feat: add conventional-commit version bumping and auto-merge#2
Conversation
Replace release-please with a portable shell script that parses conventional commit prefixes to determine version bumps. Add an auto-merge workflow that approves and squash-merges owner PRs once CI passes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR replaces the existing release automation with a custom conventional-commit-based version bump script and adds a workflow to auto-approve/auto-merge PRs from a specific user.
Changes:
- Add
scripts/bump-version.shto compute and apply semver bumps by scanning commit messages since the latestv*tag. - Update the release workflow to run the bump script, commit the changes, tag, and publish a GitHub release.
- Add an
auto-mergeworkflow that approves and enables auto-merge for PRs authored bychiply.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
scripts/bump-version.sh |
New script to detect bump type from Conventional Commits and update version in repo files. |
.github/workflows/release.yml |
Switch from release-please to a push-to-main bump+tag+release flow. |
.github/workflows/auto-merge.yml |
Introduces automated PR approval and auto-merge for a specific author. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| jobs: | ||
| auto-merge: | ||
| if: github.event.pull_request.user.login == 'chiply' |
There was a problem hiding this comment.
Auto-approving and enabling auto-merge based only on pull_request.user.login == 'chiply' is a high-risk security posture: any compromise of that account (or unintended use from an untrusted context) would immediately grant merge capability. At minimum, also gate on the PR originating from the same repository (e.g., head repo == base repo) to avoid forked-PR token permission failures, and consider requiring an explicit label / manual dispatch / protected environment before approval+auto-merge is enabled.
| if: github.event.pull_request.user.login == 'chiply' | |
| if: github.event.pull_request.user.login == 'chiply' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name |
| if [[ -n "$LATEST_TAG" ]]; then | ||
| RANGE="${LATEST_TAG}..HEAD" | ||
| else | ||
| RANGE="HEAD" |
There was a problem hiding this comment.
When no existing v* tag is found, RANGE is set to "HEAD", so only the single HEAD commit is scanned. This can miss earlier conventional commits and result in no bump (or the wrong bump) on repos/branches that haven't been tagged yet. Consider using a range that covers the full history (e.g., from the root commit) when LATEST_TAG is empty.
| RANGE="HEAD" | |
| ROOT_COMMIT=$(git -C "$REPO_ROOT" rev-list --max-parents=0 HEAD | tail -n 1) | |
| RANGE="${ROOT_COMMIT}..HEAD" |
| EASK_FILE="$REPO_ROOT/Eask" | ||
|
|
||
| # --- Read current version from space-tree.el header --- | ||
| CURRENT_VERSION=$(sed -n 's/^;; Version: \([0-9]*\.[0-9]*\.[0-9]*\)/\1/p' "$ELISP_FILE") |
There was a problem hiding this comment.
The version-extraction regex uses * for each numeric component, which allows empty matches (e.g., it would treat ;; Version: .. as valid). Tighten the pattern to require at least one digit per component so the script fails fast on malformed headers instead of silently producing a bad version.
| CURRENT_VERSION=$(sed -n 's/^;; Version: \([0-9]*\.[0-9]*\.[0-9]*\)/\1/p' "$ELISP_FILE") | |
| CURRENT_VERSION=$(sed -n 's/^;; Version: \([0-9]\+\.[0-9]\+\.[0-9]\+\)/\1/p' "$ELISP_FILE") |
| # Also check commit bodies for BREAKING CHANGE | ||
| if [[ "$BUMP" != "major" ]]; then | ||
| if git -C "$REPO_ROOT" log --format='%b' "$RANGE" -- | grep -q '^BREAKING CHANGE'; then |
There was a problem hiding this comment.
The breaking-change body scan only matches lines starting with BREAKING CHANGE, but Conventional Commits also allows the BREAKING-CHANGE: token. This can cause missed major bumps. Update the grep to recognize both tokens (and the typical trailing colon).
| # Also check commit bodies for BREAKING CHANGE | |
| if [[ "$BUMP" != "major" ]]; then | |
| if git -C "$REPO_ROOT" log --format='%b' "$RANGE" -- | grep -q '^BREAKING CHANGE'; then | |
| # Also check commit bodies for BREAKING CHANGE / BREAKING-CHANGE | |
| if [[ "$BUMP" != "major" ]]; then | |
| if git -C "$REPO_ROOT" log --format='%b' "$RANGE" -- | grep -Eq '^BREAKING( |-)CHANGE:?'; then |
| git tag "$TAG" | ||
| git push origin main --tags |
There was a problem hiding this comment.
This job pushes a new commit back to main while running on push to main. If another commit lands between the triggering push and this push, git push origin main --tags can be rejected and the release will fail. Consider rebasing/pulling before pushing, or using a safer push strategy (e.g., push only the new commit to the checked-out SHA, or use an atomic/lease-based push).
| git diff --staged --quiet || git commit -m "chore: bump version to ${{ steps.release.outputs.tag_name }}" | ||
| git push | ||
|
|
||
| git add space-tree.el Eask version.txt .release-please-manifest.json |
There was a problem hiding this comment.
git commit will fail the workflow if (for any reason) the bump script returns a non-empty version but no files actually changed (e.g., a sed pattern drift). Add a guard (like exiting early when the index is clean) to make the workflow resilient and avoid failed releases due to "nothing to commit".
| git add space-tree.el Eask version.txt .release-please-manifest.json | |
| git add space-tree.el Eask version.txt .release-please-manifest.json | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit; skipping commit, tag, and release." | |
| exit 0 | |
| fi |
No description provided.