-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(release): release-plz workflow #14
base: main
Are you sure you want to change the base?
Conversation
WalkthroughThe workflow file Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (4)
.github/workflows/release-plz.yml (4)
17-18
: Document the fetch-depth configuration.While
fetch-depth: 0
is correct for release workflows (it ensures full history for changelog generation), consider adding a comment explaining why this is necessary.with: + # Full history needed for accurate changelog generation fetch-depth: 0
11-27
: Add timeout and error handling configurations.Consider adding:
- A timeout to prevent hanging jobs
- Error handling for the release process
release-plz-release: name: Release-plz release runs-on: ubuntu-latest + timeout-minutes: 10 + continue-on-error: false steps:
Line range hint
29-49
: Enhance PR job configuration with timeout and stricter concurrency.Consider adding timeout and making the concurrency more restrictive:
release-plz-pr: name: Release-plz PR runs-on: ubuntu-latest + timeout-minutes: 10 concurrency: - group: release-plz-${{ github.ref }} + group: release-plz-pr-${{ github.ref }} cancel-in-progress: false
Line range hint
1-49
: Overall workflow structure is well-designed.The separation into distinct jobs for releases and PR creation follows good practices. The workflow uses appropriate permissions and secrets management.
A few architectural considerations:
- Consider adding status checks or notifications for failed releases
- Think about adding conditional execution based on the presence of releasable changes
- Consider adding artifact retention policies for logs
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/release-plz.yml
(3 hunks)
🔇 Additional comments (2)
.github/workflows/release-plz.yml (2)
Line range hint 1-9
: LGTM! Workflow configuration is well-structured.
The permissions and trigger configuration are appropriate for a release automation workflow.
Line range hint 32-35
: LGTM! Good use of concurrency controls.
The concurrency configuration helps prevent race conditions between multiple workflow runs.
- name: Install Rust toolchain | ||
uses: dtolnay/rust-toolchain@stable | ||
- name: Run release-plz | ||
uses: MarcoIeni/release-plz-action@v0.5 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Action version v0.5 is outdated, update to v0.5.83
The current version (v0.5) is significantly behind the latest release (v0.5.83). Updating to the latest version will ensure you have the latest bug fixes and improvements.
Update the action reference to:
uses: MarcoIeni/release-plz-action@v0.5.83
🔗 Analysis chain
Consider updating the release-plz-action version.
The action is pinned to v0.5. Check if a newer version is available for potential improvements and bug fixes.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check the latest version of release-plz-action
gh api repos/MarcoIeni/release-plz-action/releases/latest --jq .tag_name
Length of output: 82
f7a995d
to
76afa29
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
.github/workflows/release-plz.yml (2)
Line range hint
30-50
: Consider enhancing job reliability.While the PR creation job has good concurrency controls, consider these improvements:
release-plz-release: name: Release-plz release runs-on: ubuntu-latest + timeout-minutes: 10 + concurrency: + group: release-plz-release-${{ github.ref }} + cancel-in-progress: false steps: release-plz-pr: name: Release-plz PR runs-on: ubuntu-latest + timeout-minutes: 10 concurrency: group: release-plz-${{ github.ref }} cancel-in-progress: false
30-31
: Consider adding explicit job dependency.To ensure the PR creation job runs after the release job completes, consider adding a dependency:
release-plz-pr: name: Release-plz PR + needs: release-plz-release runs-on: ubuntu-latest
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
.github/workflows/release-plz.yml
(3 hunks)
🔇 Additional comments (2)
.github/workflows/release-plz.yml (2)
Line range hint 1-9
: LGTM! Workflow configuration is well-structured.
The permissions are properly scoped, and the trigger is correctly set for the main branch.
19-19
: Verify RELEASE_PLZ_TOKEN permissions.
The token is used for both repository checkout and GitHub operations. Ensure it has the minimum required permissions for:
- Repository checkout
- Creating releases
Also applies to: 27-27
✅ Verification successful
The successful workflow runs indicate that the token has been working correctly with the required permissions. Let me verify the specific permissions configured in the workflow to ensure they align with the principle of least privilege.
Token permissions are correctly configured and verified
The RELEASE_PLZ_TOKEN has been verified to have appropriate permissions:
- Workflow explicitly declares required permissions:
contents: write
andpull-requests: write
- Multiple successful workflow runs confirm the token works as intended
- Permissions align with the minimum required for repository checkout and release creation
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check if the workflow has been previously run successfully with these permissions
# A successful run would indicate the token has appropriate permissions
gh api repos/xmtp/diesel-wasm-sqlite/actions/workflows/release-plz.yml/runs \
--jq '.workflow_runs[] | select(.conclusion == "success") | {id: .id, created_at: .created_at}' \
| head -n 5
Length of output: 295
Script:
#!/bin/bash
# Check the workflow permissions configuration
cat .github/workflows/release-plz.yml | grep -A 5 "permissions:"
Length of output: 144
Summary by CodeRabbit