fix: enforce existing Git tag guard in electron release workflow#188
Merged
fix: enforce existing Git tag guard in electron release workflow#188
Conversation
Add a manual-dispatch workflow that builds MLack Desktop binaries for macOS (.dmg), Windows (.nsis), and Linux (.AppImage) in parallel, then creates a GitHub Release with all artifacts attached. Includes version validation, duplicate release check, branch guard (main only), scoped permissions, and concurrency protection.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a manual GitHub Actions workflow to build and publish Electron desktop releases across macOS/Windows/Linux, producing a GitHub Release with attached artifacts.
Changes:
- Introduces
.github/workflows/electron-release.ymlwithworkflow_dispatch+ version input. - Adds
validate→ matrixbuild→releasejob pipeline, including artifact upload/download. - Automates GitHub Release creation under tag
electron-v{version}with generated notes.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/electron-release.yml |
New workflow to validate a version, build Electron installers per-OS, and create a GitHub Release with artifacts. |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 3
Comment on lines
+33
to
+41
| - name: Check tag does not already exist | ||
| env: | ||
| GH_TOKEN: ${{ github.token }} | ||
| VERSION: ${{ inputs.version }} | ||
| run: | | ||
| if gh release view "electron-v${VERSION}" --repo "$GITHUB_REPOSITORY" > /dev/null 2>&1; then | ||
| echo "Release electron-v${VERSION} already exists" | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
The "Check tag does not already exist" step is checking for an existing release via gh release view, but it does not actually verify whether the Git tag electron-v${VERSION} already exists (a tag can exist without a release). This conflicts with the PR description and can allow reusing an existing tag unintentionally; consider checking tag existence explicitly (e.g., git ls-remote --tags or gh api /repos/{owner}/{repo}/git/ref/tags/...) in addition to or instead of the release check.
Contributor
There was a problem hiding this comment.
Implemented in 9e9882d. The validate job now checks tag existence explicitly with git ls-remote --tags ... refs/tags/electron-v${VERSION} before release creation, and still blocks if a release with that tag already exists.
Comment on lines
+72
to
+86
| - name: Update electron package version | ||
| shell: bash | ||
| env: | ||
| VERSION: ${{ inputs.version }} | ||
| run: cd electron && npm version --no-git-tag-version "$VERSION" | ||
|
|
||
| - name: Enable corepack | ||
| run: corepack enable | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v5 | ||
| with: | ||
| node-version-file: ".node-version" | ||
| cache: "pnpm" | ||
| cache-dependency-path: "pnpm-lock.yaml" |
There was a problem hiding this comment.
npm version is run before actions/setup-node pins the Node.js version from .node-version. This means the workflow may use whatever Node/npm happens to be preinstalled on the runner for that step, which can change over time and reduce reproducibility. Move the version-update step after setup-node (and ideally after corepack enable), or use pnpm -C electron pkg set version=... after Node is set up.
Owner
Author
There was a problem hiding this comment.
@copilot apply changes based on this feedback
Let's move the version-update step after setup-node.
Comment on lines
+27
to
+31
| run: | | ||
| [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+([.-][0-9A-Za-z.-]+)?$ ]] || { | ||
| echo "Invalid version: $VERSION" | ||
| exit 1 | ||
| } |
There was a problem hiding this comment.
The version regex currently accepts values like 1.0.0.alpha (dot-separated prerelease), but npm version (used later) expects SemVer and will reject some strings that this regex allows. This can cause the workflow to pass validation but fail during the build step; consider tightening the regex to align with SemVer (and with what npm version accepts), or validate by invoking the same SemVer parser used by npm.
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/9f1592bd-764d-4005-8c02-81a5c88659a2 Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/9f1592bd-764d-4005-8c02-81a5c88659a2 Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Copilot
AI
changed the title
feat: add GitHub Actions workflow for Electron desktop releases
fix: enforce existing Git tag guard in electron release workflow
Apr 8, 2026
mahata
added a commit
that referenced
this pull request
Apr 8, 2026
…194) * feat: add deployment tagging, GitHub Releases, and PR template Add a post-deploy step to deploy.yml that creates a git tag (deploy-YYYY-MM-DD-SHA) and a GitHub Release with auto-generated notes after each successful production deployment. This provides a clear history of which commits were deployed and when. Add a default PR template with a pre-deploy checklist covering CI status, migration review, secrets, and Durable Objects state. * Update .github/workflows/deploy.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: scope contents:write permission to deploy job only Agent-Logs-Url: https://github.com/mahata/mlack/sessions/b28d6893-dc36-48da-a24d-589cb4ad8e05 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * deps-dev(deps-dev): bump @cloudflare/workers-types (#164) Bumps [@cloudflare/workers-types](https://github.com/cloudflare/workerd) from 4.20260317.1 to 4.20260329.1. - [Release notes](https://github.com/cloudflare/workerd/releases) - [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md) - [Commits](https://github.com/cloudflare/workerd/commits) --- updated-dependencies: - dependency-name: "@cloudflare/workers-types" dependency-version: 4.20260329.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: add conventional-commit skill for Copilot Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * deps(deps): bump hono in the production-dependencies group (#168) Bumps the production-dependencies group with 1 update: [hono](https://github.com/honojs/hono). Updates `hono` from 4.12.9 to 4.12.11 - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.9...v4.12.11) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps(deps): bump the development-dependencies group with 11 updates (#169) Bumps the development-dependencies group with 11 updates: | Package | From | To | | --- | --- | --- | | [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@playwright/test](https://github.com/microsoft/playwright) | `1.58.2` | `1.59.1` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.12.0` | `24.12.2` | | [@biomejs/cli-darwin-arm64](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-darwin-x64](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-linux-arm64-musl](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-linux-arm64](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-linux-x64-musl](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-linux-x64](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-win32-arm64](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | | [@biomejs/cli-win32-x64](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.9` | `2.4.10` | Updates `@biomejs/biome` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@playwright/test` from 1.58.2 to 1.59.1 - [Release notes](https://github.com/microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.58.2...v1.59.1) Updates `@types/node` from 24.12.0 to 24.12.2 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@biomejs/cli-darwin-arm64` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-darwin-x64` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-linux-arm64-musl` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-linux-arm64` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-linux-x64-musl` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-linux-x64` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-win32-arm64` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) Updates `@biomejs/cli-win32-x64` from 2.4.9 to 2.4.10 - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.10/packages/@biomejs/biome) --- updated-dependencies: - dependency-name: "@biomejs/biome" dependency-version: 2.4.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@playwright/test" dependency-version: 1.59.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: "@types/node" dependency-version: 24.12.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-darwin-arm64" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-darwin-x64" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-linux-arm64-musl" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-linux-arm64" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-linux-x64-musl" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-linux-x64" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-win32-arm64" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: "@biomejs/cli-win32-x64" dependency-version: 2.4.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps(deps): bump tinyglobby from 0.2.14 to 0.2.15 (#170) Bumps [tinyglobby](https://github.com/SuperchupuDev/tinyglobby) from 0.2.14 to 0.2.15. - [Release notes](https://github.com/SuperchupuDev/tinyglobby/releases) - [Changelog](https://github.com/SuperchupuDev/tinyglobby/blob/main/CHANGELOG.md) - [Commits](SuperchupuDev/tinyglobby@0.2.14...0.2.15) --- updated-dependencies: - dependency-name: tinyglobby dependency-version: 0.2.15 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps(deps): bump @emnapi/runtime from 1.9.1 to 1.9.2 (#172) Bumps [@emnapi/runtime](https://github.com/toyobayashi/emnapi) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/toyobayashi/emnapi/releases) - [Commits](toyobayashi/emnapi@v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: "@emnapi/runtime" dependency-version: 1.9.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps(deps): bump vite from 7.0.5 to 7.3.1 (#171) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.5 to 7.3.1. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.1/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.1 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps(deps): bump tinyspy from 4.0.3 to 4.0.4 (#173) Bumps [tinyspy](https://github.com/tinylibs/tinyspy) from 4.0.3 to 4.0.4. - [Release notes](https://github.com/tinylibs/tinyspy/releases) - [Commits](tinylibs/tinyspy@v4.0.3...v4.0.4) --- updated-dependencies: - dependency-name: tinyspy dependency-version: 4.0.4 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * deps-dev(deps-dev): bump @cloudflare/workers-types (#174) Bumps [@cloudflare/workers-types](https://github.com/cloudflare/workerd) from 4.20260329.1 to 4.20260405.1. - [Release notes](https://github.com/cloudflare/workerd/releases) - [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md) - [Commits](https://github.com/cloudflare/workerd/commits) --- updated-dependencies: - dependency-name: "@cloudflare/workers-types" dependency-version: 4.20260405.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps-dev(deps-dev): bump wrangler from 4.77.0 to 4.79.0 (#178) Bumps [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) from 4.77.0 to 4.79.0. - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.79.0/packages/wrangler) --- updated-dependencies: - dependency-name: wrangler dependency-version: 4.79.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps(deps): bump drizzle-orm from 0.45.1 to 0.45.2 (#165) Bumps [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) from 0.45.1 to 0.45.2. - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2) --- updated-dependencies: - dependency-name: drizzle-orm dependency-version: 0.45.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: resolve duplicate @types/node@24.12.2 in pnpm-lock.yaml (#175) * deps(deps): bump expect-type from 1.2.2 to 1.3.0 Bumps [expect-type](https://github.com/mmkal/expect-type) from 1.2.2 to 1.3.0. - [Release notes](https://github.com/mmkal/expect-type/releases) - [Commits](mmkal/expect-type@v1.2.2...v1.3.0) --- updated-dependencies: - dependency-name: expect-type dependency-version: 1.3.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix: resolve duplicate @types/node@24.12.2 in pnpm-lock.yaml by updating @types/node to ^24.12.2 Agent-Logs-Url: https://github.com/mahata/mlack/sessions/75387082-98f8-4f32-a101-e17460603972 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * chore: merge main into branch, resolve @playwright/test version conflict Agent-Logs-Url: https://github.com/mahata/mlack/sessions/93366234-814a-46ee-b2fd-3d5296eeaa11 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * feat: add mlack.uk custom domain route to production * fix: resolve duplicate @types/node@24.12.2 in pnpm-lock.yaml (#176) * deps(deps): bump postcss from 8.5.6 to 8.5.8 Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.8. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.8) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.8 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix: resolve duplicate @types/node@24.12.2 in pnpm-lock.yaml after merging main Agent-Logs-Url: https://github.com/mahata/mlack/sessions/ee849a11-8ea0-46b7-8001-8e30404fc116 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * deps(deps): bump vite from 7.0.5 to 7.3.2 (#183) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.5 to 7.3.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add Electron desktop client (#184) * feat: add Electron desktop client with notifications and system tray Add an Electron wrapper that loads the existing mlack web app in a native desktop window. Includes: - System tray icon with show/quit context menu - Native OS notifications for new messages when window is unfocused - WebSocket message interception via injected script - Persistent cookie sessions across app restarts - electron-builder config for macOS, Windows, and Linux packaging - Workspace integration with root-level electron:dev/build/package scripts * Update electron/src/notifications.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update electron/src/tray.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update electron/src/preload.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: disable electron-builder publish to prevent channel crash (#186) * deps-dev(deps-dev): bump electron from 35.7.5 to 39.8.5 (#185) Bumps [electron](https://github.com/electron/electron) from 35.7.5 to 39.8.5. - [Release notes](https://github.com/electron/electron/releases) - [Commits](electron/electron@v35.7.5...v39.8.5) --- updated-dependencies: - dependency-name: electron dependency-version: 39.8.5 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: clarify Copilot CLI review command path usage (#187) * chore: replace security-auditor agent with Copilot CLI reviews Remove the dedicated security-auditor OpenCode agent and add a Copilot CLI review step to AGENTS.md instead. This gives multi-model review coverage (Opus 4.6 writes, GPT-5.4 reviews) and runs per-task rather than per-file to keep the workflow efficient. * docs: clarify copilot CLI file path placeholder Agent-Logs-Url: https://github.com/mahata/mlack/sessions/8cef0ef9-23e7-4daf-9bc5-6af13accf40c Co-authored-by: mahata <23497+mahata@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * deps(deps): bump hono from 4.12.11 to 4.12.12 (#189) Bumps [hono](https://github.com/honojs/hono) from 4.12.11 to 4.12.12. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v4.12.11...v4.12.12) --- updated-dependencies: - dependency-name: hono dependency-version: 4.12.12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: enforce existing Git tag guard in electron release workflow (#188) * feat: add GitHub Actions workflow for Electron desktop releases Add a manual-dispatch workflow that builds MLack Desktop binaries for macOS (.dmg), Windows (.nsis), and Linux (.AppImage) in parallel, then creates a GitHub Release with all artifacts attached. Includes version validation, duplicate release check, branch guard (main only), scoped permissions, and concurrency protection. * fix: validate existing git tags in electron release workflow Agent-Logs-Url: https://github.com/mahata/mlack/sessions/9f1592bd-764d-4005-8c02-81a5c88659a2 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * fix: check existing release tags with git ls-remote Agent-Logs-Url: https://github.com/mahata/mlack/sessions/9f1592bd-764d-4005-8c02-81a5c88659a2 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * fix: resolve Electron release build failures (#190) * fix: resolve Electron release build failures - Replace 16x16 placeholder icon with 512x512 PNG and generate .icns (macOS) and .ico (Windows) files to meet electron-builder requirements - Move version update step after dependency install so npm is available from the project's Node.js version rather than the runner default * Update .github/workflows/electron-release.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: write explicit newline when updating Electron package version in release workflow (#191) * fix: avoid lifecycle scripts when updating electron package version Replace pnpm version with a direct JSON file write to prevent Electron from launching during the version update step, which fails on Linux CI due to SUID sandbox configuration. * fix: use explicit newline char when writing electron package version Agent-Logs-Url: https://github.com/mahata/mlack/sessions/b04db865-e846-4b04-8b58-959693015c66 Co-authored-by: mahata <23497+mahata@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * docs: align README Node.js prerequisite with Node 24 upgrade (#192) * chore: upgrade Node.js to 24 and remove corepack Node.js 24 no longer bundles corepack, so remove the corepack enable steps from all CI workflows and drop the packageManager field from package.json. Update .node-version and AGENTS.md to reflect Node 24. * fix: install pnpm via pnpm/action-setup in CI workflows Node.js 24 no longer bundles corepack, so pnpm must be installed explicitly. Add pnpm/action-setup@v4 before actions/setup-node in every CI job. * docs: update README Node.js prerequisite to v24 Agent-Logs-Url: https://github.com/mahata/mlack/sessions/21f73092-2de8-4e30-b7eb-4dd8f51484dc Co-authored-by: mahata <23497+mahata@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> * feat: add workspaces with isolated channels, members, and invite system (#193) * feat: add workspaces with isolated channels, members, and invite system Introduce workspace support with path-based routing (/w/:slug/...), per-workspace admin roles, invite links with 1-hour expiration, and one Durable Object per workspace for WebSocket connections. Existing data auto-migrates into a seeded 'default' workspace. Migration uses PRAGMA defer_foreign_keys to handle the channels table rebuild safely on D1. * fix: address PR review feedback — type safety, SQL efficiency, and invite security - Make workspace/workspaceMember optional in Variables type to match runtime - First user auto-joining default workspace now becomes admin (bootstrap fix) - Remove unreachable auth check in /w/:slug (middleware already handles it) - Replace select-all-then-filter with SQL inner join for workspace queries - Use subquery in seed.sql instead of hardcoded workspace_id=1 - Convert invite acceptance from mutating GET to GET confirmation + POST --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mahata <23497+mahata@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The Electron release workflow validated only GitHub Release existence, not raw Git tag existence. This could allow dispatching a version whose
electron-v{version}tag already exists without a release object.Validation hardening
Tag existence check implementation
git ls-remote --tagsagainstrefs/tags/electron-v${VERSION}.gh release viewas a separate guard.