Fix: include package-lock.json in release commits

[cameroncooke]

Summary

• Bumps project version to v1.15.1 and aligns associated metadata files.
• Makes scripts/release.sh portable on GNU/Linux and improves --dry-run behavior.

Background/Details

The release script was run from a Linux environment. The prior sed -i '' usage is macOS/BSD-specific and would fail on GNU sed.
Also, npm version updates the lockfile package version fields; the release commit should include that change to keep the repo consistent.

Solution

• Add a portable sed_inplace helper to support both BSD and GNU sed.
• Ensure --dry-run does not attempt to monitor workflows / claim completion.
• Include package-lock.json in release commits so the lockfile version matches package.json.

Testing

• Dry-run verified with: bash scripts/release.sh 1.15.1 --dry-run
• Release workflow run (tag v1.15.1): https://github.com/cameroncooke/XcodeBuildMCP/actions/runs/20393939812

Notes

• main is protected (PR required), so this PR carries the release/version commits back onto main.

---

Note

Bumps version to 1.15.1 and updates release script for GNU/BSD portability with improved dry-run and inclusion of package-lock.json in release commits.

• Release/Versioning:
  • Bump version references to 1.15.1 in package.json, package-lock.json, and server.json (including packages[*].version).
• Scripts (scripts/release.sh):
  • Add portable sed_inplace for GNU/BSD; use it for README version updates.
  • Improve run wrapper and --dry-run behavior (skip clean check; skip workflow monitoring).
  • Include package-lock.json in release commits; streamline git and npm commands.
  • Adjust server.json update via node -e with interpolated ${VERSION}; tag and push via run.

^{Written by Cursor Bugbot for commit 951fb5f. This will update automatically on new commits. Configure here.}

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/cameroncooke/XcodeBuildMCP/xcodebuildmcp@150

commit: 951fb5f

[coderabbitai]

Walkthrough

The pull request contains a patch version bump from 1.15.0 to 1.15.1 across package.json and server.json, including both top-level and nested version references. Additionally, the release script has been refactored to introduce a sed_inplace helper function and an enhanced run wrapper that provides early exit for dry-run mode. The script now includes version comparison logic via Node, updated Git operations to include package-lock.json conditionally, and applies dry-run guards to tag creation and push operations.

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly refers to the primary change: including package-lock.json in release commits, which is a key objective documented in the PR description and commit messages.
Description check	✅ Passed	The description comprehensively covers the changeset: version bumps, sed portability improvements, dry-run behaviour enhancements, and package-lock.json inclusion in commits, with testing details and background context.

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ee51da7 and 951fb5f.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• package.json (1 hunks)
• scripts/release.sh (3 hunks)
• server.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

🔇 Additional comments (10)

package.json (1)

3-3: LGTM!

Version bump to 1.15.1 is consistent with the PR objectives and aligns with the release script and server.json changes.

scripts/release.sh (8)

248-255: LGTM!

The refactored run function cleanly separates dry-run behaviour with an early return, making the control flow more readable.

---

257-271: Portable sed helper looks correct.

The detection method using sed --version is the standard approach for distinguishing GNU from BSD sed. One consideration: this function executes unconditionally even in dry-run mode. The callers wrap it with run sed_inplace ..., which handles dry-run correctly, so this is fine as-is.

---

276-287: Good dry-run handling.

The conditional check correctly enforces a clean working directory for real runs whilst allowing dry runs to continue with a warning. This improves developer experience when testing the script.

---

302-314: LGTM!

The version update logic correctly uses the run wrapper for both npm version and the README updates via sed_inplace. The semver regex patterns are appropriately comprehensive for matching version references in code examples and shield links.

---

318-323: LGTM!

The inline Node script correctly updates both the top-level version and nested package versions in server.json. The version has already been validated at this point, so injection concerns are mitigated.

---

328-333: Key fix: package-lock.json now included in release commits.

This is the core change mentioned in the PR title. Including package-lock.json in the staged files ensures the lockfile version stays in sync with package.json, which is essential for consistent npm/CI workflows.

---

337-346: Good defensive handling.

The logic to align server.json when the version update was previously skipped handles edge cases from partial runs gracefully. The separate commit message clearly indicates this is an alignment operation.

---

348-361: LGTM!

The tag creation and push operations are correctly wrapped with run. The dry-run early exit at line 357-361 is well-placed—it prevents the script from attempting to monitor GitHub Actions workflows that wouldn't exist, which aligns with the PR objectives.

server.json (1)

11-17: LGTM!

Both the top-level version and the nested package version are correctly updated to 1.15.1, maintaining consistency with package.json. The release script's inline Node logic will handle these updates automatically in future releases.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}