Skip to content

Comments

feat: add changelog to GitHub release notes#458

Merged
stack72 merged 1 commit intomainfrom
i0
Feb 25, 2026
Merged

feat: add changelog to GitHub release notes#458
stack72 merged 1 commit intomainfrom
i0

Conversation

@stack72
Copy link
Contributor

@stack72 stack72 commented Feb 24, 2026

Summary

  • Add PR title and body as a "What's Changed" section to GitHub release notes
  • Previously releases only had static installation instructions with no indication of what changed

Context

Each release is triggered by a single merged PR, but the release notes contained only download/install instructions. Users browsing releases had no way to see what actually changed without clicking through to the commit or PR.

This adds a "Generate release body" step that:

  • Extracts the PR title and body from the github.event.pull_request context
  • Writes them into a "What's Changed" section at the top of the release notes
  • Uses env: variables and printenv to safely handle PR content containing shell-unsafe characters (backticks, $(), quotes, etc.)
  • Falls back to the HEAD commit message for manual workflow_dispatch runs
  • Keeps installation instructions below a --- separator

Test plan

  • Merge this PR and verify the resulting GitHub release includes the PR title and body in the release notes
  • Verify installation instructions still render correctly below the separator

🤖 Generated with Claude Code

Previously, GitHub releases only contained static installation
instructions with no indication of what changed. Since each release
corresponds to a single merged PR, we now include the PR title and
body as a "What's Changed" section at the top of the release notes.

Changes:
- Add "Generate release body" step that builds release notes from
  the merged PR title and body
- Use env vars and printenv for safe handling of PR content that
  may contain shell-unsafe characters (backticks, $, quotes)
- Fall back to HEAD commit message for manual workflow_dispatch runs
- Keep installation instructions below a separator
- Use body_path instead of inline body for the release action

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Approved ✓

This PR cleanly adds changelog information to GitHub release notes. The implementation is well-structured and handles the key security concerns properly.

No Blocking Issues

The PR correctly uses env: variables and printenv to safely handle PR content containing shell-unsafe characters (backticks, $(), quotes, etc.). Edge cases for empty content and manual workflow triggers are handled appropriately.

Suggestion (non-blocking)

Line 107 - Consistency with special character handling:
For the workflow_dispatch fallback path, echo "$COMMIT_BODY" could be made consistent with the safer printenv approach used for PR content by using a heredoc:

cat >> /tmp/release_body.md <<EOF
$COMMIT_BODY
EOF

This is very low risk since commit data comes from trusted repo maintainers, so it's not a blocking concern.


The implementation correctly:

  • Extracts PR title/body via environment variables (safe from injection)
  • Falls back to git commit message for manual triggers
  • Preserves installation instructions below the changelog
  • Uses body_path for cleaner release action configuration

LGTM 👍

Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Approved ✓

This PR correctly adds PR title and body as a "What's Changed" section to GitHub release notes.

Security ✓

The PR properly handles shell-unsafe characters in PR content by:

  • Using env: block to pass PR content as environment variables
  • Using printenv PR_BODY for safe output without shell interpretation
  • Properly quoting variable references

Code Quality ✓

  • Logic correctly handles both pull_request and workflow_dispatch events
  • Fallback to git commit message for manual triggers works well

Suggestion (non-blocking)

Line 107 uses echo "$COMMIT_BODY" while line 100 uses printenv PR_BODY. For consistency, could use printf '%s\n' "$COMMIT_BODY" - though this is low risk since commit bodies come from trusted git history.

LGTM! 🤖

@stack72 stack72 merged commit 4f9112e into main Feb 25, 2026
4 checks passed
@stack72 stack72 deleted the i0 branch February 25, 2026 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant