Sanity tests: dynamic stack setup, report context, fixes, security cleanup #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Catches when developers forget to add a version bump for their changes. | |
| # Code changes (e.g. lib/) require package.json + CHANGELOG.md; test-only skip. | |
| name: Check Version Bump | |
| on: | |
| pull_request: | |
| jobs: | |
| version-bump: | |
| name: Version & Changelog bump | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect changed files and version bump | |
| id: detect | |
| run: | | |
| if git rev-parse HEAD^2 >/dev/null 2>&1; then | |
| FILES=$(git diff --name-only HEAD^1 HEAD^2) | |
| else | |
| FILES=$(git diff --name-only HEAD~1 HEAD) | |
| fi | |
| VERSION_FILES_CHANGED=false | |
| echo "$FILES" | grep -qx 'package.json' && VERSION_FILES_CHANGED=true | |
| echo "$FILES" | grep -qx 'CHANGELOG.md' && VERSION_FILES_CHANGED=true | |
| echo "version_files_changed=$VERSION_FILES_CHANGED" >> $GITHUB_OUTPUT | |
| CODE_CHANGED=false | |
| echo "$FILES" | grep -qE '^lib/|^webpack/|^dist/' && CODE_CHANGED=true | |
| echo "$FILES" | grep -qx 'package.json' && CODE_CHANGED=true | |
| echo "code_changed=$CODE_CHANGED" >> $GITHUB_OUTPUT | |
| - name: Skip when only test/docs/config changed | |
| if: steps.detect.outputs.code_changed != 'true' | |
| run: | | |
| echo "No release-affecting files changed (e.g. only test/docs). Skipping version-bump check." | |
| exit 0 | |
| - name: Fail when version bump was missed | |
| if: steps.detect.outputs.code_changed == 'true' && steps.detect.outputs.version_files_changed != 'true' | |
| run: | | |
| echo "::error::This PR has code changes but no version bump. Please bump the version in package.json and add an entry in CHANGELOG.md." | |
| exit 1 | |
| - name: Setup Node | |
| if: steps.detect.outputs.code_changed == 'true' && steps.detect.outputs.version_files_changed == 'true' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22.x' | |
| - name: Check version bump | |
| if: steps.detect.outputs.code_changed == 'true' && steps.detect.outputs.version_files_changed == 'true' | |
| run: | | |
| set -e | |
| PKG_VERSION=$(node -p "require('./package.json').version.replace(/^v/, '')") | |
| if [ -z "$PKG_VERSION" ]; then | |
| echo "::error::Could not read version from package.json" | |
| exit 1 | |
| fi | |
| git fetch --tags --force 2>/dev/null || true | |
| LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || true) | |
| if [ -z "$LATEST_TAG" ]; then | |
| echo "No existing tags found. Skipping version-bump check (first release)." | |
| exit 0 | |
| fi | |
| LATEST_VERSION="${LATEST_TAG#v}" | |
| LATEST_VERSION="${LATEST_VERSION%%-*}" | |
| if [ "$(printf '%s\n' "$LATEST_VERSION" "$PKG_VERSION" | sort -V | tail -1)" != "$PKG_VERSION" ]; then | |
| echo "::error::Version bump required: package.json version ($PKG_VERSION) is not greater than latest tag ($LATEST_TAG). Please bump the version in package.json." | |
| exit 1 | |
| fi | |
| if [ "$PKG_VERSION" = "$LATEST_VERSION" ]; then | |
| echo "::error::Version bump required: package.json version ($PKG_VERSION) equals latest tag ($LATEST_TAG). Please bump the version in package.json." | |
| exit 1 | |
| fi | |
| CHANGELOG_VERSION=$(sed -nE 's/^## \[v?([0-9]+\.[0-9]+\.[0-9]+).*/\1/p' CHANGELOG.md | head -1) |