Merge v4-beta to v4 (2026-05-28)#171
Merged
Merged
Conversation
New composite action `actions/changeset/check-coverage` that fails when a PR's changesets don't bump every workspace package the PR modifies. Catches the catalog-software gap (pnpm-workspace.yaml catalog version bumped without a matching changeset for the consuming workflow package). Wired into the existing `check-changesets` job in node-simple-pnpm.yaml as a `continue-on-error: true` step on PR / merge_group events. Emits `::error file=…,line=…::` annotations inline on the PR diff; never blocks merge.
TODO: REVERT before merging this PR — flip @feat/changeset-coverage-check back to @v4-beta. The action only lives on this branch right now; consumers pinning the workflow at this branch otherwise resolve the nested uses: against v4-beta and fail to find the action.
The over-broad sed in merge-beta.sh/fix-beta.sh flips @v4 → @v4-beta on every ref, including third-party actions. actions/checkout and aws-actions/configure-aws-credentials have no @v4-beta tag upstream, so the workflow fails to load when a consumer pins this branch. Only this file is fixed — the minimum needed to canary-test the new coverage check. The same bug affects 27 other files on v4-beta and needs a separate sed-scope fix in merge-beta.sh / fix-beta.sh.
Same pre-existing sed-scope bug as the previous commit, now hit in the composite actions check-changesets transitively calls. Restores actions/setup-node, pnpm/action-setup, and actions/cache to @v4.
…s suite Refactor check-coverage.sh (267 → 213 lines): - step 4a now uses `pnpm -r --filter '[origin/<base>]' list` instead of hand-rolled longest-prefix matching over the changed-files list and the manual ignore patterns. Root-level paths (.github/, docs/, README) aren't in any package directory, so pnpm's filter naturally excludes them. - step 4b parses pnpm-workspace.yaml structurally with yq (flat key=value pairs from both .catalog and .catalogs.*) instead of a line-level regex over the diff. Avoids the regex's false-positive surface — e.g. an unrelated `overrides.<name>` bump no longer spuriously requires catalog-consumer bumps. - workspace map is now built lazily, only when pnpm-workspace.yaml changed. - drops the `::error file=,line=::` per-file annotation plumbing. Devs land on .changeset/ when fixing this anyway; the summary block still names every missing package. Add bats suite under test/ with a minimal pnpm-workspace fixture and a CI workflow (0-test-changeset-coverage.yaml) that runs the suite on PRs that touch the action. 14 cases cover direct edits, catalog miss/hit/partial, private packages, structural-vs-regex catalog parsing, and the no- changesets corner.
Drop the workflow-self path from the trigger filter — the suite should only run when the action it tests actually changes. Add workflow_dispatch as a manual escape hatch for re-running after a workflow edit.
declare -A is bash 4+. macOS ships 3.2 at /bin/bash; without homebrew's bash earlier on PATH the script aborts at the first declare with a cryptic 'invalid option'. Detect at start and emit a useful error instead.
Note that ubuntu-latest runners ship bash 5+ — so the guard is a no-op in CI; it exists to help local runs on macOS, whose /bin/bash is still 3.2 and would otherwise produce a cryptic 'invalid option' error.
…ack to @v4-beta" This reverts commit bff4168.
- check-coverage.sh: tighten catalog detection to `startswith("catalog:")`
(was `startswith("catalog")`) — pnpm's protocol prefix is the literal
`catalog:`.
- node-simple-pnpm.yaml: add `!cancelled()` to the coverage-check
conditional so the step skips on cancelled jobs (manual cancel,
concurrency-group eviction) instead of burning runner minutes.
- test/helpers.bash: harden `_build_base_workspace` — `set -e` inside
the subshell, capture output to a log file, dump only on failure.
Without this, a silently failing `pnpm install` corrupts the base
workspace and every test then fails with a confusing error pointing
at the script under test, not the install.
- test/coverage.bats: three new tests.
- BASE_BRANCH input: production callers pass `v4` (or `master`),
not `main`. Five `origin/${BASE_BRANCH}` references in the script
could regress to hardcoded `main`; this guards against it.
- exit 2 on missing changeset binary: locks down the tooling-failure
contract distinct from exit 1 (coverage gap).
- named-catalog over-flagging: skip-marked, documents the deferred
bug from the PR body with a runnable fixture for the follow-up.
…e primary case The prior description led with the catalog-version gap, but the more common case the action catches is the simple one: edit files inside a workspace package, forget to add that package to the changeset. List both, with the direct-edit case first.
ci: add changeset coverage check
merge-beta.sh and fix-beta.sh perform a blanket sed flip of @v4 ↔ @v4-beta across action.yaml and .github/workflows/*.yaml. The intent is to keep self-references (milaboratory/github-ci/...) on the right ref for each branch. The sed pattern is too greedy: it also rewrites third-party action refs that happen to be pinned to @v4 — for example actions/checkout@v4 becomes actions/checkout@v4-beta, a tag that doesn't exist in the upstream repo. Symptom on v4-beta runs: Unable to resolve action `actions/checkout@v4-beta`, unable to find version `v4-beta` This blocks the `get run metadata` and `preflight (require-latest)` jobs in node-simple-pnpm.yaml and similar workflows, cascading skips into downstream jobs (`check for changesets`, `pre-build`, etc.). Caught while canary-testing PR #168 (changeset coverage check). This commit flips back, on v4-beta only, the 107 third-party refs that were incorrectly rewritten across 36 files. Affected action repos: actions/checkout (41 lines) aws-actions/configure-aws-credentials (24) actions/cache (13) actions/download-artifact (12) actions/upload-artifact (8, incl. one /merge subpath) actions/setup-java (3) actions/setup-node (2) pnpm/action-setup (1) azure/setup-kubectl (1) azure/setup-helm (1) milaboratory/github-ci/...@v4-beta self-refs are unchanged. Follow-up: the underlying sed scope in merge-beta.sh / fix-beta.sh should be tightened so this doesn't recur on the next promotion. Tracked separately.
The previous sed in merge-beta.sh and fix-beta.sh treated @v4 / @v4-beta as bare version tags. In practice they are git refs on a specific repo (milaboratory/github-ci), so the substitution must only fire when the preceding path is `milaboratory/github-ci/...`. Without that anchor the sed rewrites third-party action pins too (actions/checkout@v4, aws-actions/configure-aws-credentials@v4, pnpm/action-setup@v4, etc.), producing references like actions/checkout@v4-beta that do not exist upstream. The previous commit cleaned up the resulting corruption on v4-beta; this commit prevents recurrence. Both scripts now wrap the version pattern with a captured prefix: \(milaboratory/github-ci[^[:space:]@]*\)@v4... The character class excludes @ so the greedy match stops at the @ sign, leaving the version token to be matched and replaced. fix-beta.sh keeps its two-pattern form (end-of-line + whitespace boundary) to avoid the @v4 → @v4-beta-beta prefix collision; that guarantee is preserved. Verified with a fixture covering self-refs, third-party refs, mixed content, and the prefix-collision case. Both directions are idempotent. Also flips six lingering milaboratory/github-ci/.../@v4 self-refs in .github/workflows/node-simple-pnpm.yaml back to @v4-beta. These were left behind by a previous manual fixup attempt (5baba62 revert) and are exactly what the new fix-beta.sh sed produces when run against the current tree. Out of scope: actions/*/test-*.yaml files referenced by `act`-based unit tests. Those deliberately pin @v4 and are outside the find globs in both scripts.
fix: root-cause + cleanup for merge-beta/fix-beta sed-scope bug
check-coverage ran as a step with continue-on-error: true, so a gap exited 1 but the step was reported success — the gap showed only as an annotation on a green run, which reviewers miss. Move it to its own 'changeset coverage (diagnostic)' job: the step drops continue-on-error (a gap turns the job red), the job sets continue-on-error: true (run stays green, merge not blocked). The native 'changeset status' gate in check-changesets is unchanged. Only node-simple-pnpm.yaml uses check-coverage.
…age-diagnostic-job ci(changeset): make coverage gaps a visible non-blocking check
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge v4-beta into v4
Greptile Summary
This PR merges
v4-betaintov4, introducing a newchangeset/check-coveragecomposite action that verifies every modified workspace package has a corresponding changeset entry, plus afix-beta.shhelper and a hardened sed pattern inmerge-beta.sh.check-coverageaction + bats test suite: cross-checks direct workspace-package edits and catalog version bumps againstchangeset status, exiting 1 on a gap and 2 on tooling failure; known named-catalog discriminator limitation is documented with a skipped test.fix-beta.sh: re-syncsv4-betafromv4; the two-pattern sed may silently miss@v4refs followed by non-whitespace terminators.merge-beta.shfix: replaces blankets/@v4-beta/@v4/gwith a pattern anchored tomilaboratory/github-cipaths, preventing corruption of third-party action pins.Confidence Score: 4/5
Safe to merge; the new check-coverage action and its test suite are well-constructed, and the merge-beta.sh sed fix correctly scopes rewrites to self-refs.
The core new feature and the merge-beta.sh fix are solid. fix-beta.sh two-pattern sed silently skips @v4 refs followed by non-whitespace terminators, and find commands traverse node_modules without pruning — both low-risk in practice but latent correctness gaps in a developer-facing maintenance script.
fix-beta.sh — the sed anchoring approach and find traversal scope warrant a second look before this script is used in anger.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[check-coverage.sh] --> B[changeset status - get bumped packages] B --> C{status.json non-empty?} C -- No and no-changesets msg --> D[bumped set is empty] C -- No and other error --> E[exit 2 tooling failure] C -- Yes --> F[build bumped set from releases] D --> G F --> G[pnpm filter list - get direct-edit packages] G --> H{pnpm-workspace.yaml changed?} H -- Yes --> I[yq: extract changed catalog keys via symmetric diff] I --> J[scan package.json files for catalog consumers] J --> K[add consumers to required set] K --> L H -- No --> L[compare required set vs bumped set] L --> M{any missing?} M -- None --> N[exit 0 - all covered] M -- Some --> O[print error per missing package then exit 1]Prompt To Fix All With AI
Reviews (1): Last reviewed commit: "Merge v4-beta into v4" | Re-trigger Greptile