ci: use @changesets/get-release-plan#358
Merged
lachlancollins merged 9 commits intomainfrom Mar 17, 2026
Merged
Conversation
|
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe changeset preview GitHub Action is refactored to replace manual package and changeset parsing with the Changes
Sequence DiagramsequenceDiagram
participant GA as GitHub Action
participant Script as preview-changeset-versions.mjs
participant Lib as `@changesets/get-release-plan`
participant FS as File System
participant PR as PR Comment API
GA->>Script: Execute with args
Script->>Lib: getReleasePlan(ROOT)
Lib-->>Script: Release plan data
Script->>Script: Build release bumps from plan
Script->>Script: Generate markdown output
alt Output to file
Script->>FS: Write markdown to file
FS-->>Script: File written confirmation
end
Script->>PR: Upsert comment with markdown
PR-->>Script: Comment created/updated
Script-->>GA: Exit
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
📝 Coding Plan
Comment |
Contributor
🚀 Changeset Version PreviewNo changeset entries found. Merging this PR will not cause a version bump for any packages. |
|
View your CI Pipeline Execution ↗ for commit 369af43
☁️ Nx Cloud last updated this comment at |
commit: |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.changeset/curly-bugs-rescue.md:
- Around line 1-3: The changeset currently only lists '@tanstack/eslint-config'
but you changed published metadata in packages/publish-config/package.json, so
update the changeset to also include '@tanstack/publish-config' (with the
appropriate release type, e.g., patch or minor) so the peer-dependency change
will be released; edit the existing .changeset entry to add
'@tanstack/publish-config': <release-type> alongside '@tanstack/eslint-config'
and ensure the YAML formatting matches the other entries.
- Line 5: Replace the placeholder line "test" in .changeset/curly-bugs-rescue.md
with a proper release note summary for this changeset: write a concise
human-readable summary of the change and its impact (and include the release
type if your project expects it, e.g., "patch:", "minor:", or "major:" per your
changesets convention) so the generated changelog contains meaningful
information instead of the placeholder "test".
In @.github/changeset-preview/action.yml:
- Around line 6-9: The workflow step "Install dependencies" in
.github/changeset-preview/action.yml should use a frozen CI install and a
committed lockfile: generate a package-lock.json (or npm-shrinkwrap.json) for
.github/changeset-preview by running npm install locally and commit that
lockfile, then update the "Install dependencies" step (the one named "Install
dependencies") to run npm ci --ignore-scripts in the working directory instead
of npm install to ensure deterministic, script-free installs in CI.
In `@packages/publish-config/package.json`:
- Around line 52-53: Remove the peer dependency declaration for
"@tanstack/eslint-config" from the package.json "peerDependencies" block and
ensure it is listed only under "devDependencies" (or add it there if missing),
since it's only used by the development file eslint.config.ts and not by any
shipped modules like src/index.js or src/utils.js; update the package.json by
deleting the "@tanstack/eslint-config" entry from "peerDependencies" and
confirming "devDependencies" contains the version constraint instead.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: b51d6062-fae4-43e8-8609-1bdf2c24e81f
📒 Files selected for processing (5)
.changeset/curly-bugs-rescue.md.github/changeset-preview/action.yml.github/changeset-preview/package.json.github/changeset-preview/preview-changeset-versions.mjspackages/publish-config/package.json
.changeset/curly-bugs-rescue.md
Outdated
| '@tanstack/eslint-config': minor | ||
| --- | ||
|
|
||
| test |
There was a problem hiding this comment.
Replace the placeholder release note.
test will be copied into the generated changelog.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.changeset/curly-bugs-rescue.md at line 5, Replace the placeholder line
"test" in .changeset/curly-bugs-rescue.md with a proper release note summary for
this changeset: write a concise human-readable summary of the change and its
impact (and include the release type if your project expects it, e.g., "patch:",
"minor:", or "major:" per your changesets convention) so the generated changelog
contains meaningful information instead of the placeholder "test".
Comment on lines
+6
to
+9
| - name: Install dependencies | ||
| shell: bash | ||
| run: npm install | ||
| working-directory: ${{ github.action_path }} |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Lockfiles under .github/changeset-preview:"
fd '^(package-lock\.json|npm-shrinkwrap\.json)$' .github/changeset-preview -t f || true
echo
echo "Action package manifest:"
sed -n '1,120p' .github/changeset-preview/package.jsonRepository: TanStack/config
Length of output: 201
Add a lockfile and use npm ci for frozen installs in CI.
The action currently uses npm install, which can mutate package.json and is not deterministic across runs. npm ci is the npm command designed for automated environments and, paired with a committed lockfile, guarantees reproducible installs. Additionally, --ignore-scripts suppresses pre/postinstall hooks, reducing attack surface.
However, .github/changeset-preview/ does not currently have a committed package-lock.json or npm-shrinkwrap.json. Generate the lockfile first by running npm install locally, then commit it:
- Run
npm installlocally in.github/changeset-preview/to generatepackage-lock.json - Commit
package-lock.jsonto the repository - Update the action to use:
Suggested change
- run: npm install
+ run: npm ci --ignore-scripts🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/changeset-preview/action.yml around lines 6 - 9, The workflow step
"Install dependencies" in .github/changeset-preview/action.yml should use a
frozen CI install and a committed lockfile: generate a package-lock.json (or
npm-shrinkwrap.json) for .github/changeset-preview by running npm install
locally and commit that lockfile, then update the "Install dependencies" step
(the one named "Install dependencies") to run npm ci --ignore-scripts in the
working directory instead of npm install to ensure deterministic, script-free
installs in CI.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
.changeset/curly-bugs-rescue.md (1)
5-5:⚠️ Potential issue | 🟡 MinorReplace placeholder changeset summary (Line 5).
testis still placeholder content and will be published in generated release notes.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.changeset/curly-bugs-rescue.md at line 5, Replace the placeholder changeset summary "test" in .changeset/curly-bugs-rescue.md (the single-line summary used for release notes) with a concise, descriptive summary of the change; locate the line containing the literal text "test" and update it to a meaningful one-line description that will appear in generated release notes.
🧹 Nitpick comments (1)
packages/vite-config/package.json (1)
44-44: Move@tanstack/publish-configtodevDependencies.No runtime usage of
@tanstack/publish-configfound inpackages/vite-config/src. Since this dependency is not used by runtime code, it should be classified as a dev dependency to avoid unnecessary consumer install surface.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/vite-config/package.json` at line 44, The dependency "@tanstack/publish-config" is declared as a regular dependency but isn't used at runtime; update package.json to move "@tanstack/publish-config" from "dependencies" to "devDependencies" so it is only installed for development/build-time, and ensure package.json's dependency entries (the "dependencies" and "devDependencies" objects) are updated accordingly and the lockfile is refreshed if applicable.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.changeset/thin-mugs-judge.md:
- Line 5: Replace the placeholder text "TEST" in the changeset file
thin-mugs-judge.md with a concise, human-readable release note summary
describing the change (one clear sentence, <120 characters if possible); ensure
it summarizes the user-visible effect (not internal details) and reads like a
changelog line so the entry is useful in release notes.
---
Duplicate comments:
In @.changeset/curly-bugs-rescue.md:
- Line 5: Replace the placeholder changeset summary "test" in
.changeset/curly-bugs-rescue.md (the single-line summary used for release notes)
with a concise, descriptive summary of the change; locate the line containing
the literal text "test" and update it to a meaningful one-line description that
will appear in generated release notes.
---
Nitpick comments:
In `@packages/vite-config/package.json`:
- Line 44: The dependency "@tanstack/publish-config" is declared as a regular
dependency but isn't used at runtime; update package.json to move
"@tanstack/publish-config" from "dependencies" to "devDependencies" so it is
only installed for development/build-time, and ensure package.json's dependency
entries (the "dependencies" and "devDependencies" objects) are updated
accordingly and the lockfile is refreshed if applicable.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: f5b0cbb3-c871-4fa8-8ab2-db1c03cec9b2
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (5)
.changeset/curly-bugs-rescue.md.changeset/thin-mugs-judge.md.github/changeset-preview/preview-changeset-versions.mjs.github/changeset-preview/upsert-pr-comment.mjspackages/vite-config/package.json
💤 Files with no reviewable changes (1)
- .github/changeset-preview/upsert-pr-comment.mjs
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/changeset-preview/preview-changeset-versions.mjs
.changeset/thin-mugs-judge.md
Outdated
| '@tanstack/typedoc-config': major | ||
| --- | ||
|
|
||
| TEST |
There was a problem hiding this comment.
Use a real release note summary (Line 5).
TEST is placeholder text; replace it with a concise human-readable summary for changelog quality.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.changeset/thin-mugs-judge.md at line 5, Replace the placeholder text "TEST"
in the changeset file thin-mugs-judge.md with a concise, human-readable release
note summary describing the change (one clear sentence, <120 characters if
possible); ensure it summarizes the user-visible effect (not internal details)
and reads like a changelog line so the entry is useful in release notes.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/changeset-preview/preview-changeset-versions.mjs (1)
85-96: Extract repeated bump-table rendering into a helper.The Major/Minor/Patch sections duplicate the same table-building logic. A small renderer helper would reduce drift and make future column/layout changes safer.
♻️ Proposed refactor
+function pushBumpTable(lines, title, sectionBumps) { + if (sectionBumps.length === 0) return + lines.push(title) + lines.push('') + lines.push('| Package | Version | Reason |') + lines.push('| --- | --- | --- |') + for (const b of sectionBumps) { + lines.push(`| \`${b.name}\` | ${b.oldVersion} → ${b.newVersion} | ${b.reason} |`) + } + lines.push('') +} ... - if (majorBumps.length > 0) { - lines.push('### 🟥 Major bumps') - ... - } + pushBumpTable(lines, '### 🟥 Major bumps', majorBumps) ... - if (minorBumps.length > 0) { - lines.push('### 🟨 Minor bumps') - ... - } + pushBumpTable(lines, '### 🟨 Minor bumps', minorBumps) ... - if (patchBumps.length > 0) { - lines.push('### 🟩 Patch bumps') - ... - } + pushBumpTable(lines, '### 🟩 Patch bumps', patchBumps)Also applies to: 98-109, 111-121
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/changeset-preview/preview-changeset-versions.mjs around lines 85 - 96, Extract the repeated table-building logic into a single helper (e.g., renderBumpTable or buildBumpSection) and call it for majorBumps, minorBumps and patchBumps instead of duplicating the lines.push sequence; the helper should accept the bump list and section title, early-return if the list is empty, push the header/title, push the table header rows, iterate the list to push the `| \`${b.name}\` | ${b.oldVersion} → ${b.newVersion} | ${b.reason} |` rows, and add the trailing blank line — then replace the existing duplicated blocks that reference majorBumps/minorBumps/patchBumps and use lines.push directly with calls to this helper.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/changeset-preview/preview-changeset-versions.mjs:
- Around line 37-39: Update the top-of-file header comments to reflect that this
script now calls getReleasePlan(ROOT) and only reads the release plan
(releasePlan and releases) without running `changeset version` or mutating
package.json files; edit the explanatory workflow/docs comments to remove any
instruction that implies the script performs versioning or writes changes to
packages and clearly state it is a non-mutating, read-only preview of release
plans.
---
Nitpick comments:
In @.github/changeset-preview/preview-changeset-versions.mjs:
- Around line 85-96: Extract the repeated table-building logic into a single
helper (e.g., renderBumpTable or buildBumpSection) and call it for majorBumps,
minorBumps and patchBumps instead of duplicating the lines.push sequence; the
helper should accept the bump list and section title, early-return if the list
is empty, push the header/title, push the table header rows, iterate the list to
push the `| \`${b.name}\` | ${b.oldVersion} → ${b.newVersion} | ${b.reason} |`
rows, and add the trailing blank line — then replace the existing duplicated
blocks that reference majorBumps/minorBumps/patchBumps and use lines.push
directly with calls to this helper.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bcd708c7-4ac0-448e-a016-6b798a8a135c
📒 Files selected for processing (2)
.changeset/curly-bugs-rescue.md.github/changeset-preview/preview-changeset-versions.mjs
🚧 Files skipped from review as they are similar to previous changes (1)
- .changeset/curly-bugs-rescue.md
birkskyum
approved these changes
Mar 17, 2026
Member
birkskyum
left a comment
birkskyum
left a comment
There was a problem hiding this comment.
Great to get this streamlined/shared
lachlancollins
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎯 Changes
✅ Checklist
pnpm test:pr.🚀 Release Impact
Summary by CodeRabbit
New Features
Chores