From 9bfd46ffd94f40990252fb92bda4697a48bd5c1a Mon Sep 17 00:00:00 2001 From: Waleed Latif Date: Sat, 24 Jan 2026 22:21:01 -0800 Subject: [PATCH 1/2] fix(releases): improve commit categorization and CI security --- .github/workflows/ci.yml | 5 +++-- scripts/create-single-release.ts | 33 +++++++++++++++++++++++--------- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8b8ba01468..e3b95c8347 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,10 +27,11 @@ jobs: steps: - name: Extract version from commit message id: extract + env: + COMMIT_MSG: ${{ github.event.head_commit.message }} run: | - COMMIT_MSG="${{ github.event.head_commit.message }}" # Only tag versions on main branch - if [ "${{ github.ref }}" = "refs/heads/main" ] && [[ "$COMMIT_MSG" =~ ^(v[0-9]+\.[0-9]+\.[0-9]+): ]]; then + if [ "$GITHUB_REF" = "refs/heads/main" ] && [[ "$COMMIT_MSG" =~ ^(v[0-9]+\.[0-9]+\.[0-9]+): ]]; then VERSION="${BASH_REMATCH[1]}" echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "is_release=true" >> $GITHUB_OUTPUT diff --git a/scripts/create-single-release.ts b/scripts/create-single-release.ts index 3e6d90c56f..2deb519afa 100755 --- a/scripts/create-single-release.ts +++ b/scripts/create-single-release.ts @@ -126,7 +126,7 @@ async function fetchGitHubCommitDetails( const githubUsername = commit.author?.login || commit.committer?.login || 'unknown' - let cleanMessage = commit.commit.message.split('\n')[0] // First line only + let cleanMessage = commit.commit.message.split('\n')[0] if (prNumber) { cleanMessage = cleanMessage.replace(/\s*\(#\d+\)\s*$/, '') } @@ -226,12 +226,23 @@ async function getCommitsBetweenVersions( function categorizeCommit(message: string): 'features' | 'fixes' | 'improvements' | 'other' { const msgLower = message.toLowerCase() - if ( - msgLower.includes('feat') || - msgLower.includes('add') || - msgLower.includes('implement') || - msgLower.includes('new ') - ) { + if (/^feat(\(|:|!)/.test(msgLower)) { + return 'features' + } + + if (/^fix(\(|:|!)/.test(msgLower)) { + return 'fixes' + } + + if (/^(improvement|improve|perf|refactor)(\(|:|!)/.test(msgLower)) { + return 'improvements' + } + + if (/^(chore|docs|style|test|ci|build)(\(|:|!)/.test(msgLower)) { + return 'other' + } + + if (msgLower.includes('feat') || msgLower.includes('implement') || msgLower.includes('new ')) { return 'features' } @@ -242,13 +253,17 @@ function categorizeCommit(message: string): 'features' | 'fixes' | 'improvements if ( msgLower.includes('improve') || msgLower.includes('enhance') || - msgLower.includes('update') || msgLower.includes('upgrade') || - msgLower.includes('optimization') + msgLower.includes('optimization') || + msgLower.includes('add') ) { return 'improvements' } + if (msgLower.includes('update')) { + return 'improvements' + } + return 'other' } From 846b276621daaac4ed22595abc962f9326345e61 Mon Sep 17 00:00:00 2001 From: Waleed Latif Date: Sat, 24 Jan 2026 22:26:07 -0800 Subject: [PATCH 2/2] fix(releases): remove redundant update check --- scripts/create-single-release.ts | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/scripts/create-single-release.ts b/scripts/create-single-release.ts index 2deb519afa..b49777cec5 100755 --- a/scripts/create-single-release.ts +++ b/scripts/create-single-release.ts @@ -255,15 +255,12 @@ function categorizeCommit(message: string): 'features' | 'fixes' | 'improvements msgLower.includes('enhance') || msgLower.includes('upgrade') || msgLower.includes('optimization') || - msgLower.includes('add') + msgLower.includes('add') || + msgLower.includes('update') ) { return 'improvements' } - if (msgLower.includes('update')) { - return 'improvements' - } - return 'other' }