fix(ci): changelog workflow — PR-based delivery + Node 24 checkout#67
Conversation
GitHub flagged the pinned actions/checkout (v4) as a Node.js 20 action; Node 20 is forced to 24 on 2026-06-02 and removed 2026-09-16. Bump to v6.0.2, which runs on Node 24, still SHA-pinned for supply-chain safety. orhun/git-cliff-action is a composite/bash action (no Node runtime), so it is unaffected and stays at v4.8.0.
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Bumps the SHA-pinned actions/checkout reference in the Changelog workflow from v4 (Node 20) to v6.0.2 (Node 24) to silence the upcoming Node 20 deprecation warning.
Changes:
- Update
actions/checkoutSHA pin tode0fac2e4500dabe0009e67214ff5f5447ce83dd(v6.0.2).
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #67 +/- ##
=========================================
Coverage 18.13% 18.14%
Complexity 7854 7854
=========================================
Files 666 666
Lines 43208 43208
=========================================
+ Hits 7837 7838 +1
+ Misses 35371 35370 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
The first workflow_dispatch run succeeded but committed nothing: the guard used `git diff --quiet -- CHANGELOG.md`, which ignores untracked files. On the first run CHANGELOG.md is brand-new, so the diff was empty and the step reported "nothing to commit". Stage first, then check `git diff --cached --quiet` against HEAD, which detects both new and modified files. (Unrelated to the Node 20 deprecation warning.)
mambax7
changed the title
|
mambax7
changed the title
Summary
Makes the Changelog workflow (added in #66) actually work end-to-end. Three changes to
.github/workflows/changelog.yml:CHANGELOG.mdfine butgit push origin HEAD:masterwas rejected by the repository ruleset — "Changes must be made through a pull request."masteris protected; a CI bot can't push to it. The workflow now usespeter-evans/create-pull-requestto push a fixedautomation/update-changelogbranch and open/update a PR (no-ops when nothing changed). Addedpull-requests: write. No privileged bypass on the protected branch — same PR-only governance as the rest of the repo.actions/checkoutbumped v4 → v6.0.2 (Node 20 is deprecated; forced→24 on 2026-06-02).actions/checkout,orhun/git-cliff-action@v4.8.0(composite/bash, Node-unaffected),peter-evans/create-pull-request@v8.1.1.Earlier intermediate commits on this branch (the
git diff --cacheddetection tweak) are superseded by the create-pull-request action, which handles change detection itself; the net diff is the final state above. Squash-merge.Prerequisite (repo setting)
peter-evans/create-pull-requestneeds Settings → Actions → General → "Allow GitHub Actions to create and approve pull requests" enabled, or the PR-open step will fail with a permissions error. (Confirmed acceptable when choosing this approach.)Test plan
automation/update-changelogis opened withCHANGELOG.md