Skip to content

Fix versioning #1028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix versioning #1028

wants to merge 2 commits into from

Conversation

@johnvincentcorpuz
Copy link
Collaborator

@johnvincentcorpuz johnvincentcorpuz commented Feb 21, 2025
edited by mre-leads
Loading

PR Type

Enhancement

Description

  • Replaced the automated version bump action with a manual implementation using standard-version
  • Added a new .versionrc file to configure standard-version behavior
  • Updated the CI workflow to use PACKAGES_ADMIN_TOKEN for authentication
  • Implemented Git configuration and SSH setup for pushing changes in the CI workflow
  • Added custom commit types for Solace-specific versioning (major, minor, patch)
  • Configured post-bump script to automatically commit changes

Changes walkthrough 📝

Relevant files
Enhancement
push.yaml
Refactor version bumping process in CI workflow                   

.github/workflows/push.yaml

  • Updated GitHub token to use PACKAGES_ADMIN_TOKEN
  • Replaced automated version bump action with manual standard-version
    implementation
  • Added Git configuration and SSH setup for pushing changes
  • Implemented version bumping and pushing changes with tags
    		•  +29/-16 
    Configuration changes
    .versionrc
    Add standard-version configuration file                                   

    .versionrc

  • Added new configuration file for standard-version
  • Defined custom commit types for major, minor, and patch changes
  • Configured post-bump script to commit changes
    		•  +56/-0   

    @mre-leads mre-leads added the enhancement New feature or request label Feb 21, 2025
    @mre-leads
    Copy link

    mre-leads commented Feb 21, 2025

    PR Code Suggestions ✨

    CategorySuggestion                                                                                                                                    Score
    Security
    Use a more secure method to add the SSH key to the ssh-agent

    The SSH key is being added directly to the ssh-agent using a here-string, which could
    potentially expose the key in logs. Consider using ssh-add - < <(echo "$COMMIT_KEY")
    instead, which prevents the key from being expanded in the command line.

    .github/workflows/push.yaml [148]

    -ssh-add - <<< "${COMMIT_KEY}"
+ssh-add - < <(echo "$COMMIT_KEY")
    Suggestion importance[1-10]: 9

    Why: This suggestion addresses a potential security vulnerability, which is crucial for maintaining the integrity of the workflow.

    		9
    Possible issue
    Specify the branch name explicitly in the git push command

    The git push command doesn't specify which branch to push. This could lead to unintended
    pushes if the current branch is not the one you expect. Consider explicitly specifying the
    branch name, such as git push --follow-tags origin main or using ${{ github.ref_name }} to
    get the current branch name.

    .github/workflows/push.yaml [152]

    -git push --follow-tags origin
+git push --follow-tags origin ${{ github.ref_name }}
    Suggestion importance[1-10]: 8

    Why: This suggestion prevents potential errors by ensuring the correct branch is pushed, which is important for workflow reliability.

    		8
    Allow standard-version to create tags for consistency with the push command

    The skip.tag option is set to true, which prevents standard-version from creating a tag.
    However, your GitHub Actions workflow is pushing tags with --follow-tags. This might lead
    to inconsistencies. Consider setting skip.tag to false to allow standard-version to create
    the tag.

    .versionrc [50-52]

     "skip": {
-  "tag": true
+  "tag": false
 },
    Suggestion importance[1-10]: 8

    Why: This suggestion resolves a potential inconsistency between the versioning tool and the push command, ensuring proper version tagging.

    		8
    Best practice
    Disable automatic staging of all changes to prevent unintended commits

    The commitAll option is set to true, which automatically stages all changes. This might
    lead to unintended files being committed. Consider setting it to false and explicitly
    staging the files you want to commit in your workflow.

    .versionrc [49]

    -"commitAll": true,
+"commitAll": false,
    Suggestion importance[1-10]: 7

    Why: This suggestion improves control over what gets committed, reducing the risk of unintended changes being included in releases.

    		7
    Enhancement
    Use npx to run standard-version without global installation

    Instead of installing standard-version globally, consider using npx to run it without
    installation. This approach ensures you're always using the latest version and keeps your
    workflow more lightweight.

    .github/workflows/push.yaml [130-135]

    -- name: Install standard-version
-  run: npm install -g standard-version
-
 - name: Bump version
   run: |
     npx standard-version
    Suggestion importance[1-10]: 7

    Why: This suggestion improves workflow efficiency and ensures the latest version is used, which is a valuable enhancement.

    		7

    @sonarqube-solacecloud
    Copy link

    sonarqube-solacecloud bot commented Feb 21, 2025

    Quality Gate passed Quality Gate passed

    Issues
    0 New issues
    0 Fixed issues
    0 Accepted issues

    Measures
    0 Security Hotspots
    No data about Coverage
    No data about Duplication

    See analysis details on SonarQube

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Reviewers

    @dipin-anand dipin-anand Awaiting requested review from dipin-anand dipin-anand will be requested when the pull request is marked ready for review dipin-anand is a code owner

    @Tri4Ty Tri4Ty Awaiting requested review from Tri4Ty Tri4Ty will be requested when the pull request is marked ready for review Tri4Ty is a code owner

    @Ali-Zmn Ali-Zmn Awaiting requested review from Ali-Zmn Ali-Zmn will be requested when the pull request is marked ready for review Ali-Zmn is a code owner

    @drodrigue-solace drodrigue-solace Awaiting requested review from drodrigue-solace drodrigue-solace will be requested when the pull request is marked ready for review drodrigue-solace is a code owner

    @md-cyow md-cyow Awaiting requested review from md-cyow md-cyow will be requested when the pull request is marked ready for review md-cyow is a code owner

    @lgh-solace lgh-solace Awaiting requested review from lgh-solace lgh-solace will be requested when the pull request is marked ready for review lgh-solace is a code owner

    At least 1 approving review is required to merge this pull request.

    Assignees

    No one assigned

    Labels

    enhancement New feature or request

    Projects

    None yet

    Milestone

    No milestone

    Development

    Successfully merging this pull request may close these issues.

    2 participants

    @johnvincentcorpuz @mre-leads