fix(hook): allow github-actions bot to commit on main for lockstep bumps#73
Merged
Merged
Conversation
The release workflow's "Lockstep-bump wrappers" step commits the create-webjs + webjsdev version bumps directly to main as github-actions[bot]. The pre-commit hook's gate 1 (block commits to main) was firing on those bot commits, failing the workflow and leaving the wrappers un-bumped after a cli release. Add an early short-circuit at the top of the hook: when $GITHUB_ACTIONS=true (set automatically by every GitHub Actions runner), skip every gate and exit 0. The bot's commit is a mechanical version-field write to two package.json files; there's nothing to validate. Human commits hit every gate as designed. The exception applies only to environments where Actions is genuinely running. Caught by the failed workflow on the merge of #72 (run 26293696071): cli@0.8.5 published cleanly, but the lockstep wrappers step errored on `git commit -m ...` with "Cannot commit directly to 'main'". After this fix lands and the failed run is re-run, the lockstep step will succeed and publish create-webjs + webjsdev at 0.8.5.
2 tasks
vivek7405
added a commit
that referenced
this pull request
May 22, 2026
…#74) * fix(hook): skip wrapper packages in the changelog-file requirement create-webjs and webjsdev are version-lockstep mirrors of @webjsdev/cli and are explicitly NOT tracked in the framework's changelog system. Bumping their package.json version is intentional (driven by the release workflow's lockstep step, or rarely by a manual recovery commit) and does NOT need a matching changelog/<pkg>/<version>.md file. The hook previously detected ANY packages/*/package.json version bump and demanded a changelog file. For wrappers it would then run scripts/backfill-changelog.js, which doesn't list them in PACKAGES, so no file was generated, and the hook errored "expected file but generator didn't produce it". Add a name-check in the TO_GENERATE loop: skip create-webjs and webjsdev entirely. The framework-package bump-detection logic for core / server / cli / ts-plugin / ui is unchanged. This also un-blocks manual lockstep recoveries (like the 0.8.5 wrapper bumps that follow this commit) on a feature branch without --no-verify. * chore(release): manual lockstep bump create-webjs + webjsdev to 0.8.5 One-time manual sync. The automated lockstep step (added in #72) failed on the cli@0.8.5 release workflow run because the pre-commit hook blocked the bot's commit on main. PR #73 fixed the hook for new workflow runs, but `gh run rerun` replays the workflow at the original commit's SHA (which still has the un-fixed hook), so the re-run failed the same way. Easiest recovery: bump the wrapper package.json files manually in this commit, then publish the new versions out-of-band. Future cli bumps will trigger the workflow against the latest main (which now includes both the GITHUB_ACTIONS short-circuit AND the wrapper-skip in the changelog-file check), so the lockstep step will succeed automatically. No changelog files are touched here, so this push to main does not re-trigger release.yml. After merge, publish manually: cd packages/create-webjs && npm publish cd ../webjsdev && npm publish
This was referenced May 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The release workflow's "Lockstep-bump wrappers" step (added in #72) commits the create-webjs + webjsdev version bumps directly to main as
github-actions[bot]. The pre-commit hook's gate 1 (block commits to main) fires on those bot commits and fails the workflow.Add an early short-circuit at the top of the hook. When
$GITHUB_ACTIONS=true, skip every gate. The bot's commit is a mechanical version-field write to two package.json files; there is nothing to validate.Human commits still hit every gate as designed.
Caught by
Failed workflow run 26293696071. cli@0.8.5 published cleanly, but the lockstep step errored on
git commit -m ...with "Cannot commit directly to 'main'".Recovery plan after merge
gh run rerun 26293696071. The earlier "Publish to npm" / "Publish to GitHub Packages" / "Create GitHub Releases" steps are idempotent and will skip already-published cli@0.8.5. The Lockstep-bump step will now succeed, bump create-webjs + webjsdev to 0.8.5, commit + push, and publish both to npm.Test plan
npm testpasses (1151/1151)