Skip to content

fix(releases): improve commit categorization and ci security #2992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
waleedlatif1 merged 2 commits into from
Jan 25, 2026
Merged

fix(releases): improve commit categorization and ci security #2992

waleedlatif1 merged 2 commits into from
Jan 25, 2026
+24 −11

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Jan 25, 2026

Summary

  • Fix release script to prioritize conventional commit prefixes (fix/feat/improvement) over keyword matching
  • Fix CI to pass commit message through env var to prevent command injection

Type of Change

  • Bug fix

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Jan 25, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
docs Ready Ready Preview, Comment Jan 25, 2026 6:28am

Request Review

@waleedlatif1 waleedlatif1 changed the title fix(releases): improve commit categorization and CI security fix(releases): improve commit categorization and ci security Jan 25, 2026
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 25, 2026

Greptile Overview

Greptile Summary

This PR addresses two important issues:

Security fix: Prevented command injection vulnerability in CI workflow by passing commit message through environment variable (COMMIT_MSG) instead of inline string interpolation. Also replaced ${{ github.ref }} with $GITHUB_REF for consistency.

Commit categorization improvement: Updated release script to prioritize conventional commit prefixes (feat:, fix:, improvement:, etc.) over keyword matching. This ensures commits following the conventional commits standard are categorized correctly before falling back to broad keyword searches.

The changes improve both security posture and release note accuracy.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The changes are well-scoped security and correctness improvements with no breaking changes. The CI security fix addresses a real vulnerability, and the commit categorization logic is improved without affecting existing functionality
  • No files require special attention

Important Files Changed

Filename Overview
.github/workflows/ci.yml Fixed command injection vulnerability by passing commit message through environment variable instead of inline string interpolation
scripts/create-single-release.ts Improved commit categorization to prioritize conventional commit format, but has edge case with redundant 'update' keyword check

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant Script as create-single-release.ts
    participant Git as Git Repository
    participant GitHub as GitHub API
    
    Note over GHA: CI Workflow (ci.yml)
    GHA->>GHA: Trigger on push to main/staging
    GHA->>GHA: Set COMMIT_MSG env var (secure)
    GHA->>GHA: Check if COMMIT_MSG matches version pattern
    alt Is release commit on main
        GHA->>GHA: Extract version from commit message
        GHA->>GHA: Set is_release=true
    else Not a release
        GHA->>GHA: Set is_release=false
    end
    
    Note over Script: Release Script Flow
    Script->>Git: Find version commit
    Git-->>Script: Return commit hash & metadata
    Script->>Git: Find previous version commit
    Git-->>Script: Return previous commit hash
    Script->>Git: Get commits between versions
    Git-->>Script: Return commit list
    
    loop For each commit
        Script->>GitHub: Fetch commit details via API
        GitHub-->>Script: Return author, PR number
        Script->>Script: Categorize commit (conventional format priority)
        Note over Script: 1. Check conventional prefixes<br/>2. Check other standard prefixes<br/>3. Fall back to keyword matching
    end
    
    Script->>Script: Group commits by category
    Script->>Script: Generate release notes body
    Script->>GitHub: Create GitHub release
    GitHub-->>Script: Release created successfully
Loading

greptile-apps[bot]
greptile-apps bot reviewed Jan 25, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@waleedlatif1 waleedlatif1 merged commit 1952b19 into staging Jan 25, 2026
11 checks passed
@waleedlatif1 waleedlatif1 deleted the fix/relases branch January 25, 2026 06:33
@waleedlatif1 waleedlatif1 mentioned this pull request Jan 25, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1