Skip to content
Release Plan Review

chore(deps-dev): Bump rollup from 4.30.0 to 4.30.1 in the security group #536

Sign in to view logs

chore(deps-dev): Bump rollup from 4.30.0 to 4.30.1 in the security group

chore(deps-dev): Bump rollup from 4.30.0 to 4.30.1 in the security group #536

Workflow file for this run

.github/workflows/plan-release.yml at 27b1cd4
name: Release Plan Review
on:
push:
branches:
- main
pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
types:
- labeled
- unlabeled
concurrency:
group: plan-release # only the latest one of these should ever be running
cancel-in-progress: true
jobs:
check-plan:
name: 'Check Release Plan'
runs-on: ubuntu-latest
outputs:
command: ${{ steps.check-release.outputs.command }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: 'main'
# This will only cause the `check-plan` job to have a "command" of `release`
# when the .release-plan.json file was changed on the last commit.
- id: check-release
run: if git diff --name-only HEAD HEAD~1 | grep -w -q ".release-plan.json"; then echo "command=release"; fi >> $GITHUB_OUTPUT
prepare_release_notes:
name: Prepare Release Notes
runs-on: ubuntu-latest
timeout-minutes: 5
needs: check-plan
permissions:
contents: write
issues: read
pull-requests: write
outputs:
explanation: ${{ steps.explanation.outputs.text }}
# only run on push event if plan wasn't updated (don't create a release plan when we're releasing)
# only run on labeled event if the PR has already been merged
if: (github.event_name == 'push' && needs.check-plan.outputs.command != 'release') || (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true)
steps:
- uses: actions/checkout@v4
# We need to download lots of history so that
# github-changelog can discover what's changed since the last release
with:
fetch-depth: 0
ref: 'main'
- uses: actions/setup-node@v4
with:
node-version: 20
- name: Restore dependency cache
id: cache
uses: actions/cache/restore@v4
with:
path: ~/.local/share/pnpm/store
key: node-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
node-
- uses: pnpm/action-setup@v4
with:
version: 9
- run: pnpm install --frozen-lockfile
- name: 'Generate Explanation and Prep Changelogs'
id: explanation
run: |
set +e
pnpm release-plan prepare 2> >(tee -a release-plan-stderr.txt >&2)
if [ $? -ne 0 ]; then
echo 'text<<EOF' >> $GITHUB_OUTPUT
cat release-plan-stderr.txt >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
else
echo 'text<<EOF' >> $GITHUB_OUTPUT
jq .description .release-plan.json -r >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
rm release-plan-stderr.txt
fi
env:
GITHUB_AUTH: ${{ secrets.RELEASE_PLAN_GH_TOKEN }}
- name: Generate commit message
run: node .github/release-commit-message.js >> "$GITHUB_OUTPUT"
id: commit-message
- name: Generate Access Token
uses: tibdex/github-app-token@v2
id: generate-token
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
- uses: peter-evans/create-pull-request@v6
with:
commit-message: ${{ steps.commit-message.outputs.COMMIT_MESSAGE }}
labels: 'internal'
branch: release-preview
draft: true
title: ${{ steps.commit-message.outputs.COMMIT_MESSAGE }}
token: ${{ steps.generate-token.outputs.token }}
body: |
Merging this PR will create a GitHub release and publish the package(s) to npm.
This is a preview of the release that [release-plan](https://github.com/embroider-build/release-plan) has prepared:
-----------------------------------------
${{ steps.explanation.outputs.text }}
- name: Save dependency cache
uses: actions/cache/save@v4
if: always() && steps.cache.outputs.cache-hit != 'true'
with:
path: ~/.local/share/pnpm/store
key: node-${{ hashFiles('**/pnpm-lock.yaml') }}