Skip to content

Add Release plan #1703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RobbieTheWagner merged 2 commits into from
Dec 5, 2025
Merged

Add Release plan #1703

RobbieTheWagner merged 2 commits into from
Dec 5, 2025

Conversation

@RobbieTheWagner
Copy link
Member

@RobbieTheWagner RobbieTheWagner commented Dec 5, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated minimum Node.js requirement to version 20
    • Modernized release automation workflow and tooling

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Dec 5, 2025
edited
Loading

Walkthrough

This PR modernizes CI/CD infrastructure by upgrading Node.js to version 20, replacing release-it with release-plan for automated release orchestration via new GitHub Actions workflows, removing obsolete release configuration, and updating release documentation to reflect the new process.

Changes

Cohort / File(s) Summary
GitHub Actions Workflows
.github/workflows/main.yml, .github/workflows/plan-release.yml, .github/workflows/publish.yml		 Updated Node.js version from 18 to 20 in main.yml. Introduced two new workflows: plan-release.yml orchestrates conditional release planning with PR creation via release-plan action; publish.yml handles automated NPM publishing on .release-plan.json changes.
Release Tooling Configuration
.release-it.js		 Removed entire release-it configuration file, including hooks, plugins (lerna-changelog), git settings, GitHub release settings, and npm publish configuration.
Release Documentation
RELEASE.md		 Updated release process documentation to reflect release-plan workflow instead of release-it. Simplified preparation section, removed token/dependency setup instructions, clarified labeling guidance, and adjusted release section to note PR-based triggering.
Project Manifest
package.json		 Restored authors field with two entries. Upgraded Node.js engine requirement from >=18 to >=20. Replaced release tooling dependencies (removed @release-it-plugins/lerna-changelog and release-it; added release-plan).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • New plan-release.yml and publish.yml workflows require verification of release-plan action integration, trigger conditions, and PR creation logic
  • Node.js version bump from 18 to 20 across workflows and package.json engine field—confirm compatibility expectations
  • Validate completeness of release-it removal and absence of lingering references
  • Ensure package.json manifest changes (tooling swap, authors restoration) align with intended tooling migration

Possibly related PRs

  • Switch to pnpm #1702: Modifies the same CI/workflow files and release configuration (main.yml, .release-it.js, package.json) suggesting coordinated release process migration.

Poem

🐰 Release automation springs to life,
Plan and publish, cutting through strife!
From release-it's old ways we've run,
To release-plan—version 20's won!
Workflows orchestrate, PRs align,
A smoother release, by design ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Add Release plan' directly reflects the main change: introducing a new release automation system based on release-plan, replacing the old release-it tooling across multiple workflow files and configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch release-plan
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3a39d36 and 0613990.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (6)
  • .github/workflows/main.yml (1 hunks)
  • .github/workflows/plan-release.yml (1 hunks)
  • .github/workflows/publish.yml (1 hunks)
  • .release-it.js (0 hunks)
  • RELEASE.md (1 hunks)
  • package.json (2 hunks)
💤 Files with no reviewable changes (1)
  • .release-it.js
🔇 Additional comments (14)
.github/workflows/main.yml (1)

25-25: Consistent Node.js version upgrade.

Node.js version bump from 18 to 20 aligns with the package.json engines requirement (line 68: node >= 20) and the new publish workflow. No issues detected.

package.json (3)

68-68: Node.js engine requirement consistent across workflows.

Update from >=18 to >=20 is consistent with CI/CD workflow upgrades (main.yml line 25, publish.yml line 35).

81-84: Authors field restoration.

Re-adding the authors array with Zack Bloom and Adam Schwartz is appropriate for open-source project attribution.

53-53: Verify workflow file references and release-plan action compatibility before use.

The release-plan ^0.17.0 dependency is specified in package.json, but the workflow files (plan-release.yml and publish.yml) referenced in this review were not found in the repository. If these workflows will use release-plan/actions/should-prepare-release@v1 or other v1 action refs, confirm version 0.17.0 compatibility by checking the release-plan repository documentation or CHANGELOG for any version constraints or breaking changes between the package and its corresponding GitHub Actions.

.github/workflows/publish.yml (3)

23-26: OIDC and supply chain security implementation is sound.

Permissions (id-token, attestations) and OIDC provenance setup (NPM_CONFIG_PROVENANCE=true, npm@latest for OIDC support) are appropriate for secure, verifiable NPM publishing. The frozen-lockfile approach ensures reproducible builds.

Also applies to: 38-39, 41-41

1-17: Workflow trigger and concurrency configuration correct.

The trigger on .release-plan.json changes (lines 12-13) ensures publishing only after a release plan is prepared. Concurrency grouping by branch with cancel-in-progress prevents duplicate publish runs.

29-37: The v5/v6 versions in publish.yml are appropriate and align with current best practices—setup-node@v6 is the recommended action for Node.js 20.x, and these versions work with OIDC-based publishing workflows. If main.yml uses older versions (@v4), the publish workflow's newer versions (v5/v6) are intentionally correct for this use case and do not require alignment downward. No action needed.

RELEASE.md (3)

3-13: Documentation accurately reflects release-plan workflow.

The narrative correctly describes the new release process: release-plan automatically creates PRs updating CHANGELOG.md and generates .release-plan.json. The keepachangelog.com reference reinforces the principle that changelogs are for humans, not machines.

15-23: Labeling guidance is clear and mandatory.

Label categories are well-defined, and the note at line 23 that release-plan requires all PRs to be labeled is important for users to understand. The fallback to internal for unclassified PRs is practical.

27-27: Release trigger documentation is concise.

The instruction to merge the "Plan Release" PR is simple and actionable. Reference to the PR filter link allows users to find the PR easily.

.github/workflows/plan-release.yml (4)

8-8: Security posture for pull_request_target is sound.

The inline security comment correctly notes the pwn-request risk. The workflow safely avoids this by not executing any code from PRs—it only orchestrates release-plan actions and PR creation. Good defensive practice.

29-61: PR creation workflow is well-designed and outputs are safe.

Two-job structure (check → create) prevents redundant PR creations. All dynamic data in the PR (version, explanation) comes from release-plan action outputs, not user input. Commit signing (line 53) and branch naming (line 54) are sensible defaults. Concurrency management (line 14-15) ensures only the latest plan runs.

48-48: The peter-evans/create-pull-request@v7 version is current and recommended.

The action uses the latest v7 major version (currently at v7.0.9), which is the recommended pattern for GitHub Actions. This version is compatible with standard branch protection and CI workflows.

18-46: The workflow configuration is correct. The release-plan/actions/should-prepare-release@v1 and release-plan/actions/prepare@v1 actions are stable and compatible with release-plan: ^0.17.0. Using major version tags (e.g., @v1) is the recommended GitHub Actions versioning practice and is fully supported by the release-plan project.

Likely an incorrect or invalid review comment.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@RobbieTheWagner RobbieTheWagner merged commit f2df762 into master Dec 5, 2025
2 of 3 checks passed
@RobbieTheWagner RobbieTheWagner deleted the release-plan branch December 5, 2025 14:42
@github-actions github-actions bot mentioned this pull request Dec 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RobbieTheWagner