chore(release): prepare 0.25.0#14
Conversation
📝 WalkthroughWalkthroughThis PR bumps the project version from 0.24.0 to 0.25.0 across release notes, installer documentation, build workflows, and package metadata. The release notes for 0.25.0 are added and documented in changelogs and release-note pages. ChangesRelease 0.25.0 Version Bump
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Suggested labels
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@CHANGELOG.md`:
- Around line 16-18: Replace the placeholder header "## Unreleased" with the
concrete release header format and ensure there is only one header for this
release; specifically, change the current "## Unreleased" entry to the release
header for this cut (e.g., replace "## Unreleased" with "## 0.25.0 -
2026-05-29") so the CHANGELOG follows the required "[X.Y] - YYYY-MM-DD" naming
and does not duplicate the "## 0.25.0 (2026-05-29)" section.
In `@docs/en/release-notes/changelog.md`:
- Around line 20-31: The changelog section under the header "## 0.25.0
(2026-05-29)" was manually edited despite the embedded notice "Do not manually
edit this generated changelog page." — revert any manual edits to that generated
block and instead update the root CHANGELOG.md, then re-run the repo's changelog
sync script to regenerate the docs; remove the manual changes from this PR so
the file is produced by the sync step (verify the sync script ran successfully
and the regenerated content matches expectations).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 911f6f0d-0161-42e8-9aad-4a57bcb593a4
⛔ Files ignored due to path filters (1)
uv.lockis excluded by!**/*.lock
📒 Files selected for processing (17)
.github/workflows/homebrew-tap.yml.github/workflows/linux-installer.yml.github/workflows/windows-installer.ymlCHANGELOG.mdREADME.mddocs/en/guides/getting-started.mddocs/en/release-notes/breaking-changes.mddocs/en/release-notes/changelog.mddocs/public/install.ps1docs/public/install.shpackages/homebrew-tap/generate-formula.pypackages/linux-installer/README.mdpyproject.tomlscripts/install-native.shscripts/install.ps1web/public/install.ps1web/public/install.sh
Prepare pythinker-code 0.25.0 release.
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
.github/workflows/homebrew-tap.yml (1)
28-28: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winPin third-party actions to full commit SHAs.
The workflow uses
actions/checkout@v4andactions/setup-python@v5without pinning to full commit SHAs. This is a pre-existing issue not introduced by this PR, but should be addressed to prevent supply-chain attacks.Example:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2As per coding guidelines: "Flag third-party actions that are not pinned to a full commit SHA."
Also applies to: 48-48
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/homebrew-tap.yml at line 28, Replace unpinned third-party action tags with immutable commit SHAs: locate uses of actions/checkout@v4 and actions/setup-python@v5 in the workflow and change them to the corresponding full commit SHAs (for example actions/checkout@<full-commit-sha> and actions/setup-python@<full-commit-sha>), ensuring both occurrences (the checkout and the setup-python entries) are updated so the workflow pins to specific commits rather than version tags..github/workflows/windows-installer.yml (1)
26-26: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winPin third-party actions to full commit SHAs.
The workflow uses several third-party actions without commit SHA pins:
actions/checkout@v4actions/setup-python@v5actions/upload-artifact@v4softprops/action-gh-release@v2This is a pre-existing issue not introduced by this PR, but should be addressed to prevent supply-chain attacks.
As per coding guidelines: "Flag third-party actions that are not pinned to a full commit SHA."
Also applies to: 44-44, 83-83, 92-92
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/windows-installer.yml at line 26, The workflow uses unpinned marketplace action versions (actions/checkout@v4, actions/setup-python@v5, actions/upload-artifact@v4, softprops/action-gh-release@v2); replace those tag pins with the corresponding full commit SHAs to mitigate supply-chain risk by finding each action's repo and replacing e.g. actions/checkout@v4 with actions/checkout@<full-commit-sha>, actions/setup-python@<full-commit-sha>, actions/upload-artifact@<full-commit-sha>, and softprops/action-gh-release@<full-commit-sha> (obtain SHAs from the upstream action repo or GitHub Marketplace and update the workflow lines that reference those action names)..github/workflows/linux-installer.yml (1)
36-36: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick winPin third-party actions to full commit SHAs.
The workflow uses several third-party actions without commit SHA pins:
actions/checkout@v4docker/setup-qemu-action@v3actions/setup-python@v5actions/upload-artifact@v4softprops/action-gh-release@v2This is a pre-existing issue not introduced by this PR, but should be addressed to prevent supply-chain attacks.
As per coding guidelines: "Flag third-party actions that are not pinned to a full commit SHA."
Also applies to: 57-57, 63-63, 115-115, 126-126
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/linux-installer.yml at line 36, The workflow uses third-party GitHub Actions pinned by tags (e.g., actions/checkout@v4, docker/setup-qemu-action@v3, actions/setup-python@v5, actions/upload-artifact@v4, softprops/action-gh-release@v2) which must be replaced with their full commit SHAs; update each action reference in .github/workflows/linux-installer.yml to the corresponding full commit SHA (replace the `@vN` tags with @<full-commit-sha> for the listed actions) so that actions/checkout, docker/setup-qemu-action, actions/setup-python, actions/upload-artifact, and softprops/action-gh-release are all pinned to immutable commits.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Outside diff comments:
In @.github/workflows/homebrew-tap.yml:
- Line 28: Replace unpinned third-party action tags with immutable commit SHAs:
locate uses of actions/checkout@v4 and actions/setup-python@v5 in the workflow
and change them to the corresponding full commit SHAs (for example
actions/checkout@<full-commit-sha> and actions/setup-python@<full-commit-sha>),
ensuring both occurrences (the checkout and the setup-python entries) are
updated so the workflow pins to specific commits rather than version tags.
In @.github/workflows/linux-installer.yml:
- Line 36: The workflow uses third-party GitHub Actions pinned by tags (e.g.,
actions/checkout@v4, docker/setup-qemu-action@v3, actions/setup-python@v5,
actions/upload-artifact@v4, softprops/action-gh-release@v2) which must be
replaced with their full commit SHAs; update each action reference in
.github/workflows/linux-installer.yml to the corresponding full commit SHA
(replace the `@vN` tags with @<full-commit-sha> for the listed actions) so that
actions/checkout, docker/setup-qemu-action, actions/setup-python,
actions/upload-artifact, and softprops/action-gh-release are all pinned to
immutable commits.
In @.github/workflows/windows-installer.yml:
- Line 26: The workflow uses unpinned marketplace action versions
(actions/checkout@v4, actions/setup-python@v5, actions/upload-artifact@v4,
softprops/action-gh-release@v2); replace those tag pins with the corresponding
full commit SHAs to mitigate supply-chain risk by finding each action's repo and
replacing e.g. actions/checkout@v4 with actions/checkout@<full-commit-sha>,
actions/setup-python@<full-commit-sha>,
actions/upload-artifact@<full-commit-sha>, and
softprops/action-gh-release@<full-commit-sha> (obtain SHAs from the upstream
action repo or GitHub Marketplace and update the workflow lines that reference
those action names).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 4a521da8-edf8-4080-a08a-be5beb3aa681
⛔ Files ignored due to path filters (1)
uv.lockis excluded by!**/*.lock
📒 Files selected for processing (17)
.github/workflows/homebrew-tap.yml.github/workflows/linux-installer.yml.github/workflows/windows-installer.ymlCHANGELOG.mdREADME.mddocs/en/guides/getting-started.mddocs/en/release-notes/breaking-changes.mddocs/en/release-notes/changelog.mddocs/public/install.ps1docs/public/install.shpackages/homebrew-tap/generate-formula.pypackages/linux-installer/README.mdpyproject.tomlscripts/install-native.shscripts/install.ps1web/public/install.ps1web/public/install.sh
Prepare the pythinker-code 0.25.0 release.
What changed in this release
Release mechanics
Tagging `v0.25.0` after merge triggers `release-pythinker-cli.yml` (PyPI + TestPyPI + GitHub Release).
Summary by CodeRabbit
Chores
Documentation