ci: Add CI enforcement to prevent manual CHANGELOG.md edits #3075
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new workflow that checks PRs for CHANGELOG.md modifications and fails unless the PR title starts with `meta(changelog):`. When a violation is detected, posts a comment explaining the automated changelog policy and what action to take. Fixes #3072 Co-Authored-By: Claude <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| repo: context.repo.repo, | ||
| pull_number: prNumber, | ||
| per_page: 100 | ||
| }); |
There was a problem hiding this comment.
Missing pagination allows CHANGELOG.md bypass in large PRs
Medium Severity
The listFiles call only fetches the first 100 files without handling pagination. If a PR modifies more than 100 files and CHANGELOG.md is not in the first page of results, the enforcement check will fail to detect it and allow the PR to merge without proper validation. This silently bypasses the intended changelog protection mechanism.
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: prNumber | ||
| }); |
There was a problem hiding this comment.
Missing pagination may cause duplicate warning comments
Low Severity
The listComments call doesn't specify per_page, using the default of 30. If a PR has more than 30 comments, the existing bot comment may not be found when checking for duplicates, causing repeated warning comments to be posted on subsequent workflow runs.
Use github.paginate() for both listFiles and listComments API calls to handle PRs with >100 changed files or >30 comments. Without pagination, CHANGELOG.md changes could go undetected in very large PRs, and duplicate warning comments could be posted on PRs with many existing comments. Co-Authored-By: Claude <noreply@anthropic.com>
Add an HTML marker to identify the bot comment, and delete it when the PR no longer violates the changelog policy (either by updating the title to meta(changelog): or removing CHANGELOG.md changes). This prevents stale warning comments from persisting after fixes. Co-Authored-By: Claude <noreply@anthropic.com>
Draft
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add a new CI workflow that prevents manual CHANGELOG.md modifications unless the PR title starts with
meta(changelog):.This is a follow-up to #3074 which removed DangerJS. Now that changelogs are auto-generated, we need to prevent accidental manual edits. When a violation is detected, the workflow posts a comment explaining the policy and fails the check.
The workflow:
meta(changelog):Issues
CHANGELOG.mdchanges #3072