ci: add auto-release composite action #26
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add reusable composite action for parsing CHANGELOG.md and creating GitHub releases automatically. This centralizes release logic across all wuji-technology repositories. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
Walkthrough新增复合 GitHub Action: Changes
Sequence Diagram(s)sequenceDiagram
participant Runner as Runner
participant FS as 文件系统 (CHANGELOG)
participant Tag as Git Ref (refs/tags)
participant GHAPI as GitHub API
Runner->>FS: 读取 `CHANGELOG.md`
Runner->>Tag: 读取当前 tag(refs/tags/...)
Runner->>Runner: 解析 CHANGELOG,按类别构建 release body 与版本
Runner->>GHAPI: 查询是否存在 Release(by tag)
alt Release 存在
Runner->>GHAPI: 更新已有 Release(upsert:update)
else Release 不存在
Runner->>GHAPI: 创建新 Release(upsert:create,使用 draft/prerelease)
end
GHAPI-->>Runner: 返回 `release-url`
Runner-->>Workflow: 输出 `version`, `release-url`, `body`, `tag`
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@actions/auto-release/action.yml`:
- Around line 80-84: The RELEASE_URL shell invocation embeds
steps.parse.outputs.body directly which risks command injection; change the
workflow to pass the parsed body via an environment variable or a temp file
instead of inline interpolation, then have the RELEASE_URL command (the gh
release create invocation) read the release notes from that env var or from
--notes-file and quote it safely (e.g., reference $NOTES or the temp file) so
special characters from steps.parse.outputs.body are not interpreted by the
shell; update the action.yml step that defines RELEASE_URL and the step that
sets NOTES (or creates the temp file) accordingly.
🧹 Nitpick comments (4)
actions/auto-release/action.yml (3)
44-49: heredoc 分隔符EOF存在潜在冲突风险如果 CHANGELOG 内容中恰好包含独立的
EOF行,会导致 body 输出被截断。建议使用更独特的分隔符。♻️ 建议的修复
- { - echo "body<<EOF" - echo "$BODY" - echo "EOF" - } >> $GITHUB_OUTPUT + { + echo "body<<CHANGELOG_BODY_EOF_MARKER" + echo "$BODY" + echo "CHANGELOG_BODY_EOF_MARKER" + } >> $GITHUB_OUTPUT
36-38: 建议通过环境变量传递changelog-path输入与
body的问题类似,inputs.changelog-path直接插值到 shell 中。虽然风险较低(通常是简单路径),但为保持一致性和安全性,建议统一使用环境变量传递。♻️ 建议的修复
- name: Parse CHANGELOG id: parse shell: bash + env: + CHANGELOG_PATH: ${{ inputs.changelog-path }} run: | - CHANGELOG="${{ inputs.changelog-path }}" + CHANGELOG="$CHANGELOG_PATH" VERSION=$(grep -m1 -oP '## \[?\K[0-9]+\.[0-9]+\.[0-9]+' "$CHANGELOG" || echo "")
38-38: 版本号正则表达式不支持预发布版本格式当前正则
[0-9]+\.[0-9]+\.[0-9]+只匹配标准的major.minor.patch格式,不支持1.0.0-beta.1或1.0.0-rc.1等预发布版本号。如果需要支持此类格式,可以扩展正则表达式。
♻️ 支持预发布版本的正则(可选)
- VERSION=$(grep -m1 -oP '## \[?\K[0-9]+\.[0-9]+\.[0-9]+' "$CHANGELOG" || echo "") + VERSION=$(grep -m1 -oP '## \[?\K[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?' "$CHANGELOG" || echo "")actions/auto-release/README.md (1)
46-58: 建议补充说明支持的版本头格式根据
action.yml中的正则表达式## \[?\K[0-9]+\.[0-9]+\.[0-9]+,action 同时支持带方括号和不带方括号的版本头格式:
## [1.0.0] - 2026-01-27✓## 1.0.0 - 2026-01-27✓可以在文档中补充说明这两种格式都支持。
- Add category mapping (Added→New Features, etc.) - Add CAUTION block for Removed/Deprecated/Security - Add Full Changelog link generation - Add Upsert mode (update existing release) - Add pre-release version support (e.g., 1.0.0-rc4) - Add CRLF compatibility - Add Chinese category support - Update README with complete documentation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@actions/auto-release/action.yml`:
- Around line 55-58: The code assumes context.ref is a tag and strips
'refs/tags/' without validation; update the logic around context.ref, tag and
version to first check that context.ref startsWith('refs/tags/'), and if not,
log a clear message and stop processing (throw or exit) to avoid downstream
cryptic errors; keep the existing tag/version extraction (const tag =
context.ref.replace('refs/tags/', ''); const version = tag.replace(/^v/, ''))
but only execute them after the validation so non-tag triggers are rejected
early.
Add outputs for downstream steps: - body: parsed release notes for syncing to other repos - tag: git tag name for uploading assets Update README with advanced usage examples: - Upload release assets with gh release upload - Sync release to other repositories Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@actions/auto-release/action.yml`:
- Around line 140-149: The Full Changelog link hardcodes a "v" prefix (using
`v${prevVersion}`) which breaks repos that use tags without a "v"; update the
link construction in the block that computes allVersions, versionIndex and
prevVersion so it respects the actual tag format: detect whether the current
`tag` starts with "v" and only prefix `prevVersion` with "v" in that case (e.g.
build prevTag = tag.startsWith('v') ? `v${prevVersion}` : prevVersion), then use
`${prevTag}...${tag}` for the compare URL and label instead of always using
`v${prevVersion}`.
Validate that the action is triggered by a tag push event. Fail early with clear error message if triggered by other refs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fail early if tag doesn't start with "v" to ensure consistent Full Changelog links. Provides clear error message explaining the required format (e.g., v1.0.0, v1.0.0-rc1). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
chenjunnn
approved these changes
Jan 28, 2026
This was referenced Jan 29, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
文件变更
actions/auto-release/action.yml- Composite Action 定义actions/auto-release/README.md- 使用说明文档使用方式
业务仓库只需 3 行引用:
Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit
发布说明
新功能
文档
✏️ Tip: You can customize this high-level summary in your review settings.