feat(js-release): add js-release pipeline

[grandwizard28]

Features

• add js-release pipeline

Summary by CodeRabbit

• New Features

  • Introduced a new automated release workflow for streamlined integration with the Primus repository.

• Chores

  • Added a GitHub Actions workflow to facilitate the release process.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow named js-release.yaml has been introduced to automate the release process for the Primus repository. Triggered by a workflow_call event, it requires the PRIMUS_REF input parameter. The workflow includes a job that checks out the necessary repositories, generates a GitHub token, and executes a make command based on the specified reference type.

Changes

File	Change Summary
.github/workflows/js-release.yaml	Added a new workflow for automating the release process, including job configuration and steps.

Possibly related PRs

• feat(sh): add sh-fmt and sh-lint workflows #2: The sh-fmt and sh-lint workflows both utilize the PRIMUS_REF input parameter and define similar environment variables (PRIMUS_HOME and MAKE), indicating a shared structure and purpose in automating tasks related to the Primus repository.

Suggested reviewers

• srikanthccv

Poem

In the meadow where rabbits play,
A new workflow hops in today!
With js-release, it’s time to cheer,
Automating tasks, the goal is clear.
So let’s make some magic, hop with glee,
For smooth releases, just wait and see! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

.github/workflows/js-release.yaml (3)

15-17: Consider adding comments to explain environment variables

The environment variables PRIMUS_HOME and MAKE are set up, but their purpose might not be immediately clear to all developers.

Consider adding brief comments to explain the purpose of these variables:

env:
  # Directory where the Primus repository will be checked out
  PRIMUS_HOME: .primus
  # Command to run make with specific options and makefile
  MAKE: make --no-print-directory --makefile=.primus/src/make/main.mk

---

19-25: LGTM: Job configuration with a suggestion

The job configuration is well-structured with appropriate permissions and a dynamic environment setting based on the GitHub reference.

Consider adding a comment to explain the environment selection logic for better readability:

environment: >-
  ${{
    github.ref_type == 'tag' && 'production' ||
    github.ref_name == 'main' && 'staging' ||
    'review'
  }}
  # Selects 'production' for tags, 'staging' for main branch, 'review' for others

---

26-45: LGTM: Job steps with a suggestion for the info step

The job steps are well-structured and follow good practices, particularly the use of a GitHub App token for authentication.

For the info step, consider adding more detailed output and basic error handling:

- name: info
  run: |
    echo "Running info command..."
    if ! $MAKE info; then
      echo "Error: Failed to run info command"
      exit 1
    fi
    echo "Info command completed successfully"

This change will provide more context about the step's execution and handle potential errors.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 2fe5aa0 and f077566.

📒 Files selected for processing (1)

• .github/workflows/js-release.yaml (1 hunks)

🧰 Additional context used

actionlint

.github/workflows/js-release.yaml

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

🔇 Additional comments not posted (2)

.github/workflows/js-release.yaml (2)

11-13: LGTM: Default shell configuration

The default shell configuration using bash is appropriate and widely compatible.

---

1-45: Overall assessment: Well-structured workflow with minor improvements suggested

This GitHub Actions workflow for JavaScript release is well-designed and follows good practices. The suggestions provided are mainly for improving readability and error handling. Consider implementing these minor enhancements to make the workflow more robust and easier to maintain.

🧰 Tools

actionlint

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

[coderabbitai]

⚠️ Potential issue

Resolve contradictory input configuration for PRIMUS_REF

The PRIMUS_REF input is marked as both required: true and has a default value. This configuration is contradictory because if an input is required, its default value will never be used.

To resolve this, choose one of the following options:

1. If the input should be optional with a default value:

PRIMUS_REF:
  description: 'The primus ref to checkout.'
  required: false
  default: 'main'
  type: string

2. If the input should be required without a default:

PRIMUS_REF:
  description: 'The primus ref to checkout.'
  required: true
  type: string

🧰 Tools

actionlint

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between f077566 and ba440ec.

📒 Files selected for processing (1)

• .github/workflows/js-release.yaml (1 hunks)

🧰 Additional context used

actionlint

.github/workflows/js-release.yaml

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

🔇 Additional comments not posted (5)

.github/workflows/js-release.yaml (5)

11-17: LGTM: Default configuration and environment variables are well-defined

The default shell and environment variables are appropriately set for the workflow. Note that the MAKE variable uses a specific makefile path (.primus/src/make/main.mk). Ensure this path is correct and consistent with your project structure.

---

19-25: LGTM: Well-configured job with good security practices

The job configuration demonstrates good practices:

1. Dynamic environment setting based on the GitHub reference type and name.
2. Minimum required permissions set for contents (read) and id-token (write).

These configurations enhance security and flexibility in the CI/CD pipeline.

---

3-9: ⚠️ Potential issue

Resolve contradictory input configuration for PRIMUS_REF

The PRIMUS_REF input is marked as both required: true and has a default value. This configuration is contradictory because if an input is required, its default value will never be used.

To resolve this, choose one of the following options:

1. If the input should be optional with a default value:

PRIMUS_REF:
  description: 'The primus ref to checkout.'
  required: false
  default: 'main'
  type: string

2. If the input should be required without a default:

PRIMUS_REF:
  description: 'The primus ref to checkout.'
  required: true
  type: string

🧰 Tools

actionlint

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

---

57-63: Verify 'release' script in package.json

The release step uses the command pnpm release. Ensure that this script is defined in your package.json file.

#!/bin/bash
# Description: Verify 'release' script in package.json

# Test: Check if 'release' script is defined in package.json
jq '.scripts.release' package.json

---

27-36: Verify GitHub App permissions

The use of a GitHub App token for authentication is a good security practice. However, ensure that the app has only the minimum required permissions for this workflow.

[coderabbitai]

🛠️ Refactor suggestion

Consider using a version range for Node.js

The Node.js version is currently hardcoded to 20. To ensure compatibility with future versions while maintaining stability, consider using a version range.

- node-version: 20
+ node-version: '20.x'

This change allows for minor version updates within the Node.js 20.x range.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: node-install
	uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: "pnpm"
	- name: node-install
	uses: actions/setup-node@v4
	with:
	node-version: '20.x'
	cache: "pnpm"

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (3)

.github/workflows/js-release.yaml (3)

11-17: LGTM! Consider adding comments for clarity.

The default shell setting and environment variables are well-defined. The use of a specific makefile in the MAKE variable suggests a custom build process, which is good for maintaining consistency.

Consider adding brief comments to explain the purpose of these environment variables, especially MAKE, to improve readability for other developers. For example:

env:
  # Directory where Primus will be checked out
  PRIMUS_HOME: .primus
  # Custom make command using Primus-specific makefile
  MAKE: make --no-print-directory --makefile=.primus/src/make/main.mk

---

19-25: LGTM! Consider adding a comment for the environment logic.

The job configuration is well-structured with appropriate settings for a release workflow. The dynamic environment setting based on the GitHub reference is a good practice.

Consider adding a brief comment to explain the environment selection logic for better clarity:

jobs:
  release:
    runs-on: ubuntu-latest
    # Set environment based on the type of ref:
    # - 'production' for tags
    # - 'staging' for the main branch
    # - 'review' for all other cases
    environment: ${{ github.ref_type == 'tag' && 'production' || github.ref_name == 'main' && 'staging' || 'review' }}
    permissions:
      contents: 'read'
      id-token: 'write'

---

55-67: LGTM! Consider using GITHUB_TOKEN for changesets/action.

The final steps for dependency installation, Git setup, and release creation are well-structured. The use of changesets for release management is a good practice.

For improved security, consider using the built-in GITHUB_TOKEN instead of a custom token for the changesets/action step. This token has the necessary permissions for most operations and automatically expires. Update the environment section as follows:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NPM_TOKEN: ${{ secrets.PRIMUS_NPM_TOKEN }}

This change reduces the risk associated with long-lived custom tokens.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between ba440ec and 6a2447f.

📒 Files selected for processing (1)

• .github/workflows/js-release.yaml (1 hunks)

🧰 Additional context used

actionlint

.github/workflows/js-release.yaml

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

🔇 Additional comments not posted (3)

.github/workflows/js-release.yaml (3)

1-9: Resolve contradictory input configuration for PRIMUS_REF

The PRIMUS_REF input is currently configured as both required and with a default value. This configuration is contradictory because a required input's default value will never be used.

The previous review comment on this issue is still valid. Please refer to it for the suggested solutions.

To ensure this is the only occurrence of such configuration, run the following script:

#!/bin/bash
# Description: Check for inputs that are both required and have a default value
rg --type yaml 'required:\s*true.*\n.*default:' .github/workflows

🧰 Tools

actionlint

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

---

26-49: LGTM! Well-structured setup steps.

The job steps are well-organized and cover all necessary actions for a release workflow. The use of a GitHub App token for authentication is a good security practice.

---

50-54: Consider using a version range for Node.js

The previous review comment on this issue is still valid. Using a version range for Node.js would ensure compatibility with future versions while maintaining stability.

To check if this is the only occurrence of a hardcoded Node.js version, run the following script:

#!/bin/bash
# Description: Check for hardcoded Node.js versions in workflow files
rg --type yaml 'node-version:\s*\d+$' .github/workflows

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/workflows/js-release.yaml (2)

15-17: LGTM: Environment variables setup

The environment variables are well-defined and appear to be setting up the necessary paths and commands for the Primus project.

Consider adding a brief comment explaining the purpose of the PRIMUS_HOME and MAKE variables for better clarity:

env:
  # Directory for Primus-related files
  PRIMUS_HOME: .primus
  # Custom make command using Primus-specific makefile
  MAKE: make --no-print-directory --makefile=.primus/src/make/main.mk

---

60-68: LGTM: Release creation step

The release creation step is well-configured:

• Uses changesets for release management, which is a good practice.
• Correctly uses the pnpm release command for publishing.
• Disables automatic Git user setup and GitHub release creation, which is consistent with earlier custom setups.
• Securely uses tokens from secrets for GitHub and NPM authentication.

Consider adding a brief comment explaining why automatic GitHub release creation is disabled:

- name: create-release
  uses: changesets/action@v1
  with:
    publish: pnpm release
    setupGitUser: false
    # Disabled to use custom release process (if applicable)
    createGithubReleases: false
  env:
    GITHUB_TOKEN: ${{ steps.token.outputs.token }}
    NPM_TOKEN: ${{ secrets.PRIMUS_NPM_TOKEN }}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6a2447f and 754392b.

📒 Files selected for processing (1)

• .github/workflows/js-release.yaml (1 hunks)

🧰 Additional context used

actionlint

.github/workflows/js-release.yaml

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

🔇 Additional comments not posted (5)

.github/workflows/js-release.yaml (5)

11-13: LGTM: Default shell configuration

The default shell configuration using bash is appropriate and widely compatible with most GitHub Actions workflows.

---

19-25: LGTM: Job configuration

The job configuration is well-structured:

• Using ubuntu-latest ensures compatibility with most actions.
• Dynamic environment selection based on the GitHub reference is a good practice for managing different release stages.
• The permissions are appropriately set for typical release operations.

---

26-45: LGTM: Initial setup steps

The initial setup steps are well-structured and cover necessary operations:

1. Self-checkout of the workflow repository.
2. Secure GitHub App token generation for authentication.
3. Checkout of the Primus repository using the provided input parameter.
4. Gathering of information using the custom make command.

These steps provide a solid foundation for the release process.

---

1-9: ⚠️ Potential issue

Resolve contradictory input configuration for PRIMUS_REF

The PRIMUS_REF input is currently configured as both required and having a default value. This is contradictory because if an input is required, its default value will never be used.

To resolve this, choose one of the following options:

1. If the input should be optional with a default value:

PRIMUS_REF:
  description: 'The primus ref to checkout.'
  required: false
  default: 'main'
  type: string

2. If the input should be required without a default:

PRIMUS_REF:
  description: 'The primus ref to checkout.'
  required: true
  type: string

Choose the option that best fits your workflow requirements.

🧰 Tools

actionlint

8-8: input "PRIMUS_REF" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used

(events)

---

46-59: 🛠️ Refactor suggestion

Consider using a version range for Node.js

The current Node.js setup uses a specific version (20). To ensure compatibility with future versions while maintaining stability, consider using a version range.

- node-version: 20
+ node-version: '20.x'

This change allows for minor version updates within the Node.js 20.x range, providing a balance between stability and future compatibility.