Skip to content

Kloet/release single #3997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

Kloet/release single #3997

wants to merge 12 commits into from

Conversation

dskloetc
Copy link
Contributor

@dskloetc dskloetc commented Sep 4, 2025

Closes #ISSUE_NUMBER_GOES_HERE

Description

......

Changes

  • High level
  • changes that
  • you made

Steps to Test

  1. Steps
  2. to
  3. test

Quality Assurance

  • If a new adapter was made, or an existing one was modified so that its environment variables have changed, update the relevant infra-k8s configuration file.
  • If a new adapter was made, or an existing one was modified so that its environment variables have changed, update the relevant adapter-secrets configuration file or update the soak testing blacklist.
  • If a new adapter was made, or a new endpoint was added, update the test-payload.json file with relevant requests.
  • The branch naming follows git flow (feature/x, chore/x, release/x, hotfix/x, fix/x) or is created from Jira.
  • This is related to a maximum of one Jira story or GitHub issue.
  • Types are safe (avoid TypeScript/TSLint features like any and disable, instead use more specific types).
  • All code changes have 100% unit and integration test coverage. If testing is not applicable or too difficult to justify doing, the reasoning should be documented explicitly in the PR.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 4, 2025

🦋 Changeset detected

Latest commit: d66886c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages
Name Type
@chainlink/token-balance-adapter Minor
@chainlink/aleno-adapter Minor
@chainlink/proof-of-reserves-adapter Patch
@chainlink/renvm-address-set-adapter Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2025
View reviewed changes
.github/workflows/release-individual.yml
Comment on lines +14 to +102
name: Upsert Release PR
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UPSTREAM_BRANCH: 'main'
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
fetch-depth: 0
# We install only the changesets tool so we can do the mock changesets before installing dependencies,
# as the setup action will only build the files relevant to the changed adapters
- name: Install changesets tool
run: |
yarn add @changesets/cli@$(jq -r '.devDependencies."@changesets/cli"' package.json)
- name: Configure git
shell: bash
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Set CHANGESET_IGNORE_ARGS env var
run: |
CHANGESET_IGNORE_ARGS="$(.github/scripts/packages-to-ignore.sh ${{ github.event.inputs.adapters }} | sed -e 's/^/--ignore /' | tr '\n' ' ')"
echo "$CHANGESET_IGNORE_ARGS"
echo "CHANGESET_IGNORE_ARGS=$CHANGESET_IGNORE_ARGS" >> $GITHUB_ENV
cat $GITHUB_ENV
- name: Temporarily calculate changesets to generate readmes with proper versions
run: |
# Get from output of previous step:
PACKAGES_TO_IGNORE="${{ env.packages_to_ignore }}"
yarn changeset version $CHANGESET_IGNORE_ARGS
git add -A
git commit -m "Changesets mock"
- name: Set up and install dependencies
uses: ./.github/actions/setup
with:
build-all: 'true'
- name: Increase monorepo version
run: |
BUMPED_VERSION=$(jq -r '.version | split(".")[1] | tonumber | . + 1 | tostring | "1." + . + ".0"' package.json)
jq ".version = \"$BUMPED_VERSION\"" package.json > package.tmp.json
mv package.tmp.json package.json
echo "BUMPED_VERSION=$BUMPED_VERSION" >> $GITHUB_ENV
- name: Generate documentation
run: |
yarn generate:master-list -v
yarn generate:readme -v
- name: Undo temporary changesets and commit docs
run: |
git stash
git reset HEAD^ --hard
git stash pop
- name: Commit docs
run: |
git add MASTERLIST.md
git add "*README.md"
yarn lint-staged
- name: Stash changes for changesets action to pick up in custom script
run: |
git stash
- name: Create Release Pull Request
uses: smartcontractkit/.github/actions/signed-commits@4b7aa1d5b60f0d5704400a1d2b192905ad386e6c # changesets-signed-commits@1.2.4
with:
# This version command is not only necessary because of yarn pnp, but because the changeset action
# performs git resets and we want to keep those changes, so we stash and then pop them here.
# All the previous steps would technically make more sense in the script itself, but we
# keep them as separate ones so it's easier to see them from the github UI to debug.
version: ./.github/scripts/run-changesets.sh ${{ env.CHANGESET_IGNORE_ARGS }}
title: 'testing Release ${{ env.BUMPED_VERSION }}'
commit: 'testing Release ${{ env.BUMPED_VERSION }}'
- name: Tag changesets commit
run: |
# Delete the tags if they already exist (ignore errors if they don't)
#git tag -d "v$BUMPED_VERSION" || true
#git push --delete origin "v$BUMPED_VERSION" || true
#git tag "v$BUMPED_VERSION"
#git push origin "v$BUMPED_VERSION"
# Because the workflows won't run and we technically don't need them for this autogenerated PR,
# we manually skip all the required checks by using the GitHub API directly.
- name: Skip required checks manually
run: |
COMMIT_SHA=$(git rev-parse HEAD)
./.github/scripts/skip-check.sh $COMMIT_SHA "Adapter changes accompanied by a changeset"
./.github/scripts/skip-check.sh $COMMIT_SHA "Documentation generation test"
./.github/scripts/skip-check.sh $COMMIT_SHA "Install and verify dependencies"
./.github/scripts/skip-check.sh $COMMIT_SHA "Run integration tests for changed adapters"
./.github/scripts/skip-check.sh $COMMIT_SHA "Run linters and formatters"
./.github/scripts/skip-check.sh $COMMIT_SHA "Run unit tests for changed adapters"

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 11 days ago

To fix this issue, add a permissions block specifying the minimal required permissions for the job or workflow. The block can be added either at the workflow level (top-level, before jobs:) to apply to all jobs, or within each individual job if some jobs need broader permissions than others. For this workflow, since all operations are within a single job (consume-changesets), add the block to that job. As a minimum, set contents: write since the job performs git commits and push operations, and may require write access to repository contents. If the job interacts with issues or pull requests (as seems likely due to the creation of release PRs), also consider pull-requests: write. If only reading contents is required, specify contents: read. Adjust permissions according to the tasks performed—here, contents: write and pull-requests: write are suitable starting points.

Specifically:

  • Edit .github/workflows/release-individual.yml, in the jobs.consume-changesets block (preferably immediately below name: Upsert Release PR, but any location within the job is valid).
  • Add: 
      permissions:
    contents: write
    pull-requests: write
  • No imports or definitions needed beyond standard GitHub Actions YAML.
  • No other file changes are required.
Suggested changeset 1
.github/workflows/release-individual.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/release-individual.yml b/.github/workflows/release-individual.yml
--- a/.github/workflows/release-individual.yml
+++ b/.github/workflows/release-individual.yml
@@ -12,6 +12,9 @@
 jobs:
   consume-changesets:
     name: Upsert Release PR
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
EOF
@@ -12,6 +12,9 @@
jobs:
consume-changesets:
name: Upsert Release PR
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dskloetc