Skip to content

Add auto version bump on PR merge#68

Open
Joxx0r wants to merge 1 commit intomainfrom
feature/auto-version-bump
Open

Add auto version bump on PR merge#68
Joxx0r wants to merge 1 commit intomainfrom
feature/auto-version-bump

Conversation

@Joxx0r
Copy link
Collaborator

@Joxx0r Joxx0r commented Feb 26, 2026

Summary

  • Auto-increments patch version in package.json when a PR is merged to main
  • Dispatches upstream-release event to EmbarkStudios/embark-ai-tools so the plugin version is synced there
  • Skips bot commits to prevent infinite loops (if: github.actor != 'github-actions[bot]')
  • Uses [skip ci] in commit message to avoid triggering CI on version bump commits

Setup needed

After merging, add a secret EMBARK_AI_TOOLS_DISPATCH containing a GitHub PAT with repo scope on EmbarkStudios/embark-ai-tools.

Companion PRs

  • embark-ai-tools: adds receiver workflow (plugin-version-bump.yml)
  • UnrealScheduler: adds matching version-bump.yml

🤖 Generated with Claude Code

claude[bot]
claude bot requested changes Feb 26, 2026
View reviewed changes
Copy link

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Auto version bump workflow

The overall approach is sound — bot-actor guard + [skip ci] for loop prevention is a belt-and-suspenders setup, and scoping permissions to contents: write is appropriate. Two issues need to be addressed before merging.

Bug: package-lock.json is not updated

package-lock.json contains its own top-level "version" field (currently "2.0.0"). The workflow updates package.json via jq but never touches the lock file. After the bump commit, package.json and package-lock.json will be out of sync, causing npm ci to fail with:

npm ci can only install packages when your package.json and package-lock.json are in sync

The simplest fix is to replace the manual jq manipulation with npm version:

- name: Bump patch version
  id: bump
  run: |
    NEW_VERSION=$(npm version patch --no-git-tag-version)
    echo "version=${NEW_VERSION#v}" >> "$GITHUB_OUTPUT"
    echo "Bumped to $NEW_VERSION"

npm version patch --no-git-tag-version updates both package.json and package-lock.json atomically. Then update the commit step to also stage the lock file:

git add package.json package-lock.json

Minor: Race condition on concurrent merges

If two PRs are merged to main in quick succession, both workflow runs will read the same version before either commits, and one push will fail (diverged history). The failed run leaves the version un-bumped with no retry.

This is low-severity (concurrent merges to main are uncommon), but worth noting. A simple mitigation is to add fetch-depth: 0 on checkout and rebase before pushing, or accept the failure as acceptable noise.

What looks good

  • Bot-actor skip guard (github.actor != 'github-actions[bot]') correctly prevents infinite re-triggering
  • [skip ci] also prevents CI re-runs on the bump commit
  • jq > tmp.json && mv is safe — avoids read/write races on the same file
  • The dispatch payload is well-structured and uses GH_TOKEN env var correctly (no secret leakage)
  • contents: write is the minimum permission needed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Joxx0r