versionary
Advanced tools
| /** | ||
| * Default committer identity Versionary uses when a repository has no | ||
| * `user.name`/`user.email` configured (for example a bare CI runner). | ||
| * | ||
| * This intentionally mirrors the GitHub Action entrypoint | ||
| * (`src/action/index.ts`), which is a standalone bundle and cannot import this | ||
| * module, so release commits are attributed to the same bot regardless of how | ||
| * Versionary is invoked (composite action vs. running the CLI from source). | ||
| */ | ||
| export declare const DEFAULT_GIT_AUTHOR_NAME = "github-actions[bot]"; | ||
| export declare const DEFAULT_GIT_AUTHOR_EMAIL = "41898282+github-actions[bot]@users.noreply.github.com"; | ||
| /** | ||
| * Ensure git has a committer identity before Versionary creates release | ||
| * commits. This only fills the gap: if `user.name`/`user.email` already resolve | ||
| * (local, global, or system config), they are left untouched. Otherwise a | ||
| * repository-local default is set so `git commit` does not fail with | ||
| * "Please tell me who you are". | ||
| */ | ||
| export declare function ensureGitIdentity(cwd: string): void; |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.DEFAULT_GIT_AUTHOR_EMAIL = exports.DEFAULT_GIT_AUTHOR_NAME = void 0; | ||
| exports.ensureGitIdentity = ensureGitIdentity; | ||
| const node_child_process_1 = require("node:child_process"); | ||
| /** | ||
| * Default committer identity Versionary uses when a repository has no | ||
| * `user.name`/`user.email` configured (for example a bare CI runner). | ||
| * | ||
| * This intentionally mirrors the GitHub Action entrypoint | ||
| * (`src/action/index.ts`), which is a standalone bundle and cannot import this | ||
| * module, so release commits are attributed to the same bot regardless of how | ||
| * Versionary is invoked (composite action vs. running the CLI from source). | ||
| */ | ||
| exports.DEFAULT_GIT_AUTHOR_NAME = "github-actions[bot]"; | ||
| exports.DEFAULT_GIT_AUTHOR_EMAIL = "41898282+github-actions[bot]@users.noreply.github.com"; | ||
| function hasGitConfig(cwd, key) { | ||
| try { | ||
| (0, node_child_process_1.execFileSync)("git", ["config", key], { | ||
| cwd, | ||
| stdio: ["ignore", "pipe", "ignore"], | ||
| }); | ||
| return true; | ||
| } | ||
| catch { | ||
| return false; | ||
| } | ||
| } | ||
| /** | ||
| * Ensure git has a committer identity before Versionary creates release | ||
| * commits. This only fills the gap: if `user.name`/`user.email` already resolve | ||
| * (local, global, or system config), they are left untouched. Otherwise a | ||
| * repository-local default is set so `git commit` does not fail with | ||
| * "Please tell me who you are". | ||
| */ | ||
| function ensureGitIdentity(cwd) { | ||
| if (!hasGitConfig(cwd, "user.name")) { | ||
| (0, node_child_process_1.execFileSync)("git", ["config", "user.name", exports.DEFAULT_GIT_AUTHOR_NAME], { | ||
| cwd, | ||
| stdio: ["ignore", "pipe", "ignore"], | ||
| }); | ||
| } | ||
| if (!hasGitConfig(cwd, "user.email")) { | ||
| (0, node_child_process_1.execFileSync)("git", ["config", "user.email", exports.DEFAULT_GIT_AUTHOR_EMAIL], { | ||
| cwd, | ||
| stdio: ["ignore", "pipe", "ignore"], | ||
| }); | ||
| } | ||
| } |
@@ -22,2 +22,3 @@ "use strict"; | ||
| const load_config_js_1 = require("../config/load-config.js"); | ||
| const identity_js_1 = require("../git/identity.js"); | ||
| const client_js_1 = require("../scm/client.js"); | ||
@@ -353,2 +354,3 @@ const package_context_js_1 = require("../strategy/package-context.js"); | ||
| }); | ||
| (0, identity_js_1.ensureGitIdentity)(cwd); | ||
| (0, node_child_process_1.execFileSync)("git", ["commit", "-m", title, "-m", VERSIONARY_RELEASE_TRAILER], { | ||
@@ -355,0 +357,0 @@ cwd, |
@@ -282,5 +282,3 @@ "use strict"; | ||
| for (const reference of uniqueReferences) { | ||
| const body = reference >= 1_000_000_000 | ||
| ? `This pull request is included in [version ${input.version}](${input.releaseUrl}).` | ||
| : `This issue has been resolved in [version ${input.version}](${input.releaseUrl}).`; | ||
| const body = `This is included in [version ${input.version}](${input.releaseUrl}). :tada:\n\nReleased by [Versionary](https://github.com/jolars/versionary).`; | ||
| try { | ||
@@ -287,0 +285,0 @@ await octokit.issues.createComment({ |
+1
-1
| { | ||
| "name": "versionary", | ||
| "version": "0.26.1", | ||
| "version": "0.27.0", | ||
| "description": "Automatic release framework based on conventional commits and semantic versioning", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
+30
-0
@@ -175,2 +175,5 @@ # Versionary | ||
| - `strict`: fail release if comment posting fails | ||
| - comments are authored by the account that owns the configured token; see | ||
| [Comment and commit author identity](#comment-and-commit-author-identity) | ||
| to post them under a bot identity | ||
| - optional monorepo planning with `monorepo-mode` and `packages`: | ||
@@ -420,2 +423,29 @@ - `independent` computes package bumps per path | ||
| #### Comment and commit author identity | ||
| Two distinct identities are at play; keep them apart. | ||
| **Release-reference comments, the GitHub Release, and the tag/branch push** are | ||
| attributed to the account that owns the token you provide. There is no GitHub | ||
| API to set a custom author independent of the token, so this identity always | ||
| follows the token's account: | ||
| - the workflow's default `GITHUB_TOKEN` acts as `github-actions[bot]` — the | ||
| common case, and what most `semantic-release` setups show | ||
| - a **personal access token (PAT)** acts as your own user | ||
| - a **dedicated bot user account** acts as that account (for example | ||
| `semantic-release`'s own `@semantic-release-bot`): create a separate GitHub | ||
| user, generate a PAT for it, and store it as the release token | ||
| - a **GitHub App installation token** (e.g. minted with | ||
| `actions/create-github-app-token`) acts as `<app-name>[bot]` | ||
| **The release commit's committer** comes from git's `user.name`/`user.email`, | ||
| not the token. When neither is configured (e.g. a bare CI runner), Versionary | ||
| defaults it to `github-actions[bot]`, so no `git config` step is needed in your | ||
| workflow; an existing identity (local, global, or the one the GitHub Action | ||
| wrapper sets) is left untouched. | ||
| The release-reference comment body itself is signed by Versionary regardless of | ||
| which account posts it. | ||
| Action outputs: | ||
@@ -422,0 +452,0 @@ |
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
269261
1.72%69
2.99%5976
1.15%481
6.65%11
10%