![Introducing Enhanced Alert Actions and Triage Functionality](https://cdn.sanity.io/images/cgdhsj6q/production/fe71306d515f85de6139b46745ea7180362324f0-2530x946.png?w=800&fit=max&auto=format)
Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
@auto-canary/auto
Advanced tools
Readme
auto
is a tool designed to seamlessly automate the release workflow.
It is powered by semantic version labels on pull requests.
This approach does not require you to change your code or make any drastic changes to your current workflow.
While intended to run in a continuous integration (CI) environment, all auto
commands can run locally as well.
auto
is distributed through npm, but you can use it with a variety of package management platforms.
npm install auto
For auto
installation in non-npm
environments follow these instructions.
Getting started with auto
is super easy.
If your project is already published or has releases then you need to make sure that your last release is tagged and that it's the Latest Release
on GitHub.
To tag your last release find the last commit where you bumped the version and run the following commands with your version number.
git tag v1.2.3
git push --tags
Then on GitHub go to your project's releases and click Draft a new release
.
In the Tag version
field enter the version number you just tagged and click Publish release
.
(OPTIONAL) Initialize all options and configure label text.
If this is not run then auto
will use the default configuration.
This command will produce an .autorc
.
You can configure most flags and all labels/changelogTitles.
auto init
All options can also be configured via the .autorc
file.
As CLI options you supply them in snake-case (--foo-bar)
, but as .autorc
options you supply them in camelCase (fooBar)
,
Exclusive options (extends, labels) can only be set in the .autorc
and do not exist as CLI flags.
Any option in the .autorc
will get overridden by the CLI flags if provided.
The following are options that might be more useful to set in the .autorc
than with a flag:
baseBranch Configure what your repo considers the "master" branch.
plugins Specify your plugins to load
githubApi If you are using enterprise github, `auto` lets you configure the github API URL that it uses.
githubGraphqlApi If you are using enterprise github and your company hosts the graphql at some other URL than the
`githubApi`, you can use `githubGraphqlApi` to set the base path for `auto`. The `githubGraphqlApi` gets
merged with `/graphql` to build the final URL.
Configure environment variables
You must configure some environment variables for publishing and releasing to work properly.
GH_TOKEN
- Used for updating the changelog and publishing the GitHub releaseNPM_TOKEN
- Used to publish to npm. (only with NPM plugin)Local .env
:
You can also store these values in a local file at the root of your project named .env
.
Make sure to add this file to your .gitignore
so you don't commit any keys!
These environment variables will override any variable already set on the process.
This enables you to have a per project configuration that isn't effected by your global setup.
PROJECT_ROOT/.env
:
GH_TOKEN=YOUR_TOKEN
NPM_TOKEN=PUBLISH_TOKEN
Create your project's labels on github. If a label already exist, it will be updated.
The types of labels that auto
uses are:
To create the labels for your project on GitHub, run the following command with your GH_TOKEN
.
GH_TOKEN=YOUR_TOKEN auto create-labels
# or with .env file
auto create-labels
Set up script
auto
is written so that each tool it exposes is useful in isolation.
To version, changelog, publish and release your code all at the same time we've included the shipit
tool.
This tool takes the default auto
workflow and puts it into one command.
It will:
baseBranch
baseBranch
{
"scripts": {
"release": "auto shipit"
}
}
For detailed setup instructions,refer here
--help
)$ auto --help
auto
Generate releases based on semantic version labels on pull requests, and
other pull request automation tools.
Synopsis
$ auto <command> <options>
Setup Command
init Interactive setup for most configurable options
create-labels Create your project's labels on github. If labels exist it will update them.
Pull Request Interaction Commands
label Get the labels for a pull request. Doesn't do much, but the return value lets you write you own scripts based off of the PR labels!
comment Comment on a pull request with a markdown message. Each comment has a context, and each context only has one comment.
pr-check Check that a pull request has a SemVer label
pr-status Set the status on a PR commit
pr-body Update the body of a PR with a message. Appends to PR and will not overwrite user content. Each comment has a context, and each context only has one comment.
Release Commands
version Get the semantic version bump for the given changes. Requires all PRs to have labels for the change type. If a PR does not have a label associated with it, it will default to `patch`.
changelog Prepend release notes to `CHANGELOG.md`, create one if it doesn't exist, and commit the changes.
release Auto-generate a github release
shipit Run the full `auto` release pipeline. Detects if in a lerna project.
1. call from base branch -> latest version released
2. call from PR in CI -> canary version released
3. call locally when not on base branch -> canary version released
canary Make a canary release of the project. Useful on PRs. If ran locally, `canary` will release a canary version for your current git HEAD.
1. In PR: 1.2.3-canary.123.0 + add version to PR body
2. Locally: 1.2.3-canary.1810cfd
Global Options
-V, --version Display auto's version
-v, -vv, --verbose Show some more logs. Pass -vv for very verbose logs.
--repo string The repo to set the status on. Defaults to looking in the package definition
for the platform
--owner string The owner of the GitHub repo. Defaults to reading from the package definition
for the platform
--github-api string GitHub API to use
--plugins string[] Plugins to load auto with. (defaults to just npm)
-h, --help Display the help output
One major caveat of auto
is that you need to be mindful of merging multiple PRs at once. You must not merge two PRs at once or you will botch one of the releases.
auto
works by looking at the git
tree to calculate the version bump then makes commits for the CHANGELOG.md
and the new version. If you merge two PRs at once:
The one exception to this rule with when merging a bunch of PRs with skip-release
labels.
You still can't merge a PR that triggers a release and then merge a PR with skip-release
. This will result in problem 3 from above.
But you can merge a bunch of PRs with skip-release
then merge a PR that triggers a release.
Because skip-release
is present no commits are made and the release is fine!
If you are using enterprise Github, auto
lets you configure the Github API URL that it uses. You can configure this by using the CLI option --github-api, by setting the value in your .autorc
, or during auto init
.
FAQs
CLI tools to help facilitate semantic versioning based on GitHub PR labels
The npm package @auto-canary/auto receives a total of 7 weekly downloads. As such, @auto-canary/auto popularity was classified as not popular.
We found that @auto-canary/auto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.