refactor: replace inline bash with node script in generate-changeset workflow#861
Merged
binoy14 merged 6 commits intochore/auto-changeset-from-prfrom Apr 1, 2026
Merged
Conversation
|
Claude finished @binoy14's task in 1m 49s —— View job Review
Two issues worth fixing: 1.
// current
if (status === 0) {
console.log('No changes to changeset file')
process.exit(0)
}
// fix
if (status !== 1) {
// status 0 = no diff, null = signal-killed; either way don't commit
console.log('No changes to changeset file')
process.exit(status ?? 1)
}2. Without git('config', '--local', 'user.name', 'ecospark[bot]')
git('config', '--local', 'user.email', 'ecospark[bot]@users.noreply.github.com') |
Contributor
📦 Bundle Stats —
|
| Metric | Value | vs chore/auto-changeset-from-pr (22b23d0) | vs v6.3.1 |
|---|---|---|---|
| Internal (raw) | 2.1 KB | - | - |
| Internal (gzip) | 799 B | - | - |
| Bundled (raw) | 10.95 MB | - | +9.01 MB, +464.9% |
| Bundled (gzip) | 2.06 MB | - | +1.58 MB, +331.9% |
| Import time | 876ms | +16ms, +1.9% | +33ms, +3.9% |
bin:sanity
| Metric | Value | vs chore/auto-changeset-from-pr (22b23d0) | vs v6.3.1 |
|---|---|---|---|
| Internal (raw) | 975 B | - | - |
| Internal (gzip) | 460 B | - | - |
| Bundled (raw) | 9.84 MB | - | +9.13 MB, +1287.6% |
| Bundled (gzip) | 1.77 MB | - | +1.60 MB, +940.8% |
| Import time | 2.06s | +40ms, +2.0% | +1.14s, +122.7% |
🗺️ View treemap · Artifacts
Details
- Import time regressions over 10% are flagged with
⚠️ - Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.
📦 Bundle Stats — @sanity/cli-core
Compared against chore/auto-changeset-from-pr (22b23d00) · v1.3.0 (npm)
| Metric | Value | vs chore/auto-changeset-from-pr (22b23d0) | vs v1.3.0 |
|---|---|---|---|
| Internal (raw) | 92.3 KB | - | +93 B, +0.1% |
| Internal (gzip) | 21.6 KB | - | +28 B, +0.1% |
| Bundled (raw) | 21.53 MB | - | +9.02 MB, +72.0% |
| Bundled (gzip) | 3.41 MB | - | +1.58 MB, +85.9% |
| Import time | 830ms | +10ms, +1.2% | +45ms, +5.7% |
🗺️ View treemap · Artifacts
Details
- Import time regressions over 10% are flagged with
⚠️ - Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Contributor
Coverage DeltaNo covered files changed in this PR. Overall Coverage
|
binoy14
force-pushed
the
chore/auto-changeset-from-pr
branch
from
f0c23cb to
22b23d0
Compare
binoy14
force-pushed
the
chore/generate-changeset-node-script
branch
from
10246fc to
c0dff4b
Compare
…workflow Move the changeset generation logic from an inline bash script to .github/scripts/generate-changeset.mjs for readability and maintainability. Add setup-node step with Node 24. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Wrap readdirSync('packages') with existsSync check
- Remove GITHUB_REPOSITORY from workflow env block (already a default
GitHub Actions env var)
- Remove it from the required env var check accordingly
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sparse-checkout the script from the base branch so that fork PRs cannot replace generate-changeset.mjs to exfiltrate the token. Also replace try/catch control flow with spawnSync exit code check for the git diff --cached --quiet guard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace all execSync calls with execFileSync argument arrays to avoid shell interpretation of untrusted input (PR_REPO is fork-controlled). Also restore GITHUB_REPOSITORY validation and remove unused scope field. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
spawnSync returns status: null when killed by a signal. The previous check (status === 0) would fall through to git commit in that case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
binoy14
force-pushed
the
chore/generate-changeset-node-script
branch
from
c0dff4b to
ee25bcf
Compare
binoy14
force-pushed
the
chore/auto-changeset-from-pr
branch
from
22b23d0 to
ee14154
Compare
Contributor
Coverage DeltaNo covered files changed in this PR. Overall Coverage
|
joshuaellis
approved these changes
Apr 1, 2026
Member
|
nice. |
binoy14
added a commit
that referenced
this pull request
Apr 8, 2026
* feat: auto-generate changesets from PR descriptions chore: replace release-please with changesets * fix: allow renovate to rebase PRs with auto-generated changesets Add ecospark[bot] to gitIgnoredAuthors so Renovate doesn't treat changeset commits as foreign modifications that block rebasing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: replace inline bash with node script in generate-changeset workflow (#861) * refactor: replace inline bash with node script in generate-changeset workflow Move the changeset generation logic from an inline bash script to .github/scripts/generate-changeset.mjs for readability and maintainability. Add setup-node step with Node 24. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address PR review feedback - Lazy git configuration: only write token to .git/config when actually pushing, not on early-exit paths - Auto-discover scoped package dirs under packages/ instead of hardcoding @sanity and @repo Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: guard readdirSync and drop redundant GITHUB_REPOSITORY env - Wrap readdirSync('packages') with existsSync check - Remove GITHUB_REPOSITORY from workflow env block (already a default GitHub Actions env var) - Remove it from the required env var check accordingly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: prevent fork code execution with pull_request_target Sparse-checkout the script from the base branch so that fork PRs cannot replace generate-changeset.mjs to exfiltrate the token. Also replace try/catch control flow with spawnSync exit code check for the git diff --cached --quiet guard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: eliminate shell injection by using execFileSync Replace all execSync calls with execFileSync argument arrays to avoid shell interpretation of untrusted input (PR_REPO is fork-controlled). Also restore GITHUB_REPOSITORY validation and remove unused scope field. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: handle signal-killed status in spawnSync diff check spawnSync returns status: null when killed by a signal. The previous check (status === 0) would fall through to git commit in that case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Binoy Patel <me@binoy.io> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
joshuaellis
added a commit
that referenced
this pull request
Apr 9, 2026
* feat: auto-generate changesets from PR descriptions chore: replace release-please with changesets * fix: allow renovate to rebase PRs with auto-generated changesets Add ecospark[bot] to gitIgnoredAuthors so Renovate doesn't treat changeset commits as foreign modifications that block rebasing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: replace inline bash with node script in generate-changeset workflow (#861) * refactor: replace inline bash with node script in generate-changeset workflow Move the changeset generation logic from an inline bash script to .github/scripts/generate-changeset.mjs for readability and maintainability. Add setup-node step with Node 24. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address PR review feedback - Lazy git configuration: only write token to .git/config when actually pushing, not on early-exit paths - Auto-discover scoped package dirs under packages/ instead of hardcoding @sanity and @repo Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: guard readdirSync and drop redundant GITHUB_REPOSITORY env - Wrap readdirSync('packages') with existsSync check - Remove GITHUB_REPOSITORY from workflow env block (already a default GitHub Actions env var) - Remove it from the required env var check accordingly Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: prevent fork code execution with pull_request_target Sparse-checkout the script from the base branch so that fork PRs cannot replace generate-changeset.mjs to exfiltrate the token. Also replace try/catch control flow with spawnSync exit code check for the git diff --cached --quiet guard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: eliminate shell injection by using execFileSync Replace all execSync calls with execFileSync argument arrays to avoid shell interpretation of untrusted input (PR_REPO is fork-controlled). Also restore GITHUB_REPOSITORY validation and remove unused scope field. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: handle signal-killed status in spawnSync diff check spawnSync returns status: null when killed by a signal. The previous check (status === 0) would fall through to git commit in that case. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Binoy Patel <me@binoy.io> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/scripts/generate-changeset.mjssetup-nodestep with Node 24Test plan
chore:)🤖 Generated with Claude Code