Conversation
baxyz
force-pushed
the
again-for-alpha-20
branch
from
ef5b605 to
6ee0629
Compare
There was a problem hiding this comment.
Pull request overview
This PR updates GitHub Actions workflows for the “alpha 20” release cycle, primarily focusing on supply-chain hardening and CI/release workflow behavior.
Changes:
- Pin all GitHub Actions to immutable commit SHAs instead of version tags.
- Standardize workflow permissions (including adding
permissions: read-allin several workflows and job-level overrides where needed). - Update the release workflow to upload mutation reports as artifacts and attach them to the GitHub Release, plus add a fallback token flow for website dispatch.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/scorecard.yml | Pins actions to SHAs for scorecard scanning workflow. |
| .github/workflows/release.yml | Pins actions, revises permissions, uploads mutation reports, and tweaks post-publish steps. |
| .github/workflows/pr-validation.yml | Pins actions and refactors permissions for PR validation jobs. |
| .github/workflows/mutation-dashboard.yml | Pins checkout/setup-node actions to SHAs. |
| .github/workflows/job-verification.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/job-typecheck.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/job-tests.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/job-security.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/job-pr-comment.yml | Adds permissions: read-all, pins github-script, minor formatting. |
| .github/workflows/job-lint.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/job-build.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/job-bench.yml | Adds permissions: read-all and pins actions to SHAs. |
| .github/workflows/auto-assign.yml | Pins reusable workflow reference and adds permissions: read-all. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- implement analyzeCommits to suggest semantic version bumps - add property-based and contract tests for analyzeCommits - create examples for commit analysis
- implement isConventionalCommit to validate commit messages - add examples for usage and expected behavior - create property-based and contract tests for validation
There was a problem hiding this comment.
Pull request overview
Introduces a new commit helper category for Conventional Commits parsing/validation/analysis and wires the release version bump logic to reuse that helper, alongside multiple GitHub Actions workflow hardening updates (action pinning + permissions adjustments).
Changes:
- Add
helpers/commit/*utilities: build regex, parse messages, validate subjects, and analyze commits for semver bump suggestions (with unit/property/contract tests and examples). - Refactor
scripts/version/commit-analyzer.tsto delegate commit analysis to the new helper. - Update multiple GitHub Actions workflows: pin actions to SHAs and revise permissions/artifacts/mutation report publishing.
Reviewed changes
Copilot reviewed 33 out of 34 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/version/commit-analyzer.ts | Switches commit analysis logic to use the new helpers/commit implementation. |
| helpers/commit/types.ts | Adds shared types for Conventional Commit parsing and commit analysis. |
| helpers/commit/parseConventionalCommit.ts | Implements Conventional Commit parsing (subject + body/footer splitting). |
| helpers/commit/parseConventionalCommit.test.ts | Unit tests for parsing behavior and edge cases. |
| helpers/commit/parseConventionalCommit.spec.ts | Property-based + contract tests for parsing. |
| helpers/commit/parseConventionalCommit.example.ts | Usage examples for docs/examples pipeline. |
| helpers/commit/isConventionalCommit.ts | Adds subject-line-only Conventional Commit validation helper. |
| helpers/commit/isConventionalCommit.test.ts | Unit tests for validator behavior. |
| helpers/commit/isConventionalCommit.spec.ts | Property-based + contract tests for validator. |
| helpers/commit/isConventionalCommit.example.ts | Usage examples for validator. |
| helpers/commit/config.json | Registers the new commit helper category metadata. |
| helpers/commit/buildConventionalCommitRegex.ts | Builds a configurable Conventional Commit subject regex. |
| helpers/commit/buildConventionalCommitRegex.test.ts | Unit tests for regex builder behavior/capture groups. |
| helpers/commit/buildConventionalCommitRegex.spec.ts | Property-based + contract tests for regex builder. |
| helpers/commit/buildConventionalCommitRegex.example.ts | Usage examples for regex builder. |
| helpers/commit/analyzeCommits.ts | Adds commit list analysis to suggest semver bump (major/minor/patch). |
| helpers/commit/analyzeCommits.test.ts | Unit tests for bump suggestion logic and precedence. |
| helpers/commit/analyzeCommits.spec.ts | Property-based + contract tests for bump suggestion logic. |
| helpers/commit/analyzeCommits.example.ts | Usage examples for commit analysis helper. |
| .vscode/settings.json | Updates Conventional Commits scopes list (adds commit). |
| .github/workflows/scorecard.yml | Pins actions to SHAs and normalizes YAML formatting/quoting. |
| .github/workflows/release.yml | Tightens permissions defaults, uploads mutation reports, and publishes them to releases. |
| .github/workflows/pr-validation.yml | Updates action pinning and refines job-level permissions for PR validation/commenting. |
| .github/workflows/mutation-dashboard.yml | Pins checkout/setup-node actions to SHAs. |
| .github/workflows/job-verification.yml | Adds permissions: read-all and pins download-artifact to a SHA. |
| .github/workflows/job-typecheck.yml | Adds permissions: read-all and pins checkout/setup-node. |
| .github/workflows/job-tests.yml | Adds permissions: read-all and pins checkout/setup-node. |
| .github/workflows/job-security.yml | Adds permissions: read-all and pins checkout/setup-node. |
| .github/workflows/job-pr-comment.yml | Adds permissions: read-all and pins github-script action. |
| .github/workflows/job-lint.yml | Adds permissions: read-all and pins checkout/setup-node. |
| .github/workflows/job-build.yml | Adds permissions: read-all and pins upload-artifact action to a SHA. |
| .github/workflows/job-bench.yml | Adds permissions: read-all and pins download-artifact action to a SHA. |
| .github/workflows/auto-assign.yml | Pins reusable workflow reference and sets workflow-level permissions. |
| .devcontainer/workflow.log | Removes a committed workflow log artifact from the repo. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- set permissions for auto-assign, job-bench, job-build, job-lint, job-pr-comment, job-security, job-tests, job-typecheck, job-verification, and release workflows
There was a problem hiding this comment.
Pull request overview
This PR prepares the repo for an upcoming “alpha 20” by introducing a new commit helper category (Conventional Commits parsing + analysis), refactoring version tooling to reuse that helper logic, renaming the string helper errorToReadableMessage → extractErrorMessage, and updating CI workflows (action pinning + permissions + mutation report handling).
Changes:
- Add
helpers/commit/*utilities for Conventional Commits validation/parsing and semver bump analysis (with tests/specs/examples + category config). - Rename
errorToReadableMessagetoextractErrorMessageand update tests/specs/examples and template docs accordingly. - Update GitHub Actions workflows (pin actions to SHAs, adjust permissions, and upload mutation reports as release assets).
Reviewed changes
Copilot reviewed 38 out of 39 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/version/commit-analyzer.ts | Refactors commit analysis to call the new helpers/commit analyzer. |
| helpers/string/extractErrorMessage.ts | Renames the exported helper to extractErrorMessage and updates recursive call site. |
| helpers/string/extractErrorMessage.test.ts | Updates unit tests to the new helper name. |
| helpers/string/extractErrorMessage.spec.ts | Updates contract/property tests to the new helper name. |
| helpers/string/extractErrorMessage.example.ts | Updates examples metadata and snippets to extractErrorMessage. |
| helpers/commit/types.ts | Adds shared types for Conventional Commit parsing and commit analysis. |
| helpers/commit/buildConventionalCommitRegex.ts | Adds regex builder for Conventional Commit subject matching. |
| helpers/commit/buildConventionalCommitRegex.test.ts | Adds unit tests for the regex builder. |
| helpers/commit/buildConventionalCommitRegex.spec.ts | Adds property-based + contract tests for the regex builder. |
| helpers/commit/buildConventionalCommitRegex.example.ts | Adds examples for the regex builder helper. |
| helpers/commit/isConventionalCommit.ts | Adds a helper to validate Conventional Commit subjects. |
| helpers/commit/isConventionalCommit.test.ts | Adds unit tests for isConventionalCommit. |
| helpers/commit/isConventionalCommit.spec.ts | Adds property-based + contract tests for isConventionalCommit. |
| helpers/commit/isConventionalCommit.example.ts | Adds examples for isConventionalCommit. |
| helpers/commit/parseConventionalCommit.ts | Adds Conventional Commit parsing (subject + body/footer split). |
| helpers/commit/parseConventionalCommit.test.ts | Adds unit tests for commit parsing behavior. |
| helpers/commit/parseConventionalCommit.spec.ts | Adds property-based + contract tests for commit parsing. |
| helpers/commit/parseConventionalCommit.example.ts | Adds examples for parseConventionalCommit. |
| helpers/commit/analyzeCommits.ts | Adds semver bump suggestion logic based on parsed commits. |
| helpers/commit/analyzeCommits.test.ts | Adds unit tests for bump analysis behavior. |
| helpers/commit/analyzeCommits.spec.ts | Adds property-based + contract tests for bump analysis. |
| helpers/commit/analyzeCommits.example.ts | Adds examples for analyzeCommits. |
| helpers/commit/config.json | Registers the new commit helper category metadata. |
| .vscode/settings.json | Adds commit scope and adjusts Conventional Commits scope list. |
| .template/bundle/README.md | Updates template docs to import extractErrorMessage. |
| .github/workflows/scorecard.yml | Pins actions to SHAs and normalizes formatting/quoting. |
| .github/workflows/release.yml | Updates permissions model, pins actions, and publishes mutation artifacts to releases. |
| .github/workflows/pr-validation.yml | Pins actions and revises permissions across jobs. |
| .github/workflows/mutation-dashboard.yml | Pins checkout/setup-node actions to SHAs. |
| .github/workflows/job-verification.yml | Pins download-artifact action to SHA and adds top-level permissions. |
| .github/workflows/job-typecheck.yml | Adds top-level permissions and pins actions to SHAs. |
| .github/workflows/job-tests.yml | Adds top-level permissions and pins actions to SHAs. |
| .github/workflows/job-security.yml | Adds top-level permissions and pins actions to SHAs. |
| .github/workflows/job-pr-comment.yml | Adds top-level permissions, tweaks job permissions, and pins github-script. |
| .github/workflows/job-lint.yml | Adds top-level permissions and pins actions to SHAs. |
| .github/workflows/job-build.yml | Adds top-level permissions, pins upload-artifact action to SHA. |
| .github/workflows/job-bench.yml | Adds top-level permissions and pins actions to SHAs. |
| .github/workflows/auto-assign.yml | Pins reusable workflow reference to SHA and adds explicit permissions. |
| .devcontainer/workflow.log | Removes a committed workflow log artifact. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Please include a summary of what this PR does and why it's needed.
Type of Change
Related Issues
Closes #(issue number)
How Has This Been Tested?
Describe the tests you ran and how to reproduce them:
Checklist
Screenshots (if applicable)
Add screenshots for UI changes.
Additional Context
Add any other context about the PR here.