 124008f18814ce0a6d126369c548b9d2862d9da0 Mon Sep 17 00:00:00 2001 From: devfrankduah Date: Thu, 18 Jun 2026 13:52:13 -0500 Subject: [PATCH 11/11] fix: update git user email configuration to use APP_BOT_USER_ID variable --- .github/workflows/bot-respond.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bot-respond.yml b/.github/workflows/bot-respond.yml index 17d083e..754ecff 100644 --- a/.github/workflows/bot-respond.yml +++ b/.github/workflows/bot-respond.yml @@ -34,7 +34,7 @@ jobs: - name: Configure git run: | git config --global user.name "llm-exe-bot[bot]" - git config --global user.email "${{ secrets.APP_ID }}+llm-exe-bot[bot]@users.noreply.github.com" + git config --global user.email "${{ vars.APP_BOT_USER_ID }}+llm-exe-bot[bot]@users.noreply.github.com" - uses: actions/checkout@v6 with: