Skip to content

Merge v4-beta to v4 (2026-05-29) #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
PaulNewling wants to merge 2 commits into from
Closed

Merge v4-beta to v4 (2026-05-29) #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
047babc
Re-flip @v4 -> @v4-beta after merging v4
PaulNewling May 29, 2026
909b405
ci(changeset/check-coverage): ignore devDependency catalog bumps
PaulNewling May 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion actions/changeset/check-coverage/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ description: |
- editing files inside a workspace package (e.g. block code under
packages/<pkg>/) without adding that package to the changeset;
- bumping a catalog version in pnpm-workspace.yaml without a matching
bump for the workflow packages that consume it via `catalog:`.
bump for packages that consume it as a runtime dependency via
`catalog:` (devDependencies / build-only tooling are not flagged).

Runs after `pnpm install`. Requires the runner to have `pnpm`, `jq`, and
`yq` (mikefarah, v4+) on PATH — all pre-installed on GitHub-hosted
Expand Down
17 changes: 15 additions & 2 deletions actions/changeset/check-coverage/check-coverage.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,18 @@
# git-diff check itself.
#
# 2. Catalog version bumps in pnpm-workspace.yaml: for each touched
# catalog key, find workspace packages that consume it via
# catalog key, find workspace packages that consume it as a *runtime*
# dependency (`dependencies` or `peerDependencies`) via
# `"<key>": "catalog:..."` and require those packages to bump.
#
# devDependencies and optionalDependencies are intentionally NOT
# considered. A bump to build-only tooling (e.g. @platforma-sdk/block-tools
# in a block's model, @platforma-sdk/tengo-builder in its workflow) does
# not change the published artifact's runtime, and `pnpm changeset` does
# not flag those packages either. Requiring a bump for them produced
# false positives on PRs that only touched an unrelated package (e.g. the
# UI) but happened to carry a catalog bump for shared build tooling.
#
# Skips private (unpublished) workspace packages — they never appear in
# the changeset's release set.
#
Expand Down Expand Up @@ -186,8 +195,12 @@ if git diff --name-only "origin/${BASE_BRANCH}...HEAD" | grep -qx 'pnpm-workspac
[ "${pkg_is_private[${name}]:-false}" = 'true' ] && continue
pj="${pkg_name_to_dir[${name}]}/package.json"
[ -f "${pj}" ] || continue
# Runtime sections only. devDependencies/optionalDependencies are
# excluded on purpose — bumping build-only tooling consumed via
# `catalog:` (block-tools, tengo-builder, …) doesn't alter the
# published runtime, so requiring a release for it is a false positive.
if jq -e --arg k "${key}" '
[.dependencies?, .devDependencies?, .peerDependencies?, .optionalDependencies?]
[.dependencies?, .peerDependencies?]
Comment on lines +198 to +203
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 optionalDependencies are quietly dropped alongside devDependencies, but their semantics differ: optional deps are declared in the published package manifest and installed at runtime (when the platform supports them). The PR motivation and inline comment specifically call out build-only tooling under devDependencies; there is no matching justification for optionalDependencies, no test fixture covering that case, and the action.yaml description only mentions "devDependencies / build-only tooling are not flagged". A catalog bump for a dep used in optionalDependencies will now silently skip the consumer, which is the same false-negative the script is supposed to catch.

Suggested change
# Runtime sections only. devDependencies/optionalDependencies are
# excluded on purpose — bumping build-only tooling consumed via
# `catalog:` (block-tools, tengo-builder, …) doesn't alter the
# published runtime, so requiring a release for it is a false positive.
if jq -e --arg k "${key}" '
[.dependencies?, .devDependencies?, .peerDependencies?, .optionalDependencies?]
[.dependencies?, .peerDependencies?]
# Runtime sections only. devDependencies are excluded on purpose —
# bumping build-only tooling consumed via `catalog:` (block-tools,
# tengo-builder, …) doesn't alter the published runtime, so requiring
# a release for it is a false positive.
# optionalDependencies ARE runtime-facing (published in the manifest,
# installed on supported platforms), so they are included here.
if jq -e --arg k "${key}" '
[.dependencies?, .peerDependencies?, .optionalDependencies?]
Prompt To Fix With AI 
This is a comment left during a code review.
Path: actions/changeset/check-coverage/check-coverage.sh
Line: 198-203

Comment:
`optionalDependencies` are quietly dropped alongside `devDependencies`, but their semantics differ: optional deps are declared in the published package manifest and installed at runtime (when the platform supports them). The PR motivation and inline comment specifically call out build-only tooling under `devDependencies`; there is no matching justification for `optionalDependencies`, no test fixture covering that case, and the `action.yaml` description only mentions "devDependencies / build-only tooling are not flagged". A catalog bump for a dep used in `optionalDependencies` will now silently skip the consumer, which is the same false-negative the script is supposed to catch.

```suggestion
        # Runtime sections only. devDependencies are excluded on purpose —
        # bumping build-only tooling consumed via `catalog:` (block-tools,
        # tengo-builder, …) doesn't alter the published runtime, so requiring
        # a release for it is a false positive.
        # optionalDependencies ARE runtime-facing (published in the manifest,
        # installed on supported platforms), so they are included here.
        if jq -e --arg k "${key}" '
            [.dependencies?, .peerDependencies?, .optionalDependencies?]
```

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

| map(select(. != null) | to_entries) | add // []
| map(select(.key == $k and ((.value // "") | startswith("catalog:"))))
| length > 0
Expand Down
14 changes: 14 additions & 0 deletions actions/changeset/check-coverage/test/coverage.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,20 @@ setup() {
[ "${status}" -eq 0 ]
}

@test "catalog bump consumed only as a devDependency does not flag the consumer" {
# is-string is a runtime dependency of pkg-c but only a devDependency of
# pkg-dev. Bumping it must still flag pkg-c (runtime) yet leave pkg-dev
# alone — mirrors a block whose build-tool catalog dep (block-tools /
# tengo-builder, both devDependencies) bumped without the package itself
# being touched. Before the runtime-only scoping this spuriously flagged
# pkg-dev.
bump_catalog 'is-string' '^1.0.8'
run_check
[ "${status}" -eq 1 ]
[[ "${output}" == *'@check-coverage-test/pkg-c'* ]]
[[ "${output}" != *'@check-coverage-test/pkg-dev'* ]]
}

# ---------------------------------------------------------------------------
# Empty-changeset corner case.
# ---------------------------------------------------------------------------
Expand Down
3 changes: 3 additions & 0 deletions actions/changeset/check-coverage/test/fixtures/minimal-workspace/packages/pkg-dev/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
// Consumes is-string only as a devDependency (build-tooling stand-in).
// A catalog bump for is-string must not require this package to be released.
module.exports = {};
8 changes: 8 additions & 0 deletions ...ns/changeset/check-coverage/test/fixtures/minimal-workspace/packages/pkg-dev/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"name": "@check-coverage-test/pkg-dev",
"version": "1.0.0",
"main": "index.js",
"devDependencies": {
"is-string": "catalog:"
}
}
Loading