8000 Release pipeline by shichengripple001 · Pull Request #3039 · XRPLF/xrpl.js · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Release pipeline #3039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Release pipeline #3039

wants to merge 16 commits into from
+418 −1

Conversation

shichengripple001
Copy link

High Level Overview of Change

Created workflow for release pipeline

Context of Change

Introducing a releasing process described in https://github.com/xpring-eng/xrpl.js/blob/main/RELEASE.md

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Refactor (non-breaking change that only restructures code)
  • Tests (You added tests for code that already exists, or your new feature included in this PR)
  • Documentation Updates
  • Release

Did you update HISTORY.md?

  • Yes
  • No, this change does not impact library users

Test Plan

@coderabbitai coderabbitai
Copy link
coderabbitai bot commented Jul 10, 2025
edited
Loading

"""

Walkthrough

A new GitHub Actions workflow for releasing npm packages was introduced, including automation for building, testing, security scanning, artifact management, and manual approval. The Node.js CI workflow and faucet test workflow were updated to support reusable invocation with a specific git reference. Documentation was added describing the release pipeline and its procedures.

Changes

Files/Groups Change Summary
.github/workflows/nodejs.yml, .github/workflows/faucet_test.yml Made workflows reusable via workflow_call, added required git_ref input, set GIT_REF env, updated checkout steps to use GIT_REF with full fetch.
.github/workflows/release.yml Added a new multi-job GitHub Actions workflow for automated npm package release, including testing, scanning, and approval steps.
RELEASE.md Added documentation describing the new release pipeline, its stages, usage instructions, and notes.

Suggested reviewers

  • pdp2121
  • achowdhry-ripple

Poem

🐇
A pipeline hops into the scene,
With tests and scans so crisp and clean.
Packages packed, with SBOM in tow,
Await approval before they go.
A release so neat, a bunny’s delight—
Hopping to npm, everything’s right!

"""

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jul 10, 2025
View reviewed changes
Copy link
@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🔭 Outside diff range comments (1)
.github/workflows/nodejs.yml (1)

70-82: env.GIT_REF is undefined in unit job – checkout will ignore the desired ref

The job does not declare the env: block added to build-and-lint, therefore ref: ${{ env.GIT_REF }} expands to an empty string, making the step checkout the default branch.

Either hoist env: to the workflow level or replicate it per job:

  unit:
    runs-on: ubuntu-latest
    timeout-minutes: 10
+   env:
+     GIT_REF: ${{ inputs.git_ref || github.ref }}

Same applies to browser and (optionally) integration jobs.
Without this, the release pipeline’s tests might run against the wrong code.

♻️ Duplicate comments (1)
.github/workflows/nodejs.yml (1)

173-176: Same undef env.GIT_REF issue in browser job

See previous comment – ref: ${{ env.GIT_REF }} will evaluate to empty.
Add the env: block or move it to the workflow top-level.

🧹 Nitpick comments (6)
.github/workflows/release.yml (1)

80-93: Slack step name & condition mis-match actual behaviour

The step is placed in build stage yet is called “Notify Slack if tests fail”.
Worse, the if: failure() condition fires on any previous-step failure in the job, not only tests.

Consider:

-    - name: Notify Slack if tests fail
+    - name: Notify Slack on build failure

Optional: scope the if: to the build step for clearer intent.

RELEASE.md (5)

37-38: Spelling: “pipelin” → “pipeline”

-1. The pipelin will pause at the "Review test and security scan result" step,
+1. The pipeline will pause at the "Review test and security scan result" step,

60-61: Spelling: “vulnerabilites” → “vulnerabilities”

67-68: Spelling: “Genrate” → “Generate”

98-99: Markdown heading formatting

Missing space after ##, violating MD018.

-##⚠️ **Important Notes**
+## ⚠️ **Important Notes**

14-19: Specify language for fenced code blocks (MD040)

Add json for the package snippet and text/bash for plain examples to improve readability and lint compliance.

Also applies to: 30-35, 88-96

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a12cd02 and 8bac3b7.

📒 Files selected for processing (3)
  • .github/workflows/nodejs.yml (3 hunks)
  • .github/workflows/release.yml (1 hunks)
  • RELEASE.md (1 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
.github/workflows/nodejs.yml (1) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
RELEASE.md (1) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
.github/workflows/release.yml (1) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
🪛 actionlint (1.7.7)
.github/workflows/nodejs.yml

28-28: property "git_ref" is not defined in object type {}

(expression)

.github/workflows/release.yml

261-261: property "package_version" is not defined in object type {git_ref: string; package_name: string}

(expression)

🪛 LanguageTool
RELEASE.md

[grammar] ~37-~37: Ensure spelling is correct
Context: ...lease details and scan result** 1. The pipelin will pause at the "Review test and secu...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~60-~60: Ensure spelling is correct
Context: ...OWASP Dependency-Track for tracking the vulnerabilites. - Packages the module with lerna and u...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~67-~67: Ensure spelling is correct
Context: ... Slack. --- ### 4. Review Stage - Genrate a summary of: - Package name - Vers...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🪛 markdownlint-cli2 (0.17.2)
RELEASE.md

14-14: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

88-88: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

93-93: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

98-98: No space after hash on atx style heading

(MD018, no-missing-space-atx)

🔇 Additional comments (1)
.github/workflows/release.yml (1)

133-143: Typo & hard-coding – regenerate lerna.json more robustly

  1. Typo: “choosen”.
  2. The jq expression overwrites all packages; if lerna.json uses advanced config (workspaces, ignore, etc.) this loses data.
-    - name: Generate lerna.json for choosen the package
+    - name: Restrict lerna to selected package
@@
-        jq --arg pkg "packages/${{ env.PACKAGE_NAME }}" '.packages = [$pkg]' lerna.json > lerna.tmp.json && mv lerna.tmp.json lerna.json
+        jq --arg pkg "packages/${{ env.PACKAGE_NAME }}" \
+          '(.packages // []) as $p | $p | [$pkg]' \
+          lerna.json > lerna.tmp.json && mv lerna.tmp.json lerna.json

[ suggest_optional_refactor ]

.github/workflows/nodejs.yml Outdated
Comment on lines 27 to 38
env:
GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}
strategy:
matrix:
node-version: [22.x]


steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.GIT_REF }}
fetch-depth: 0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Incorrect context for reusable-workflow input – breaks workflow_call invocations

Inside reusable workflows the input is exposed through the inputs context (${{ inputs.git_ref }}), not github.event.inputs.git_ref.
Referencing a non-existent path silently returns null and causes checkout to fallback to the default ref, defeating the purpose of the parameter.

-env:
-  GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}
+env:
+  # Use reusable-workflow input when present; otherwise fallback for push/PR runs
+  GIT_REF: ${{ inputs.git_ref || github.ref }}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
env:
GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.GIT_REF }}
fetch-depth: 0
env:
# Use reusable-workflow input when present; otherwise fallback for push/PR runs
GIT_REF: ${{ inputs.git_ref || github.ref }}
strategy:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.GIT_REF }}
fetch-depth: 0
🧰 Tools
🪛 actionlint (1.7.7)

28-28: property "git_ref" is not defined in object type {}

(expression)

🤖 Prompt for AI Agents 
In .github/workflows/nodejs.yml around lines 27 to 38, the environment variable
GIT_REF is incorrectly set using github.event.inputs.git_ref, which is not
available in reusable workflows. Change the reference to use the inputs context
by setting GIT_REF to ${{ inputs.git_ref || github.ref }} to correctly access
the input parameter and ensure the checkout step uses the intended git
reference.

.github/workflows/release.yml
Comment on lines +257 to +269
- name: Notify Slack if tests fail
if: failure()
env:
SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
run: |
MESSAGE="❌ Tests failed for xrpl.js ${{ github.event.inputs.package_version }}. Check the logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
curl -X POST https://slack.com/api/chat.postMessage \
-H "Authorization: Bearer $SLACK_TOKEN" \
-H "Content-Type: application/json" \
-d "$(jq -n \
--arg channel "#ripplex-test-notifications-non-prod" \
--arg text "$MESSAGE" \
'{channel: $channel, text: $text}')"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Reference to non-existent github.event.inputs.package_version

The Slack-failure step dereferences package_version, which is not an input. Use the value obtained in get_version.

-        MESSAGE="❌ Tests failed for xrpl.js ${{ github.event.inputs.package_version }}. ...
+        MESSAGE="❌ Release pipeline failed for xrpl.js v${{ env.PACKAGE_VERSION }}. ...

This also avoids misleading “Tests failed” wording in a release stage.

🧰 Tools
🪛 actionlint (1.7.7)

261-261: property "package_version" is not defined in object type {git_ref: string; package_name: string}

(expression)

🤖 Prompt for AI Agents 
In .github/workflows/release.yml around lines 257 to 269, the Slack notification
step incorrectly references github.event.inputs.package_version, which does not
exist. Replace this with the version value obtained from the get_version step,
typically accessed via an output variable or environment variable set earlier in
the workflow. Update the MESSAGE variable to use this correct version reference
to ensure accurate and meaningful Slack notifications.

.github/workflows/release.yml
Comment on lines +173 to +197
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
ARTIFACT_NAME="vulnerability-report"

echo "Fetching artifact ID for ${ARTIFACT_NAME}..."
ARTIFACTS=$(curl -s -H "Authorization: Bearer $GH_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/$REPO/actions/runs/$RUN_ID/artifacts)

ARTIFACT_ID=$(echo "$ARTIFACTS" | jq -r ".artifacts[] | select(.name == \"$ARTIFACT_NAME\") | .id")

if [ -z "$ARTIFACT_ID" ]; then
echo "❌ Artifact not found."
exit 1
fi
echo "🔍 Please review the following details before proceeding:"
echo "📦 Package Name: $PACKAGE_NAME"
echo "🔖 Package Version: $PACKAGE_VERSION"
echo "🌿 Git Ref: $GIT_REF"
echo "🔢 Commit SHA: $COMMIT_SHA"
echo "🔗 Please review Vulnerabilities detected: https://github.com/$REPO/actions/runs/${{ github.run_id }}/artifacts/$ARTIFACT_ID"

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

GIT_REF and COMMIT_SHA printed but never set

The summary prompts reviewers with undefined variables, producing empty lines.

+        GIT_REF="${{ github.event.inputs.git_ref }}"
+        COMMIT_SHA="$(git rev-parse --short HEAD)"

Export before echoing or include in $GITHUB_ENV.

🤖 Prompt for AI Agents 
In .github/workflows/release.yml between lines 173 and 197, the variables
GIT_REF and COMMIT_SHA are echoed but never set, resulting in empty output
lines. Fix this by setting these variables before the echo statements, either by
exporting them with appropriate GitHub context values or by adding them to the
$GITHUB_ENV file so they are properly defined and available during the run.

mvadari
mvadari reviewed Jul 10, 2025
View reviewed changes
RELEASE.md Outdated
---

### 2. **Run Tests**
- Triggers the integration test workflow.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this also trigger unit, snippet, and faucet tests?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure. I can add those

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added step for triggering faucet test, it now run both faucet_test and nodejs.yaml workflow which covers unit test and integration test. Also updated the RELEASE.md

coderabbitai[bot]
coderabbitai bot reviewed Jul 11, 2025
View reviewed changes
Copy link
@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (3)
.github/workflows/nodejs.yml (1)

27-28: Duplicate – wrong context for reusable-workflow input
See earlier review: use inputs.git_ref, not github.event.inputs.git_ref.

.github/workflows/release.yml (2)

203-205: Duplicate – $GIT_REF & $COMMIT_SHA printed but never set
Previously reported; variables are still undefined here.

271-272: Duplicate – Slack failure message references non-existent package_version input

Still using ${{ github.event.inputs.package_version }} which was removed.

🧹 Nitpick comments (1)
.github/workflows/release.yml (1)

154-156: Minor typo in log output

echo "packageing for ..."packaging. Purely cosmetic but worth fixing for log clarity.

-        echo "packageing for ${{ env.PACKAGE_NAME }}"
+        echo "packaging ${PACKAGE_NAME}"
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8bac3b7 and 6340913.

📒 Files selected for processing (3)
  • .github/workflows/faucet_test.yml (2 hunks)
  • .github/workflows/nodejs.yml (6 hunks)
  • .github/workflows/release.yml (1 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
.github/workflows/faucet_test.yml (1) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
.github/workflows/release.yml (2) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.

Learnt from: mvadari
PR: XRPLF/xrpl.js#2779
File: packages/xrpl/HISTORY.md:10-14
Timestamp: 2024-10-11T18:48:28.561Z
Learning: Ensure to reference the correct version numbers when commenting on changes to `HISTORY.md` to avoid confusion.
.github/workflows/nodejs.yml (1) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
🪛 actionlint (1.7.7)
.github/workflows/release.yml

270-270: property "package_version" is not defined in object type {git_ref: string; package_name: string}

(expression)

.github/workflows/nodejs.yml

28-28: property "git_ref" is not defined in object type {}

(expression)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
  • GitHub Check: browser (22.x)
  • GitHub Check: integration (22.x)
  • GitHub Check: integration (20.x)
  • GitHub Check: unit (22.x)
  • GitHub Check: build-and-lint (22.x)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: unit (20.x)

.github/workflows/faucet_test.yml
Comment on lines 26 to 30
- uses: actions/checkout@v4
with:
ref: ${{ env.GIT_REF }}
fetch-depth: 0
- name: Use Node.js ${{ matrix.node-version }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

env.GIT_REF is undefined – checkout silently falls back to default branch

actions/checkout expects a concrete ref but the job never sets GIT_REF; thus ${{ env.GIT_REF }} resolves to an empty string and the step checks out the default branch instead of the supplied input, defeating the purpose of workflow_call.

-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ env.GIT_REF }}
-          fetch-depth: 0
+      - uses: actions/checkout@v4
+        with:
+          # Prefer the reusable-workflow input when present, otherwise fall back for push/dispatch runs
+          ref: ${{ inputs.git_ref || github.ref }}
+          fetch-depth: 0

If you still need GIT_REF elsewhere, set it explicitly:

env:
  GIT_REF: ${{ inputs.git_ref || github.ref }}
🤖 Prompt for AI Agents 
In .github/workflows/faucet_test.yml around lines 26 to 30, the environment
variable GIT_REF used in the checkout step is not defined, causing the action to
default to the main branch instead of the intended ref. To fix this, explicitly
set the GIT_REF environment variable at the job or workflow level by assigning
it to the input git_ref if provided, or fallback to github.ref, ensuring the
checkout action receives a valid ref value.

.github/workflows/nodejs.yml
Comment on lines +78 to 81
with:
ref: ${{ env.GIT_REF }}
fetch-depth: 0
- name: Use Node.js ${{ matrix.node-version }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Most jobs reference a non-existent GIT_REF env var → all checkouts use default branch

GIT_REF is only defined in the build-and-lint job.
unit, integration, browser, generate-documentation, and snippets jobs still rely on ${{ env.GIT_REF }} but never define it, so the checkout ref resolves to empty/default.

Fix once at workflow level:

env:
   RIPPLED_DOCKER_IMAGE: rippleci/rippled:develop
+  # Make the git ref accessible to every job/step
+  GIT_REF: ${{ inputs.git_ref || github.ref }}

…and drop the per-job env block (or add one to each job).
Without this, the release pipeline will test/build a different commit from the one being released.

Also applies to: 121-124, 175-178, 229-231, 309-312

🤖 Prompt for AI Agents 
In .github/workflows/nodejs.yml around lines 78 to 81, the environment variable
GIT_REF is used in multiple jobs but only defined in the build-and-lint job,
causing other jobs to default to the main branch. To fix this, define GIT_REF at
the workflow level so all jobs inherit it, or alternatively add an env block
defining GIT_REF to each job that uses it. This ensures all checkouts use the
correct commit reference consistently across the workflow.

coderabbitai[bot]
coderabbitai bot reviewed Jul 11, 2025
View reviewed changes
Copy link
@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (7)
RELEASE.md (7)

14-19: Add language identifier to fenced JSON block
Markdown-lint (MD040) complains and GitHub won’t apply JSON syntax highlighting.

-   ```
+   ```json
    {
      "name": "<package_name>",
      "version": "x.y.z"
    }
-   ```
+   ```

35-38: Fix spelling & pluralisation in the review-stage description

-1. The pipelin will pause at the "Review test and security scan result" step, at least 1 approver is required to review and approve the release.
+1. The pipeline will pause at the “Review test and security scan results” step; at least one approver is required to review and approve the release.

50-53: Correct typos and tighten wording for the test stage

-### 2. **Run Tests**
-- Triggers the facucet_test, nodejs workflow which will run unit test, intgration test, faucet test etc.
+-### 2. **Run Tests**
+- Invokes the `faucet_test` and `nodejs` reusable workflows to run unit, integration, and faucet tests.

59-61: Spelling: “vulnerabilities”

-- Uploads SBOM to OWASP Dependency-Track for tracking the vulnerabilites.
+- Uploads the SBOM to OWASP Dependency-Track for tracking vulnerabilities.

66-71: Spelling: “Generate” & minor formatting

-### 4. **Review Stage**
-- Genrate a summary of:
+-### 4. **Review Stage**
+- Generates a summary of:

88-95: Add language identifier to fenced code block

-```
+```text
 <package_name>@<version>

---

`98-98`: **Missing space after atx heading marker**

```diff
-##⚠️ **Important Notes**
+## ⚠️ **Important Notes**
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6340913 and 7c55126.

📒 Files selected for processing (1)
  • RELEASE.md (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
📓 Common learnings 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
RELEASE.md (1) 
Learnt from: mvadari
PR: XRPLF/xrpl.js#2788
File: .github/workflows/nodejs.yml:25-25
Timestamp: 2024-09-26T21:14:56.813Z
Learning: In `.github/workflows/nodejs.yml`, the `build-and-lint` job's actions `actions/setup-node` and `actions/cache` are updated to `@v4`.
🪛 LanguageTool
RELEASE.md

[grammar] ~37-~37: Ensure spelling is correct
Context: ...lease details and scan result** 1. The pipelin will pause at the "Review test and secu...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~51-~51: Ensure spelling is correct
Context: ...dejs workflow which will run unit test, intgration test, faucet test etc. - Ensures the code at...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~60-~60: Ensure spelling is correct
Context: ...OWASP Dependency-Track for tracking the vulnerabilites. - Packages the module with lerna and u...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

[grammar] ~67-~67: Ensure spelling is correct
Context: ... Slack. --- ### 4. Review Stage - Genrate a summary of: - Package name - Vers...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🪛 markdownlint-cli2 (0.17.2)
RELEASE.md

14-14: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

88-88: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

93-93: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

98-98: No space after hash on atx style heading

(MD018, no-missing-space-atx)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: integration (22.x)
  • GitHub Check: integration (20.x)
  • GitHub Check: browser (22.x)
  • GitHub Check: unit (22.x)
  • GitHub Check: generate-documentation (22.x)
  • GitHub Check: build-and-lint (22.x)
  • GitHub Check: unit (20.x)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@mvadari mvadari Awaiting requested review from mvadari

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shichengripple001 @mvadari
0