chore(ci): add announcement #480

amir78729 · 2025-05-06T18:01:27Z

No description provided.

.github/workflows/release.yml

+    name: 🚀 Prepare and Deploy Documentation
    needs: changesets
    if: needs.changesets.outputs.published == 'true'
    uses: ./.github/workflows/gh-pages.yml
+
+  announcement:


To fix the issue, we need to add a permissions block to the deploy-docs job in the .github/workflows/release.yml file. The permissions should be set to the minimum required for the job to function correctly. Since the job uses a reusable workflow (gh-pages.yml), we should assume it only needs contents: read unless additional permissions are explicitly required by the reusable workflow.

.github/workflows/release.yml

+    name: 📣 Announce Release
+    needs: changesets
+    if: needs.changesets.outputs.published == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🔍 Fetch latest merged PR via GitHub API
+        id: fetch_pr
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+        run: |
+          curl -s -H "Authorization: token $GH_TOKEN" \
+            "https://api.github.com/repos/$REPO/pulls?state=closed&base=main&sort=updated&direction=desc&per_page=1" \
+            -o pr.json
+
+          PR_NUMBER=$(grep '"number":' pr.json | head -n 1 | awk '{print $2}' | tr -d ',')
+          PR_TITLE=$(grep '"title":' pr.json | head -n 1 | cut -d ':' -f2- | sed 's/^ "//;s/",$//')
+          PR_URL=$(grep '"html_url":' pr.json | head -n 1 | cut -d '"' -f4)
+          PR_BODY=$(awk -F'"body": "' '{print $2}' pr.json | sed 's/",$//')
+
+          echo "$PR_BODY" > pr_body.md
+
+          echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
+          echo "PR_TITLE=$PR_TITLE" >> $GITHUB_ENV
+          echo "PR_URL=$PR_URL" >> $GITHUB_ENV
+
+      - name: 📦 Extract released packages
+        id: extract
+        run: |
+          REPO="https://github.com/${{ github.repository }}"
+          sed 's/\\r\\n/\n/g; s/\\n/\n/g' pr_body.md > pr_body_cleaned.md
+          grep -E '^\s*##\s+@' pr_body_cleaned.md | sed -E 's/^\s*##\s+//' > packages.txt
+
+          if [ -s packages.txt ]; then
+            while read -r line; do
+              ENCODED_TAG=$(printf "%s" "$line" | jq -sRr @uri)
+              echo "  • <a href=\"$REPO/releases/tag/$ENCODED_TAG\">$line</a>"
+            done < packages.txt > release_links.html
+          else
+            echo "  • No packages found." > release_links.html
+          fi
+
+          {
+            echo "RELEASE_LINKS<<EOF"
+            cat release_links.html
+            echo "EOF"
+          } >> "$GITHUB_ENV"
+
+      - name: 💬 Send Telegram Message
+        continue-on-error: true
+        uses: appleboy/telegram-action@master
+        with:
+          to: ${{ secrets.TELEGRAM_TO }}
+          token: ${{ secrets.TELEGRAM_TOKEN }}
+          format: html
+          message: |
+            🚀 <b><a href="https://github.com/${{ github.repository }}">${{ github.repository }}</a></b> released:
+            ${{ env.RELEASE_LINKS }}
+
+            🔗 PR: <a href="${{ env.PR_URL }}"><b>${{ env.PR_TITLE }}</b> #${{ env.PR_NUMBER }}</a>
+
+      - name: 💬 Send Slack Message
+        continue-on-error: true
+        uses: slackapi/slack-github-action@v2.0.0
+        with:
+          method: chat.postMessage
+          token: ${{ secrets.SLACK_BOT_TOKEN }}
+          payload: |
+            channel: ${{ secrets.SLACK_CHANNEL_ID }}
+            text: "🚀 ${GITHUB_REPOSITORY} released"
+            blocks:
+              - type: section
+                text:
+                  type: mrkdwn
+                  text: |
+                    *🚀 <https://github.com/${{ github.repository }}|${{ github.repository }}>* released:
+                    ${{ env.RELEASE_LINKS }}
+
+                    🔗 PR: <${{ env.PR_URL }}|${{ env.PR_TITLE }}> (#${{ env.PR_NUMBER }})


To fix the issue, we need to add a permissions block to the 📣 Announce Release job. This block should explicitly define the minimal permissions required for the job. Based on the job's steps:

The contents: read permission is needed to fetch repository data via the GitHub API.

No write permissions are required since the job does not modify the repository.

The permissions block will be added under the 📣 Announce Release job definition.

chore(ci): add announcement

7d4cd8a

amir78729 requested a review from mimshins May 6, 2025 18:01

amir78729 self-assigned this May 6, 2025

amir78729 added the automation Making change in Github actions label May 6, 2025

github-advanced-security bot found potential problems May 6, 2025

View reviewed changes

github-actions bot assigned mimshins May 6, 2025

mimshins closed this May 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(ci): add announcement #480

chore(ci): add announcement #480

amir78729 commented May 6, 2025

Check warning

Copilot Autofix

Check warning

Copilot Autofix

@@ -61,2 +61,4 @@
                 if: needs.changesets.outputs.published == 'true'
+                permissions:
+                  contents: read
                 uses: ./.github/workflows/gh-pages.yml

chore(ci): add announcement #480

chore(ci): add announcement #480

Conversation

amir78729 commented May 6, 2025

Check warning

Copilot Autofix

Check warning

Copilot Autofix