Add version bump workflow

[Strift]

Pull Request

why

• simplify publishing by allowing package version bump

how

• create a bump-package-version.yml workflow that can be manually triggered

PR checklist

Please check if your PR fulfills the following requirements:

• Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)?
• Have you read the contributing guidelines?
• Have you made sure that the title is accurate and descriptive of the changes?

Thank you so much for contributing to Meilisearch!

Summary by CodeRabbit

• Chores
  • Added an automated workflow to bump the package version.
  • Supports on-demand version updates that create a pull request with a formatted title and description.
  • Commits the version change on a dedicated branch and applies a label to skip changelog generation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a GitHub Actions workflow bump-package-version.yml that, when manually triggered with a new_version, sets env vars, bumps package.json via npm version (no tag), commits to a new branch, and opens a PR against main with a skip-changelog label. (48 words)

Changes

Cohort / File(s)	Summary
GitHub Actions workflow \.github/workflows/bump-package-version.yml	Adds a workflow_dispatch workflow that requires new_version, sets NEW_VERSION/NEW_BRANCH/GH_TOKEN, checks out main, runs npm version without tagging to update package.json, uses EndBug/add-and-commit to commit/push branch workflow/bump-package-version-v<version>, and creates a PR to main with title/body and skip-changelog label.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant GHA as GitHub Actions
    participant Git as Git/GitHub
    participant File as package.json
    participant API as GitHub API

    User->>GHA: Trigger workflow_dispatch (new_version)
    activate GHA
    GHA->>GHA: Set NEW_VERSION, NEW_BRANCH, GH_TOKEN
    GHA->>Git: Checkout main
    Git-->>GHA: main checked out
    GHA->>File: Run npm version (no-tag) -> update version
    File-->>GHA: version updated
    GHA->>Git: Create branch and commit changes (EndBug/add-and-commit)
    Git-->>GHA: branch pushed
    GHA->>API: Create PR to main with title/body and skip-changelog label
    API-->>GHA: PR created
    deactivate GHA

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• curquiza
• flevi29

Poem

🐰 I nudged the version, gave it a spin,

A branch sprang up, a PR hopped in,
Labels placed with careful paw,
Automated carrots—code says "ta-da!" 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add version bump workflow' directly and clearly describes the main change: adding a GitHub Actions workflow for automatically bumping package versions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8a718cf and 6f51298.

📒 Files selected for processing (1)

• .github/workflows/bump-package-version.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/bump-package-version.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: integration-tests (Node.js 20)
• GitHub Check: integration-tests (Node.js 22)

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.60%. Comparing base (a394737) to head (6f51298).
⚠️ Report is 9 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2109      +/-   ##
==========================================
+ Coverage   97.54%   97.60%   +0.05%     
==========================================
  Files          15       17       +2     
  Lines         611      625      +14     
  Branches      101      100       -1     
==========================================
+ Hits          596      610      +14     
  Misses         14       14              
  Partials        1        1              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

.github/workflows/bump-package-version.yml (2)

32-41: Consider handling duplicate PR scenario.

If the workflow is triggered multiple times with the same version, it will fail when attempting to create a PR from a branch that already has an open PR. Consider adding error handling or checking for existing PRs first.

🔎 Optional: Add duplicate PR check

       - name: Create the PR pointing to main
         run: |
+          # Check if PR already exists
+          if gh pr list --head "$NEW_BRANCH" --state open --json number --jq '.[0].number' | grep -q .; then
+            echo "PR already exists for branch $NEW_BRANCH"
+            exit 0
+          fi
           gh pr create \
             --title "Update version for the next release (v$NEW_VERSION)" \
             --body '_This PR is auto-generated._
 
           The automated script updates the version of meilisearch-js to a new version: "v$NEW_VERSION"' \
             --label 'skip-changelog' \
             --base main \
             --head ${{ env.NEW_BRANCH }}

---

23-25: Consider using npm version for consistency with npm best practices.

The repository doesn't currently have package-lock.json or yarn.lock, so the sed approach works for the current setup. However, npm version is the standard approach for version bumping and would be more maintainable if lock files are added in the future:

🔎 Proposed refactor using npm version

-      - name: Update package.json file
+      - name: Update package version
         run: |
-          sed -i -E 's/("version":[[:space:]]*")([^"]+)(")/\1'"$NEW_VERSION"'\3/' package.json
+          npm version "$NEW_VERSION" --no-git-tag-version

This uses npm's built-in version management, which automatically handles both package.json and lock files if they're added later.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a394737 and d5f8b09.

📒 Files selected for processing (1)

• .github/workflows/bump-package-version.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: integration-tests (Node.js 20)
• GitHub Check: integration-tests (Node.js 22)

🔇 Additional comments (2)

.github/workflows/bump-package-version.yml (2)

10-13: LGTM!

Environment variable setup is appropriate. Using a PAT for GH_TOKEN is necessary for the workflow to create PRs, and the branch naming convention is clear.

---

19-22: LGTM!

Checkout configuration correctly targets the main branch.

[flevi29]

I'm approving this, so you may experiment with it.

One note I'd add is that it would probably be better to use npm version if possible.

This will supersede my attempt at a similar PR #1869.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/bump-package-version.yml:
- Around line 23-25: The workflow step that runs "pnpm version ${{
env.NEW_VERSION }} --no-git-tag-version" will fail because pnpm isn't guaranteed
to be available on GitHub runners; add a step before the "Update package.json
file" step to install/setup pnpm (for example use the pnpm/action-setup@v2
action or run a Corepack enable/install command) so the pnpm binary is present,
or alternatively remove the explicit pnpm invocation and let the action
auto-detect the package manager if your package.json has a packageManager field.

♻️ Duplicate comments (2)

.github/workflows/bump-package-version.yml (2)

3-8: Input validation for version format is still missing.

The new_version input accepts any string without validation. Invalid versions could break the package manifest. The previous review comment suggesting a validation step is still applicable.

---

26-31: Consider including lock file in commit.

The previous review comment about including lock files is still relevant. With pnpm, if pnpm-lock.yaml is updated, it should be committed as well.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d5f8b09 and 8a718cf.

📒 Files selected for processing (1)

• .github/workflows/bump-package-version.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: integration-tests (Node.js 20)
• GitHub Check: integration-tests (Node.js 22)

🔇 Additional comments (3)

.github/workflows/bump-package-version.yml (3)

10-13: LGTM!

Environment variables are well-defined with a clear branch naming convention.

---

32-41: LGTM!

The PR creation step is well-structured with a descriptive title, body, and appropriate labeling. Using gh pr create with the bot PAT token ensures proper authentication.

---

19-22: No issues found. actions/checkout@v6 is the current latest stable version as of January 2026.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[Strift]

Thanks for the recommendation @flevi29