Conversation
Co-authored-by: Cursor <cursoragent@cursor.com>
davseve
commented
Jun 24, 2026
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
davseve
commented
Jul 6, 2026
davseve
commented
Jul 6, 2026
davseve
commented
Jul 6, 2026
davseve
commented
Jul 6, 2026
davseve
commented
Jul 6, 2026
davseve
commented
Jul 6, 2026
Ntnelbaba
reviewed
Jul 8, 2026
This reverts commit 929fb09.
npm ci requires a package-lock.json in the prefix directory, but when this action is consumed remotely only the action subdirectory is fetched — without the monorepo root lockfile. Ref: ED-24451 Co-authored-by: Cursor <cursoragent@cursor.com>
The action is fetched in isolation (no monorepo root), so the local workspace package @elementor/editor-github-actions-utils is unavailable at runtime. Inline the three used functions directly. Ref: ED-24451 Co-authored-by: Cursor <cursoragent@cursor.com>
main.ts was only exporting run() without calling it, so no outputs were written. Also add "type": "module" to suppress Node warning. Ref: ED-24451 Co-authored-by: Cursor <cursoragent@cursor.com>
Node's ESM resolver requires explicit file extensions. Without them, importing './current-version-validation' fails at runtime. Ref: ED-24451 Co-authored-by: Cursor <cursoragent@cursor.com>
- action.yml: move all ${{ expr }} references out of inline shell scripts
into env: vars so they are never interpolated by the shell
- main.ts: replace execSync with interpolated string with spawnSync
and an args array to prevent command injection via INPUT_VERSION
Ref: ED-24451
Co-authored-by: Cursor <cursoragent@cursor.com>
There was a problem hiding this comment.
Pull request overview
Adds a new “two-step” release tag creation flow by introducing a dedicated GitHub Action and shared utilities for patching version-related files, along with a CI test pipeline to validate the behavior.
Changes:
- Introduces
actions/release-tag-creationaction (validation, tag derivation, version-file updates) plus tests. - Adds version-file patching/tag-parsing helpers to
@elementor/editor-github-actions-utilswith Vitest coverage. - Adds a
testTurbo task and a PR workflow test job; adjusts TS config and Node engine requirements.
Reviewed changes
Copilot reviewed 14 out of 17 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
turbo.json |
Adds a test task to the Turbo pipeline. |
tsconfig.json |
Enables importing .ts extensions (affects module resolution/typecheck). |
packages/editor-github-actions-utils/src/version-files.ts |
Adds helpers for patching version markers and parsing latest tags from ls-remote. |
packages/editor-github-actions-utils/src/version-files.test.ts |
Adds Vitest coverage for the new utils helpers. |
packages/editor-github-actions-utils/src/index.ts |
Re-exports the new version-files module. |
packages/editor-github-actions-utils/package.json |
Adds Vitest scripts/dependency for the utils package tests. |
package.json |
Adds root test script and bumps Node engine requirement. |
package-lock.json |
Updates lockfile for new workspace/package dependencies and version bumps. |
actions/trickle-down-changelog/main.ts |
Tweaks PR message formatting (removes v prefix). |
actions/release-tag-creation/update-version-files.ts |
Implements readme/elementor.php patching + output capture for the action. |
actions/release-tag-creation/package.json |
Adds the new action package manifest and Vitest config. |
actions/release-tag-creation/main.ts |
Implements version input parsing/validation and derives channel/branch/companion tag. |
actions/release-tag-creation/current-version-validation.ts |
Implements “next version” validation based on remote tags. |
actions/release-tag-creation/current-version-validation.test.ts |
Adds unit tests for “next version” validation. |
actions/release-tag-creation/action.yml |
Defines the composite action steps (install, validate, patch, commit, tag). |
.github/workflows/pr.yml |
Adds a dedicated test job to PR checks. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+45
to
+52
| - name: Handle version input | ||
| id: handle-version-input | ||
| shell: bash | ||
| env: | ||
| INPUT_VERSION: ${{ inputs.version }} | ||
| ACTION_PATH: ${{ github.action_path }} | ||
| run: node "$ACTION_PATH/main.ts" | ||
|
|
Comment on lines
+11
to
+14
| "dependencies": { | ||
| "@actions/core": "^1.11.1", | ||
| "semver": "^7.7.2" | ||
| }, |
Comment on lines
13
to
16
| "engines": { | ||
| "node": ">=20.6.0", | ||
| "node": ">=24.0.0", | ||
| "npm": ">=10.0.0" | ||
| }, |
Comment on lines
+53
to
+71
| const tags = lsRemoteOutput | ||
| .split('\n') | ||
| .map((line) => line.split('\t')[1] ?? '') | ||
| .map((ref) => ref.replace(/^refs\/tags\/v?/, '')) | ||
| .filter((tag) => pattern.test(tag)) | ||
| .sort((a, b) => { | ||
| // Semantic version sort: split on dots and numeric pre-release parts | ||
| const toparts = (v: string) => | ||
| v.split(/[.\-]/).map((p) => (isNaN(Number(p)) ? p : Number(p))); | ||
| const ap = toparts(a); | ||
| const bp = toparts(b); | ||
| for (let i = 0; i < Math.max(ap.length, bp.length); i++) { | ||
| const ai = ap[i] ?? 0; | ||
| const bi = bp[i] ?? 0; | ||
| if (ai < bi) return -1; | ||
| if (ai > bi) return 1; | ||
| } | ||
| return 0; | ||
| }); |
Comment on lines
+18
to
+22
| return tagsOutput | ||
| .split('\n') | ||
| .map((line) => line.split('\t')[1]?.replace('refs/tags/', '').trim()) | ||
| .filter((tag): tag is string => { | ||
| if (!tag || !ALLOWED_PATTERN.test(tag)) return false; |
Apply Prettier formatting to release-tag-creation files and version-files utilities. Remove unnecessary regex escape in version-files.ts. Activate Elementor plugin in setup-elementor-env instead of only validating it, fixing the Performance flow CI job where wp-env installs but does not auto-activate plugins. Ref: ED-24451 Co-authored-by: Netanel Baba <Ntnelbaba@users.noreply.github.com>
Latest Elementor from wordpress.org requires WordPress 6.8 minimum. Update the Test Actions workflow to match. Ref: ED-24451 Co-authored-by: Netanel Baba <Ntnelbaba@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.