Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions .github/actions/bun-install/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Monorepo install (bun)
description: Install Bun workspace dependencies with cache enabled
inputs:
cwd:
description: "Changes the install working directory"
required: false
default: "."
frozen-lockfile:
description: "Run install with --frozen-lockfile"
required: false
default: "true"
generate:
description: "Run bun gen after install"
required: false
default: "false"

runs:
using: composite

steps:
- name: βš™οΈ Install bun
uses: oven-sh/setup-bun@v2
with:
bun-version-file: package.json

- name: βš™οΈ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22

- name: ♻️ Setup bun cache
uses: actions/cache@v4
with:
path: ~/.bun/install/cache
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-

- name: πŸ“₯ Install dependencies
shell: bash
working-directory: ${{ inputs.cwd }}
run: |
args=(install)

if [ "${{ inputs.frozen-lockfile }}" = "true" ]; then
args+=(--frozen-lockfile)
else
args+=(--no-frozen-lockfile)
fi

bun "${args[@]}"
env:
HUSKY: "0"

- name: 🧱 Generate local artifacts
if: ${{ inputs.generate == 'true' }}
shell: bash
working-directory: ${{ inputs.cwd }}
run: bun gen
42 changes: 42 additions & 0 deletions .github/prompts/release-notes-rewrite.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<!-- Prompt structure adapted from sst/opencode and Better Auth release automation. -->

You are rewriting release notes for KitCN, an open-source Convex toolkit for
auth, ORM, React Query, and CLI workflows.

## Input

**Raw changelog:** __RAW_CHANGELOG_PATH__

The raw changelog is generated from Changesets package changelogs after publish.
It is grouped by npm package and change type.

## Job

Rewrite each entry into a polished, user-focused release note while preserving
the exact release structure. Describe what changed for KitCN users, not just the
internal implementation.

## Writing Rules

- Keep every entry as one clear sentence unless the raw entry already contains a
migration block or code example.
- Keep code identifiers in backticks.
- Keep PR links, author links, and package names.
- Keep migration notes, especially under `### Major Changes`.
- Do not add `CHANGELOG` links. The workflow injects per-package links after
validation.
- Do not invent package summaries.
- Do not add or remove release entries.
- Do not use em dashes.

## Structural Rules

- Do not modify `## \`package-name\`` headings or their order.
- Do not modify `### Major Changes`, `### Minor Changes`, or
`### Patch Changes` headings or their order.
- Do not add standalone `## Contributors` sections.
- Do not add standalone `Full changelog: [\`...\`](...)` links.
- Preserve all PR links in the raw changelog.
- Preserve all migration-note blocks.

Write the final release notes to: __RAW_CHANGELOG_PATH__.final
20 changes: 12 additions & 8 deletions .github/workflows/changeset-auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,24 +24,28 @@ jobs:
)

steps:
- name: πŸ“₯ Checkout workflow helper
- name: πŸ“₯ Checkout same-repo workflow helper
if: ${{ github.event_name == 'pull_request' }}
uses: actions/checkout@v4
with:
ref: >-
${{
github.event_name == 'pull_request'
&& github.event.pull_request.head.sha
|| github.event.repository.default_branch
}}
ref: ${{ github.event.pull_request.head.sha }}
persist-credentials: false

- name: πŸ“₯ Checkout default-branch workflow helper
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false

- name: πŸ” Sync auto-release checkbox
uses: actions/github-script@v7
with:
github-token: ${{ github.token }}
script: |
const { pathToFileURL } = await import('node:url');
const helperUrl = pathToFileURL(
`${process.env.GITHUB_WORKSPACE}/tooling/auto-release-pr.mjs`
`${process.env.GITHUB_WORKSPACE}/tooling/scripts/auto-release-pr.mjs`
).href;
const {
getChangesetReleaseType,
Expand Down
22 changes: 3 additions & 19 deletions .github/workflows/check-skills.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,26 +25,10 @@ jobs:
with:
fetch-depth: 0

- uses: oven-sh/setup-bun@v2
name: Install bun
- name: πŸ“₯ Monorepo install
uses: ./.github/actions/bun-install
with:
bun-version-file: package.json

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 22

- uses: actions/cache@v4
name: Setup bun cache
with:
path: ~/.bun/install/cache
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-

- name: Install deps
run: bun install --frozen-lockfile && bun gen
generate: "true"

- name: Check staleness
id: stale
Expand Down
40 changes: 18 additions & 22 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ on:
- opened
- synchronize
- reopened
workflow_dispatch:

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
Expand All @@ -19,42 +23,34 @@ jobs:
name: CI
runs-on: ubuntu-latest
if: >-
github.event_name != 'pull_request' ||
github.event.pull_request.title != '[Release] Version packages'
(
github.event_name != 'pull_request' ||
github.event.pull_request.title != '[Release] Version packages'
) && (
github.event_name != 'push' ||
!contains(github.event.head_commit.message, '[skip ci]')
)

steps:
- name: Checkout
uses: actions/checkout@v5

- uses: oven-sh/setup-bun@v2
name: Install bun
with:
bun-version-file: package.json

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 22
fetch-depth: 0
persist-credentials: false

- uses: actions/cache@v4
name: ♻️ Setup bun cache
- name: πŸ“₯ Monorepo install
uses: ./.github/actions/bun-install
with:
path: ~/.bun/install/cache
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-
generate: "true"

- uses: actions/cache@v4
name: ♻️ Setup Next.js cache
- name: ♻️ Setup Next.js cache
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/www/.next/cache
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/bun.lock') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/bun.lock') }}-

- name: πŸ“₯ Install
run: bun install --frozen-lockfile && bun gen

- name: 🧠 Validate Skills
run: bun run intent:validate

Expand Down
42 changes: 42 additions & 0 deletions .github/workflows/clean-up-pr-caches.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#force-deleting-cache-entries
name: Cleanup caches for closed branches

on:
pull_request:
types: [closed]
Comment on lines +5 to +6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Run fork PR cleanup from the base context

When this workflow is triggered by a closed PR from a fork, pull_request runs with a read-only GITHUB_TOKEN, so the later cache delete call still cannot remove Actions caches even if the workflow requests actions: write. Since this cleanup does not need to execute PR code, use pull_request_target or explicitly skip fork PRs; otherwise fork PR caches remain after close.

Useful? React with πŸ‘Β / πŸ‘Ž.

workflow_dispatch:

jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4

- name: 🧹 Cleanup caches
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: ${{ github.repository }}
BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge
run: |
# Install GitHub CLI cache extension
gh extension install actions/gh-actions-cache

echo "Fetching list of cache keys..."
cacheKeys=$(gh actions-cache list -R $REPO -B $BRANCH | cut -f 1)

# Continue even if some cache deletions fail
set +e

if [ -z "$cacheKeys" ]; then
echo "No caches found to delete"
exit 0
fi

echo "Deleting caches..."
for cacheKey in $cacheKeys; do
echo "Deleting cache: $cacheKey"
gh actions-cache delete "$cacheKey" -R $REPO -B $BRANCH --confirm

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Grant actions write before deleting caches

When this workflow runs in a repository/org with restricted default GITHUB_TOKEN permissions, this delete command calls the Actions cache delete API without permissions: actions: write; GitHub's REST docs for deleting Actions caches require Actions repository permissions (write), so closed-PR cleanup can 403 instead of clearing the caches it just listed.

Useful? React with πŸ‘Β / πŸ‘Ž.

done

echo "Cache cleanup completed"
22 changes: 3 additions & 19 deletions .github/workflows/convex-matrix.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,26 +18,10 @@ jobs:
- name: Checkout
uses: actions/checkout@v5

- uses: oven-sh/setup-bun@v2
name: Install bun
- name: πŸ“₯ Monorepo install
uses: ./.github/actions/bun-install
with:
bun-version-file: package.json

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 22

- uses: actions/cache@v4
name: ♻️ Setup bun cache
with:
path: ~/.bun/install/cache
key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
restore-keys: |
${{ runner.os }}-bun-

- name: πŸ“₯ Install
run: bun install --frozen-lockfile && bun gen
generate: "true"

- name: πŸ“¦ Build Packages
run: bun build:pkg
Expand Down
Loading
Loading