Implement release-please for automated releases#5
Conversation
- Configured release-please with manifest-based setup. - Added GitHub Actions for release-please and Dependabot automation. - Grouped Dependabot dependencies and added auto-renaming for production deps. - Updated README with automated release instructions. - Configured docs, chore, ci, and test commits to not trigger releases. Co-authored-by: justlevine <29322304+justlevine@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
There was a problem hiding this comment.
Pull request overview
This PR implements an automated release management system using release-please, a tool by Google that automates versioning, changelog generation, and GitHub releases based on Conventional Commits. The implementation integrates with Dependabot to automatically categorize dependency updates and ensure they trigger appropriate version bumps.
Changes:
- Adds release-please automation with PHP-specific configuration for semantic versioning
- Implements Dependabot automation to rename production dependency PRs from
chore(deps):tofix(deps):for proper version bumping - Restructures Dependabot configuration to group production and development dependencies separately
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| release-please-config.json | Configures release-please with PHP release type, changelog sections, and pre-1.0 versioning behavior |
| .release-please-manifest.json | Tracks the current version (0.1.0) for release-please state management |
| .github/workflows/release-please.yml | GitHub Actions workflow that runs release-please on pushes to main branch |
| .github/workflows/dependabot-automation.yml | Automatically renames Dependabot PRs for production dependencies to trigger version bumps |
| .github/dependabot.yml | Separates dependency groups and configures conventional commit prefixes |
| README.md | Documents the automated release process and conventional commit usage |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,3 @@ | |||
| { | |||
| ".": "0.1.0" | |||
There was a problem hiding this comment.
The JSON file uses 2-space indentation, but according to .editorconfig, the default indent_style is tabs. Consider adding a JSON-specific rule to .editorconfig (e.g., [*.json] with indent_style = space and indent_size = 2) to match this formatting, or reformat this file to use tabs to match the default editorconfig settings.
| ".": "0.1.0" | |
| ".": "0.1.0" |
| release-please: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: googleapis/release-please-action@v4 |
There was a problem hiding this comment.
The action version should be pinned to a specific SHA with a version comment for security and reproducibility, following the convention established in test.yml. For example, use the SHA for v4 with a comment like # v4.1.0 instead of using the tag directly.
| - uses: googleapis/release-please-action@v4 | |
| - uses: googleapis/release-please-action@<COMMIT_SHA> # v4.1.0 |
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Check and rename PR | ||
| uses: actions/github-script@v7 |
There was a problem hiding this comment.
The action versions should be pinned to specific SHAs with version comments for security and reproducibility, following the convention established in test.yml. For example, use the SHA for v4 with a comment like # v4.1.0 instead of using the tag directly.
| uses: actions/checkout@v4 | |
| - name: Check and rename PR | |
| uses: actions/github-script@v7 | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Check and rename PR | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 |
| const composer = JSON.parse(fs.readFileSync('composer.json', 'utf8')); | ||
| const prodDeps = Object.keys(composer.require || {}); |
There was a problem hiding this comment.
The JavaScript code in the script block appears to be missing proper error handling. If the composer.json file doesn't exist or cannot be parsed, the workflow will fail. Consider wrapping the file reading and JSON parsing in a try-catch block to handle errors gracefully.
| const composer = JSON.parse(fs.readFileSync('composer.json', 'utf8')); | |
| const prodDeps = Object.keys(composer.require || {}); | |
| let prodDeps = []; | |
| try { | |
| const composerContent = fs.readFileSync('composer.json', 'utf8'); | |
| const composer = JSON.parse(composerContent); | |
| prodDeps = Object.keys(composer.require || {}); | |
| } catch (error) { | |
| console.warn('Unable to read or parse composer.json; skipping production dependency detection.', error); | |
| } |
| "type": "deps", | ||
| "section": "Dependencies" | ||
| }, | ||
| { |
There was a problem hiding this comment.
The changelog section configuration defines a type "deps", but based on the dependabot automation workflow, dependency updates use "fix(deps):" where "fix" is the type and "deps" is the scope. This "deps" type section will not capture dependency updates. Consider removing this section or clarifying how it's intended to be used, as release-please typically groups commits by type, not scope.
| "type": "deps", | |
| "section": "Dependencies" | |
| }, | |
| { |
| @@ -0,0 +1,3 @@ | |||
| { | |||
| ".": "0.1.0" | |||
There was a problem hiding this comment.
The manifest specifies version "0.1.0", but according to CHANGELOG.md, version 0.1.0 was already released on 2026-02-26. For release-please to work correctly, the manifest should reflect the current released version. Consider whether this should be "0.1.0" (if that release hasn't actually been tagged yet) or if it should be updated to match the actual current state of releases.
| ".": "0.1.0" | |
| ".": "0.1.1" |
| "packages": { | ||
| ".": { | ||
| "release-type": "php", | ||
| "changelog-path": "CHANGELOG.md", | ||
| "bump-minor-pre-major": true, | ||
| "bump-patch-for-minor-pre-major": false, | ||
| "include-v-in-tag": true, | ||
| "changelog-sections": [ | ||
| { | ||
| "type": "feat", | ||
| "section": "Features" | ||
| }, | ||
| { | ||
| "type": "fix", | ||
| "section": "Bug Fixes" | ||
| }, | ||
| { | ||
| "type": "deps", | ||
| "section": "Dependencies" | ||
| }, | ||
| { | ||
| "type": "perf", | ||
| "section": "Performance Improvements" | ||
| }, | ||
| { | ||
| "type": "docs", | ||
| "section": "Documentation", | ||
| "hidden": true | ||
| }, | ||
| { | ||
| "type": "chore", | ||
| "section": "Miscellaneous", | ||
| "hidden": true | ||
| }, | ||
| { | ||
| "type": "refactor", | ||
| "section": "Code Refactoring", | ||
| "hidden": true | ||
| }, | ||
| { | ||
| "type": "style", | ||
| "section": "Styles", | ||
| "hidden": true | ||
| }, | ||
| { | ||
| "type": "test", | ||
| "section": "Tests", | ||
| "hidden": true | ||
| }, | ||
| { | ||
| "type": "ci", | ||
| "section": "Continuous Integration", | ||
| "hidden": true | ||
| } | ||
| ] | ||
| } | ||
| } |
There was a problem hiding this comment.
The JSON file uses 2-space indentation, but according to .editorconfig, the default indent_style is tabs. Consider adding a JSON-specific rule to .editorconfig (e.g., [*.json] with indent_style = space and indent_size = 2) to match this formatting, or reformat this file to use tabs to match the default editorconfig settings.
| "packages": { | |
| ".": { | |
| "release-type": "php", | |
| "changelog-path": "CHANGELOG.md", | |
| "bump-minor-pre-major": true, | |
| "bump-patch-for-minor-pre-major": false, | |
| "include-v-in-tag": true, | |
| "changelog-sections": [ | |
| { | |
| "type": "feat", | |
| "section": "Features" | |
| }, | |
| { | |
| "type": "fix", | |
| "section": "Bug Fixes" | |
| }, | |
| { | |
| "type": "deps", | |
| "section": "Dependencies" | |
| }, | |
| { | |
| "type": "perf", | |
| "section": "Performance Improvements" | |
| }, | |
| { | |
| "type": "docs", | |
| "section": "Documentation", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "chore", | |
| "section": "Miscellaneous", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "refactor", | |
| "section": "Code Refactoring", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "style", | |
| "section": "Styles", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "test", | |
| "section": "Tests", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "ci", | |
| "section": "Continuous Integration", | |
| "hidden": true | |
| } | |
| ] | |
| } | |
| } | |
| "packages": { | |
| ".": { | |
| "release-type": "php", | |
| "changelog-path": "CHANGELOG.md", | |
| "bump-minor-pre-major": true, | |
| "bump-patch-for-minor-pre-major": false, | |
| "include-v-in-tag": true, | |
| "changelog-sections": [ | |
| { | |
| "type": "feat", | |
| "section": "Features" | |
| }, | |
| { | |
| "type": "fix", | |
| "section": "Bug Fixes" | |
| }, | |
| { | |
| "type": "deps", | |
| "section": "Dependencies" | |
| }, | |
| { | |
| "type": "perf", | |
| "section": "Performance Improvements" | |
| }, | |
| { | |
| "type": "docs", | |
| "section": "Documentation", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "chore", | |
| "section": "Miscellaneous", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "refactor", | |
| "section": "Code Refactoring", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "style", | |
| "section": "Styles", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "test", | |
| "section": "Tests", | |
| "hidden": true | |
| }, | |
| { | |
| "type": "ci", | |
| "section": "Continuous Integration", | |
| "hidden": true | |
| } | |
| ] | |
| } | |
| } |
- Configured release-please with manifest-based setup for PHP. - Added GitHub Actions workflow for release-please. - Updated Dependabot to use fix(deps) for production dependency updates. - Updated README with automated release instructions and tips. Co-authored-by: justlevine <29322304+justlevine@users.noreply.github.com>
justlevine
deleted the
feat/release-please-setup-12957435177289438309
branch
This PR implements
release-pleaseto automate the release process of the repository.Key features:
CHANGELOG.md.chore(deps):by default to avoid accidental version bumps for dev-dependencies.dependabot-automation.yml) that automatically renames Dependabot PRs for production dependencies tofix(deps):, ensuring they trigger a version bump when merged.docs,chore,ci, andtestcommits are hidden from the changelog and do not trigger version bumps, as requested.Configuration files added:
release-please-config.json.release-please-manifest.json.github/workflows/release-please.yml.github/workflows/dependabot-automation.ymlUpdated files:
.github/dependabot.ymlREADME.mdPR created automatically by Jules for task 12957435177289438309 started by @justlevine