ci: update github workflows

[lachlancollins]

• Update actions/checkout and actions/labeler
• Merge changeset-preview.yml into pr.yml

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflow versions across CI/CD pipelines.
  • Refactored configuration schemas and workflow structure for improved system reliability.
  • Removed unused documentation and workflow files.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 42d7976

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates GitHub Actions dependencies across multiple workflows, standardizes action references by capitalizing the tanstack organization name, removes and relocates a changeset preview workflow, updates changesets configuration, and adds a new version preview job to the pull request workflow.

Changes

Cohort / File(s)	Summary
Changesets Configuration .changeset/README.md, .changeset/config.json	Deleted README documentation and bumped schema version from 3.1.1 to 3.1.2.
GitHub Workflows: Standard Updates .github/workflows/autofix.yml, bundle-size.yml, release.yml, client-nav-benchmarks.yml	Bumped actions/checkout from v6.0.1 to v6.0.2 and updated setup action reference from tanstack/config to TanStack/config (capitalization change).
GitHub Workflows: Enhanced Workflows .github/workflows/pr.yml	Added new "Version Preview" job with changeset preview action, alongside standard checkout and setup action updates.
GitHub Workflows: Updated Workflows .github/workflows/labeler.yml	Updated trigger syntax, removed per-job permissions, and upgraded labeler action from v5.0.0 to v6.0.1.
GitHub Workflows: Modified Actions .github/workflows/client-nav-benchmarks.yml	Added CodSpeedHQ/action@v4 with simulation mode configuration to the Run step.
GitHub Workflows: Removed .github/workflows/changeset-preview.yml	Deleted entire changeset preview workflow file (functionality moved into pr.yml).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 Bouncing through workflows with glee,
Version bumps and capitalization spree,
Tanstack became TanStack with flair,
New preview jobs floating in air,
Actions aligned, the repo's now neat!
Hip-hop to the finish—what a treat! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: update github workflows' directly relates to the main changes, which involve updating GitHub Actions versions, fixing repository references, and merging workflow files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update-workflows

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 42d7976

Command	Status	Duration	Result
nx affected --targets=test:eslint,test:unit,tes...	✅ Succeeded	<1s	View ↗
nx run-many --target=build --exclude=examples/*...	✅ Succeeded	5s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-17 12:47:17 UTC

[github-actions]

🚀 Changeset Version Preview

No changeset entries found. Merging this PR will not cause a version bump for any packages.

[pkg-pr-new]

More templates

• tanstack-router-react-example-authenticated-routes
• tanstack-router-react-example-authenticated-routes-firebase
• tanstack-router-react-example-basic
• tanstack-router-react-example-basic-default-search-params
• tanstack-router-react-example-basic-devtools-panel
• tanstack-router-react-example-basic-file-based
• tanstack-router-react-example-basic-non-nested-devtools
• tanstack-router-react-example-react-query
• tanstack-router-react-example-basic-react-query-file-based
• tanstack-router-react-example-basic-ssr-file-based
• tanstack-router-react-example-basic-ssr-streaming-file-based
• tanstack-router-react-example-basic-virtual-file-based
• tanstack-router-react-example-basic-virtual-inside-file-based
• tanstack-router-react-example-deferred-data
• tanstack-router-i18n-paraglide
• tanstack-router-react-example-kitchen-sink
• tanstack-router-react-example-kitchen-sink-file-based
• tanstack-router-react-example-kitchen-sink-react-query
• tanstack-router-react-example-kitchen-sink-react-query-file-based
• tanstack-router-react-example-large-file-based
• tanstack-router-react-example-location-masking
• tanstack-router-react-example-navigation-blocking
• tanstack-router-react-example-quickstart
• tanstack-router-react-example-quickstart-esbuild-file-based
• tanstack-router-react-example-quickstart-file-based
• tanstack-router-react-example-quickstart-rspack-file-based
• tanstack-router-react-example-quickstart-webpack-file-based
• router-monorepo-react-query
• router-mono-simple
• router-mono-simple-lazy
• tanstack-router-react-example-scroll-restoration
• tanstack-search-validator-adapters
• tanstack-start-example-bare
• tanstack-start-example-basic
• tanstack-start-example-basic-auth
• tanstack-router-react-example-basic-authjs
• tanstack-start-example-basic-cloudflare
• tanstack-start-example-basic-react-query
• tanstack-start-example-basic-rsc
• tanstack-start-example-basic-static
• tanstack-start-bun-hosting
• tanstack-start-example-clerk-basic
• tanstack-start-example-convex-trellaux
• tanstack-start-example-counter
• tanstack-start-i18n-paraglide
• tanstack-start-example-large
• tanstack-start-example-material-ui
• tanstack-start-streaming-data-from-server-functions
• tanstack-start-example-supabase-basic
• tanstack-start-tailwind-v4
• tanstack-start-example-trellaux
• tanstack-start-example-workos
• tanstack-router-react-example-view-transitions
• tanstack-router-react-example-with-framer-motion
• tanstack-router-react-example-with-trpc
• tanstack-router-react-example-with-trpc-react-query
• tanstack-router-solid-example-authenticated-routes
• tanstack-router-solid-example-authenticated-routes-firebase
• tanstack-router-solid-example-basic
• tanstack-router-solid-example-basic-default-search-params
• tanstack-router-solid-example-basic-devtools-panel
• tanstack-router-solid-example-basic-file-based
• tanstack-router-solid-example-basic-non-nested-devtools
• tanstack-router-solid-example-basic-solid-query
• tanstack-router-solid-example-basic-solid-query-file-based
• tanstack-router-solid-example-basic-ssr-file-based
• tanstack-router-solid-example-basic-ssr-streaming-file-based
• tanstack-router-solid-example-basic-virtual-file-based
• tanstack-router-solid-example-basic-virtual-inside-file-based
• tanstack-router-solid-example-deferred-data
• tanstack-router-solid-i18n-paraglide
• tanstack-router-solid-example-kitchen-sink
• tanstack-router-solid-example-kitchen-sink-file-based
• tanstack-router-solid-example-kitchen-sink-solid-query
• tanstack-router-solid-example-kitchen-sink-solid-query-file-based
• tanstack-router-solid-example-large-file-based
• tanstack-router-solid-example-location-masking
• tanstack-router-solid-example-navigation-blocking
• tanstack-router-solid-example-quickstart
• tanstack-router-solid-example-quickstart-esbuild-file-based
• tanstack-router-solid-example-quickstart-file-based
• tanstack-router-solid-example-quickstart-rspack-file-based
• tanstack-router-solid-example-quickstart-webpack-file-based
• @tanstack/router-solid-mono-simple
• router-solid-mono-simple-lazy
• router-solid-monorepo-solid-query
• tanstack-router-solid-example-scroll-restoration
• tanstack-solid-router-search-validator-adapters
• tanstack-solid-start-example-basic
• tanstack-solid-start-example-basic-auth
• tanstack-solid-start-example-basic-authjs
• tanstack-solid-start-example-basic-cloudflare
• tanstack-solid-start-example-basic-netlify
• tanstack-solid-start-example-basic-nitro
• tanstack-start-example-basic-solid-query
• tanstack-solid-start-example-basic-static
• tanstack-solid-start-bun-hosting
• tanstack-solid-start-example-convex-better-auth
• tanstack-solid-start-example-counter
• tanstack-solid-start-i18n-paraglide
• tanstack-solid-start-example-large
• tanstack-solid-start-streaming-data-from-server-functions
• tanstack-solid-start-example-supabase-basic
• tanstack-solid-start-tailwind-v4
• tanstack-router-solid-example-view-transitions
• tanstack-router-solid-example-with-framer-motion
• tanstack-router-solid-example-with-trpc
• tanstack-router-vue-example-basic-jsx
• tanstack-router-vue-example-basic-file-based-jsx
• tanstack-router-vue-example-basic-file-based-sfc

@tanstack/arktype-adapter

npm i https://pkg.pr.new/@tanstack/arktype-adapter@6952

@tanstack/eslint-plugin-router

npm i https://pkg.pr.new/@tanstack/eslint-plugin-router@6952

@tanstack/history

npm i https://pkg.pr.new/@tanstack/history@6952

@tanstack/nitro-v2-vite-plugin

npm i https://pkg.pr.new/@tanstack/nitro-v2-vite-plugin@6952

@tanstack/react-router

npm i https://pkg.pr.new/@tanstack/react-router@6952

@tanstack/react-router-devtools

npm i https://pkg.pr.new/@tanstack/react-router-devtools@6952

@tanstack/react-router-ssr-query

npm i https://pkg.pr.new/@tanstack/react-router-ssr-query@6952

@tanstack/react-start

npm i https://pkg.pr.new/@tanstack/react-start@6952

@tanstack/react-start-client

npm i https://pkg.pr.new/@tanstack/react-start-client@6952

@tanstack/react-start-server

npm i https://pkg.pr.new/@tanstack/react-start-server@6952

@tanstack/router-cli

npm i https://pkg.pr.new/@tanstack/router-cli@6952

@tanstack/router-core

npm i https://pkg.pr.new/@tanstack/router-core@6952

@tanstack/router-devtools

npm i https://pkg.pr.new/@tanstack/router-devtools@6952

@tanstack/router-devtools-core

npm i https://pkg.pr.new/@tanstack/router-devtools-core@6952

@tanstack/router-generator

npm i https://pkg.pr.new/@tanstack/router-generator@6952

@tanstack/router-plugin

npm i https://pkg.pr.new/@tanstack/router-plugin@6952

@tanstack/router-ssr-query-core

npm i https://pkg.pr.new/@tanstack/router-ssr-query-core@6952

@tanstack/router-utils

npm i https://pkg.pr.new/@tanstack/router-utils@6952

@tanstack/router-vite-plugin

npm i https://pkg.pr.new/@tanstack/router-vite-plugin@6952

@tanstack/solid-router

npm i https://pkg.pr.new/@tanstack/solid-router@6952

@tanstack/solid-router-devtools

npm i https://pkg.pr.new/@tanstack/solid-router-devtools@6952

@tanstack/solid-router-ssr-query

npm i https://pkg.pr.new/@tanstack/solid-router-ssr-query@6952

@tanstack/solid-start

npm i https://pkg.pr.new/@tanstack/solid-start@6952

@tanstack/solid-start-client

npm i https://pkg.pr.new/@tanstack/solid-start-client@6952

@tanstack/solid-start-server

npm i https://pkg.pr.new/@tanstack/solid-start-server@6952

@tanstack/start-client-core

npm i https://pkg.pr.new/@tanstack/start-client-core@6952

@tanstack/start-fn-stubs

npm i https://pkg.pr.new/@tanstack/start-fn-stubs@6952

@tanstack/start-plugin-core

npm i https://pkg.pr.new/@tanstack/start-plugin-core@6952

@tanstack/start-server-core

npm i https://pkg.pr.new/@tanstack/start-server-core@6952

@tanstack/start-static-server-functions

npm i https://pkg.pr.new/@tanstack/start-static-server-functions@6952

@tanstack/start-storage-context

npm i https://pkg.pr.new/@tanstack/start-storage-context@6952

@tanstack/valibot-adapter

npm i https://pkg.pr.new/@tanstack/valibot-adapter@6952

@tanstack/virtual-file-routes

npm i https://pkg.pr.new/@tanstack/virtual-file-routes@6952

@tanstack/vue-router

npm i https://pkg.pr.new/@tanstack/vue-router@6952

@tanstack/vue-router-devtools

npm i https://pkg.pr.new/@tanstack/vue-router-devtools@6952

@tanstack/vue-router-ssr-query

npm i https://pkg.pr.new/@tanstack/vue-router-ssr-query@6952

@tanstack/vue-start

npm i https://pkg.pr.new/@tanstack/vue-start@6952

@tanstack/vue-start-client

npm i https://pkg.pr.new/@tanstack/vue-start-client@6952

@tanstack/vue-start-server

npm i https://pkg.pr.new/@tanstack/vue-start-server@6952

@tanstack/zod-adapter

npm i https://pkg.pr.new/@tanstack/zod-adapter@6952

commit: 42d7976

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/pr.yml:
- Around line 26-27: Replace all mutable action refs (e.g.,
actions/checkout@v6.0.2 and any other `@vX.Y.Z` or `@main` refs) with their
corresponding immutable 40-character commit SHAs; locate every "uses:" entry in
the workflow (notably the entries referenced in the review around the lines for
actions/checkout and other external actions such as actions/setup-node) and
update each tag to the full commit SHA from the action’s repository to ensure
reproducible, pinned dependencies.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8686fd88-3522-456a-aaa4-b4eccf3831ce

📥 Commits

Reviewing files that changed from the base of the PR and between 97dc9f6 and 42d7976.

📒 Files selected for processing (9)

• .changeset/README.md
• .changeset/config.json
• .github/workflows/autofix.yml
• .github/workflows/bundle-size.yml
• .github/workflows/changeset-preview.yml
• .github/workflows/client-nav-benchmarks.yml
• .github/workflows/labeler.yml
• .github/workflows/pr.yml
• .github/workflows/release.yml

💤 Files with no reviewable changes (2)

• .changeset/README.md
• .github/workflows/changeset-preview.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify which workflow action refs are still mutable (not pinned to full SHA)
rg -nP --type=yaml '^\s*uses:\s*[^@\s]+@(?!(?:[0-9a-f]{40})\b)\S+' .github/workflows

Repository: TanStack/router

Length of output: 2145

---

🏁 Script executed:

cat -n .github/workflows/pr.yml | head -70

Repository: TanStack/router

Length of output: 2255

---

Pin action refs to immutable commit SHAs.

The workflow uses mutable version tags (@v6.0.2, @v4.4.0) and branch refs (@main), which can change unexpectedly and break CI or introduce security risks. Pin all external actions to full 40-character commit SHAs.

Suggested refactor pattern

-        uses: TanStack/config/.github/setup@main
+        uses: TanStack/config/.github/setup@<40-char-commit-sha>

-        uses: TanStack/config/.github/changeset-preview@main
+        uses: TanStack/config/.github/changeset-preview@<40-char-commit-sha>

Also applies to lines 26, 34, 47, 61 (version tags) and other workflows.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pr.yml around lines 26 - 27, Replace all mutable action
refs (e.g., actions/checkout@v6.0.2 and any other `@vX.Y.Z` or `@main` refs) with
their corresponding immutable 40-character commit SHAs; locate every "uses:"
entry in the workflow (notably the entries referenced in the review around the
lines for actions/checkout and other external actions such as
actions/setup-node) and update each tag to the full commit SHA from the action’s
repository to ensure reproducible, pinned dependencies.