Skip to content

fix: publish release notes tagged to version.rb instead of release-drafter's own version#32

Merged
abechan1 merged 2 commits into
mainfrom
fix/versioning
Jun 29, 2026
Merged

fix: publish release notes tagged to version.rb instead of release-drafter's own version#32
abechan1 merged 2 commits into
mainfrom
fix/versioning

Conversation

@abechan1

@abechan1 abechan1 commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

changelog.yml now only keeps a draft release updated on every push to main,
while gem-push.yml publishes that draft using the tag derived from
lib/slidict/version.rb so the GitHub release and the published gem always
share the same version.

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

Summary by CodeRabbit

  • 新機能

    • リリースノートの更新処理がよりシンプルになり、ドラフトの生成・更新が安定して行われるようになりました。
    • Ruby gem の公開処理が、リリースノート更新の完了後に実行される形へ変更されました。
  • 改善

    • 公開処理の実行条件が整理され、メインブランチでの成功時のみ動作するようになりました。
    • 公開先ごとの認証が分離され、配信の信頼性が向上しました。

…after's own version

changelog.yml now only keeps a draft release updated on every push to main,
while gem-push.yml publishes that draft using the tag derived from
lib/slidict/version.rb so the GitHub release and the published gem always
share the same version.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

changelog.ymlpermissions を追加して release-drafter ステップを publish: false 固定に簡略化。gem-push.yml のトリガーを push から workflow_run(Changelog 完了時)へ変更し、version.rb 変更有無による条件分岐と release-drafter 公開ステップを追加した。

Changes

CI ワークフロー再編

Layer / File(s) Summary
changelog.yml の簡略化と権限追加
.github/workflows/changelog.yml
permissions ブロック(contents: write, pull-requests: read)を追加し、release-drafter 実行前の checkout・バージョン抽出・差分判定ステップを削除して publish: false 固定のステップのみに変更した。
gem-push.yml のトリガー変更・条件分岐・release-drafter 公開
.github/workflows/gem-push.yml
トリガーを workflow_run(Changelog 完了時)へ変更し、version.rb 変更有無の判定・バージョン抽出・GPR/RubyGems 公開への条件分岐を追加。変更時のみ release-drafter でリリースノートを公開するステップを追加した。

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

  • slidict/slidict-cli#8: lib/slidict/version.rb の変更時のみ gem を公開する条件分岐を扱っており、本 PR の gem-push ロジックと直接関連する。
  • slidict/slidict-cli#11: lib/slidict/version.rb の自動バンプワークフローを追加しており、本 PR のバージョン変更トリガーと密接に連携する。
  • slidict/slidict-cli#15: changelog.yml の release-drafter ロジックを同様に簡略化しており、本 PR の変更と重複する。

Suggested labels

codex

🐇 ふわふわ耳で聞いてみた、
ワークフローが軽くなった!
version.rb が変わった時だけ、
gem がぴょんと世界へ飛び出す。
changelog はドラフトのまま、
リリースは gem-push にお任せ〜 🌿

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed 変更内容は version.rb ベースのリリースノート公開へ切り替える点を正しく要約しています。
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/versioning

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Trigger gem-push.yml via workflow_run on the Changelog workflow instead of
push, so the gem/release publish step always runs after the draft release
notes have been updated, avoiding a race between the two workflows.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@abechan1 abechan1 merged commit 2487717 into main Jun 29, 2026
4 of 5 checks passed
@abechan1 abechan1 deleted the fix/versioning branch June 29, 2026 15:19

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (1)
.github/workflows/gem-push.yml (1)

20-23: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

checkout の認証情報永続化を無効化してください。

この job は gemspec 実行と外部 publish 用 secrets を扱うため、不要な checkout token を .git/config に残さない方が安全です。

修正案
       - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.workflow_run.head_sha }}
           fetch-depth: 0
+          persist-credentials: false
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/gem-push.yml around lines 20 - 23, The checkout step in
the gem-push workflow is persisting credentials unnecessarily; update the
actions/checkout usage in the job to disable credential persistence so no
checkout token is left in .git/config. Keep the existing ref and fetch-depth
behavior, and adjust the checkout configuration in the workflow so the
gemspec/publish job only uses the repository content without storing auth
details.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/changelog.yml:
- Around line 17-21: The Update draft release notes step is still pinned to
release-drafter/release-drafter@v5, which should be upgraded to v6 for Node 16
compatibility. Update the action reference in the changelog workflow to use the
v6 release-drafter version, keeping the existing config-name and publish
settings unchanged.

In @.github/workflows/gem-push.yml:
- Around line 25-32: The version change check in the workflow only inspects
HEAD~1..HEAD, so it can miss lib/slidict/version.rb updates from earlier commits
in the same push. Update the logic in the version_file step to evaluate the full
push range or otherwise determine the bumped version by comparing the relevant
tag/release state, and keep the changed output accurate for gem publish and
release publish.
- Line 20: The workflow step using actions/checkout is pinned to v3 and should
be updated to v4 or newer. In gem-push.yml, change the checkout action version
in the checkout step so the workflow uses the supported release, keeping the
rest of the job logic unchanged.
- Around line 72-81: The Release Drafter action in the “Publish release notes”
step is still pinned to release-drafter/release-drafter@v5; update that action
reference to `@v6` in the workflow so it uses the Node.js 20-based release,
keeping the existing config-name, publish, tag, name, and GITHUB_TOKEN settings
unchanged.

---

Nitpick comments:
In @.github/workflows/gem-push.yml:
- Around line 20-23: The checkout step in the gem-push workflow is persisting
credentials unnecessarily; update the actions/checkout usage in the job to
disable credential persistence so no checkout token is left in .git/config. Keep
the existing ref and fetch-depth behavior, and adjust the checkout configuration
in the workflow so the gemspec/publish job only uses the repository content
without storing auth details.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 293a89e4-88e8-44dd-b008-061ce812bc70

📥 Commits

Reviewing files that changed from the base of the PR and between 38f7675 and d430f9b.

📒 Files selected for processing (2)
  • .github/workflows/changelog.yml
  • .github/workflows/gem-push.yml

Comment on lines +17 to +21
- name: Update draft release notes
uses: release-drafter/release-drafter@v5
with:
config-name: release-drafter.yml
publish: ${{ steps.version_file.outputs.changed == 'true' }}
publish: false

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== workflow file ==\n'
if [ -f .github/workflows/changelog.yml ]; then
  nl -ba .github/workflows/changelog.yml | sed -n '1,120p'
else
  echo "missing .github/workflows/changelog.yml"
fi

printf '\n== release-drafter references ==\n'
rg -n "release-drafter|actionlint|workflow_run" .github . --glob '!**/node_modules/**' || true

Repository: slidict/slidict-cli

Length of output: 218


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== workflow file (with line numbers) ==\n'
awk 'NR>=1 && NR<=160 { printf "%4d  %s\n", NR, $0 }' .github/workflows/changelog.yml

printf '\n== release-drafter references ==\n'
rg -n "release-drafter|actionlint|workflow_run" .github . --glob '!**/node_modules/**' || true

Repository: slidict/slidict-cli

Length of output: 1381


🌐 Web query:

release-drafter/release-drafter v5 v6 runner requirements actionlint

💡 Result:

The release-drafter GitHub Action transitioned from using Node 16 (in v5) to Node 20 (in v6) as the runner environment [1]. No specific runner OS requirements beyond the standard GitHub-hosted environments (e.g., ubuntu-latest) are mandated; the action is designed to be self-contained and does not require a prior checkout step, as it interacts directly with the GitHub API using octokit [2][3]. Regarding actionlint: While release-drafter does not have specific, documented requirements for actionlint, it follows standard GitHub Actions schema requirements [4]. Users typically include standard steps like checkout and configuration, and the action supports various inputs such as config-name, prerelease, and prerelease-identifier [2][5]. For migration from v5 to v6, the primary change is the underlying runtime, which is handled automatically by GitHub Actions when updating the reference (e.g., uses: release-drafter/release-drafter@v6) [1][6]. Ensure that any workflows utilizing older versions are updated to reference v6 [1][7]. There are no reports of breaking configuration changes that require manual intervention in the YAML structure for standard setups, though users should ensure their configuration files remain correctly located within the.github directory [8][2]. If using advanced features like prerelease management, be aware that v6 includes updated logic for handling prerelease identifiers and inclusion of pre-releases [1][9].

Citations:


🌐 Web query:

release-drafter v5 node16 github actions deprecation still works v6 node20 official

💡 Result:

Release Drafter version 6 (v6) is the official version configured to run on Node 20 (and later Node 24) [1][2][3]. While older versions of Release Drafter, such as v5, used Node 16, GitHub Actions has deprecated Node 16, meaning workflows relying on v5 may encounter warnings or failures depending on the environment and runner configuration [4][5][3]. To ensure continued, stable functionality, you should update your GitHub Actions workflow to use the latest release-drafter version [5][6]. You can do this by updating the uses directive in your workflow YAML file: - uses: release-drafter/release-drafter@v6 Note that the project has since progressed beyond v6, transitioning to Node 24 for its runtime [1][2]. Using the latest version (e.g., @latest or the most recent stable tag) is recommended to maintain compatibility with current GitHub Actions runner requirements [2][6]. If you are using self-hosted runners, ensure your runner software is kept up to date to support the newer Node runtimes required by the action [4][5].

Citations:


release-drafter を v6 に更新してください。

release-drafter/release-drafter@v5 は Node 16 ベースで、GitHub Actions では Node 16 が非推奨です。v6 へ上げて互換性リスクを避けたいです。

修正案
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@v6
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Update draft release notes
uses: release-drafter/release-drafter@v5
with:
config-name: release-drafter.yml
publish: ${{ steps.version_file.outputs.changed == 'true' }}
publish: false
- name: Update draft release notes
uses: release-drafter/release-drafter@v6
with:
config-name: release-drafter.yml
publish: false
🧰 Tools
🪛 actionlint (1.7.12)

[error] 18-18: the runner of "release-drafter/release-drafter@v5" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/changelog.yml around lines 17 - 21, The Update draft
release notes step is still pinned to release-drafter/release-drafter@v5, which
should be upgraded to v6 for Node 16 compatibility. Update the action reference
in the changelog workflow to use the v6 release-drafter version, keeping the
existing config-name and publish settings unchanged.

Source: Linters/SAST tools

packages: write

steps:
- uses: actions/checkout@v3

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

git ls-files .github/workflows

Repository: slidict/slidict-cli

Length of output: 282


🏁 Script executed:

sed -n '1,120p' .github/workflows/gem-push.yml && printf '\n---\n' && sed -n '1,160p' .github/workflows/test.yml && printf '\n---\n' && sed -n '1,160p' .github/workflows/bump-version.yml && printf '\n---\n' && sed -n '1,160p' .github/workflows/changelog.yml

Repository: slidict/slidict-cli

Length of output: 7080


🌐 Web query:

actions/checkout v3 Node16 deprecation GitHub Actions runner support 2025

💡 Result:

Node.js 16 reached end-of-life in GitHub Actions runners on November 12, 2024 [1]. As part of this transition, GitHub enforced the migration of all JavaScript-based actions to Node.js 20 [1][2]. Regarding actions/checkout specifically: 1. Version 3 of actions/checkout relies on Node.js 16 [3][4]. Because Node.js 16 is no longer supported in the runner environment, workflows using actions/checkout@v3 may experience errors, failure to execute, or unexpected behavior [5][1][6]. 2. GitHub officially recommended that users update to the latest versions of their actions to maintain compatibility with Node.js 20 [1][2]. For actions/checkout, this requires upgrading to v4 or higher [4][7][8]. 3. As of June 2026, the latest major version of actions/checkout is v7 [9][10]. It is strongly advised to migrate to at least v4, though upgrading to the latest release (v7) is recommended to ensure continued support, security updates, and feature compatibility [9][10]. In summary, actions/checkout@v3 is considered obsolete and unsupported due to its dependency on the deprecated Node.js 16 runtime [1][8]. Workflows still using it should be updated immediately to v4 or newer to ensure they run correctly on modern GitHub Actions runners [4][7].

Citations:


.github/workflows/gem-push.ymlactions/checkout を v4 以上へ更新してください。
actions/checkout@v3 は Node.js 16 系で、現在の GitHub Actions ランナーでは実行失敗する可能性があります。

修正案
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- uses: actions/checkout@v3
- uses: actions/checkout@v4
🧰 Tools
🪛 actionlint (1.7.12)

[error] 20-20: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 zizmor (1.26.1)

[warning] 20-23: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/gem-push.yml at line 20, The workflow step using
actions/checkout is pinned to v3 and should be updated to v4 or newer. In
gem-push.yml, change the checkout action version in the checkout step so the
workflow uses the supported release, keeping the rest of the job logic
unchanged.

Source: Linters/SAST tools

Comment on lines +25 to +32
- name: Check if version file changed
id: version_file
run: |
if git diff --name-only HEAD~1 HEAD | grep -qx "lib/slidict/version.rb"; then
echo "changed=true" >> "$GITHUB_OUTPUT"
else
echo "changed=false" >> "$GITHUB_OUTPUT"
fi

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | 🏗️ Heavy lift

複数コミット push で version.rb の変更を見落とします。

HEAD~1..HEAD だけを見るため、同一 push 内の最後以外のコミットで lib/slidict/version.rb が変わると changed=false になり、gem publish と release publish がスキップされます。push 全体の範囲、または抽出した version の tag/release 存在確認で判定してください。

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/gem-push.yml around lines 25 - 32, The version change
check in the workflow only inspects HEAD~1..HEAD, so it can miss
lib/slidict/version.rb updates from earlier commits in the same push. Update the
logic in the version_file step to evaluate the full push range or otherwise
determine the bumped version by comparing the relevant tag/release state, and
keep the changed output accurate for gem publish and release publish.

Comment on lines +72 to +81
- name: Publish release notes
if: steps.version_file.outputs.changed == 'true'
uses: release-drafter/release-drafter@v5
with:
config-name: release-drafter.yml
publish: true
tag: ${{ steps.version.outputs.tag }}
name: ${{ steps.version.outputs.tag }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== workflow excerpt ==\n'
nl -ba .github/workflows/gem-push.yml | sed -n '60,90p'

printf '\n== release-drafter references ==\n'
rg -n "release-drafter|actionlint|runner" .github . -g '!**/node_modules/**' || true

Repository: slidict/slidict-cli

Length of output: 221


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== workflow excerpt ==\n'
python3 - <<'PY'
from pathlib import Path
p = Path('.github/workflows/gem-push.yml')
for i, line in enumerate(p.read_text().splitlines(), 1):
    if 60 <= i <= 90:
        print(f"{i:4d}: {line}")
PY

printf '\n== release-drafter references ==\n'
python3 - <<'PY'
from pathlib import Path
import re
paths = [p for p in Path('.').rglob('*') if p.is_file() and '.git' not in p.parts]
pat = re.compile(r'release-drafter|actionlint|runner')
for p in paths:
    try:
        text = p.read_text(errors='ignore')
    except Exception:
        continue
    if pat.search(text):
        print(p)
PY

Repository: slidict/slidict-cli

Length of output: 1241


🌐 Web query:

release-drafter release-drafter v5 node version v6 node version action metadata

💡 Result:

The Release Drafter GitHub Action updated its required Node.js runtime version as part of its evolution across major versions: - Version 5 of the action used Node.js 16 [1]. - Version 6 of the action updated the runtime to Node.js 20 [1][2]. - The action's metadata file (action.yml) specifies this runtime requirement under the runs.using field [1][3]. Specifically, the configuration moved from using: 'node16' in v5 to using: 'node20' in v6 [1]. These updates ensure compatibility with GitHub Actions' lifecycle transitions, as Node.js 16 was deprecated in favor of newer versions [2]. As of the current date in 2026, the action has advanced to v7 [4][5].

Citations:


release-drafter を v6 に更新してください。
release-drafter/release-drafter@v5 は Node.js 16 ベースで、v6 で Node.js 20 に更新されています。ここは @v6 に上げておくべきです。

🧰 Tools
🪛 actionlint (1.7.12)

[error] 74-74: the runner of "release-drafter/release-drafter@v5" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/gem-push.yml around lines 72 - 81, The Release Drafter
action in the “Publish release notes” step is still pinned to
release-drafter/release-drafter@v5; update that action reference to `@v6` in the
workflow so it uses the Node.js 20-based release, keeping the existing
config-name, publish, tag, name, and GITHUB_TOKEN settings unchanged.

Source: Linters/SAST tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant