Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

semantic-release-github-pr

Package Overview
Dependencies
Maintainers
1
Versions
32
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

semantic-release-github-pr

A `semantic-release` plugin that creates a changelog comment on Github PRs.

  • 6.0.3
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
469
increased by154.89%
Maintainers
1
Weekly downloads
 
Created
Source

semantic-release-github-pr

Tests workflow npm semantic-release

Preview the semantic release notes that would result from merging a Github PR.

image

This semantic-release plugin will post a Github PR comment with a preview of the release that would result from merging.

Install

npm install -D semantic-release semantic-release-github-pr

Usage

npx semantic-release-github-pr

It helps to think about semantic-release-github-pr as a variation on semantic-release's default behavior, using the latter's plugin system to modify some behaviors:

  • If a new release would result from running semantic-release, instead of publishing a new release of a package, it posts a comment with the changelog to matching Github PRs.

  • It posts a static message when there's no release (for clarity).

  • It cleans up any PR comments it previously made (to keep from flooding PRs or leaving outdated information).

Which PRs get a comment?

A PR gets a comment if:

  1. The PR's from branch matches the current branch (that this plugin is being run on).

    To cover multiple CI scenarios (see below), either of:

    1. The PR's test merge commit matches the current branch's git HEAD.
    2. The PR and the current branch have the same git HEAD.
  2. The PR's base branch matches master (default) unless otherwise configured via the baseBranch option.

Configuration

It is assumed the user is already fully familiar with semantic-release and its workflow.

Github

Github authentication must be configured, exactly the same as for semantic-relase's default @semantic-release/github plugin. PR comments will be posted by the associated GitHub user.

Release config

It's possible to configure the expected base branch when matching a PR via a baseBranch option set in the release config.

E.g., in a package.json release config:

{
  "release": {
    "baseBranch": "staging"
  }
}

CI

This plugin is best used with a CI build process to fully automate the posting of comments in Github PRs. Ideally, it should run whenever a PR is opened/updated.

GitHub Actions

This plugin relies on semantic-release's dry-run feature. Unfortunately, that feature is gated by strict run-time checks, including one that ensures that the branch semantic-release runs on is in the release configuration. It depends on env-ci to enforce the checks in CI environments, which doesn't properly resolve the branch name when running in GitHub Actions, requiring a workaround:

    - run: git checkout -b ${{ github.head_ref }}
    - run: unset GITHUB_ACTIONS && npx semantic-release-github-pr
Travis

To only run when necessary, we use the $TRAVIS_PULL_REQUEST environment variable to detect whether the build is a "pull request build".

after_success:
  - "[[ $TRAVIS_PULL_REQUEST != 'false' ]] && npx semantic-release-github-pr || exit 0"
CircleCI

To run only when necessary, we use the $CI_PULL_REQUEST environment variable to detect whether the build has a corresponding pull request.

Unfortunately, CircleCI only supports building on push, not when a PR is created. This limits the usefulness of the plugin somewhat, as a build will have to be triggered manually after a PR is opened for the changelog to post.

post:
  - "[[ $CI_PULL_REQUEST != '' ]] && npx semantic-release-github-pr || exit 0"

FAQs

Package last updated on 16 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc