From 290ead89655d50402e8efe105b85ab93f2a24d62 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 4 Jan 2026 03:54:24 +0000 Subject: [PATCH 1/5] Initial plan From ff5080db5919c943636f8ebdc901d5ab6c1b3d1a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 4 Jan 2026 03:58:20 +0000 Subject: [PATCH 2/5] Add automatic version bump workflow for pull requests Co-authored-by: jaypatrick <1800595+jaypatrick@users.noreply.github.com> --- .github/workflows/version-bump.yml | 104 +++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 .github/workflows/version-bump.yml diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml new file mode 100644 index 0000000..c3e173b --- /dev/null +++ b/.github/workflows/version-bump.yml @@ -0,0 +1,104 @@ +name: Auto Version Bump + +on: + pull_request: + types: [opened] + branches: [master, main] + +permissions: + contents: write + pull-requests: write + +jobs: + bump-version: + name: Bump Version Number + runs-on: ubuntu-latest + # Only run on PRs not created by bots + if: github.actor != 'github-actions[bot]' && github.actor != 'dependabot[bot]' + steps: + - name: Checkout PR branch + uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: Setup Deno + uses: denoland/setup-deno@v1 + with: + deno-version: v2.4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Configure Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Bump version in deno.json + id: bump_version + run: | + # Read current version from deno.json + CURRENT_VERSION=$(cat deno.json | grep '"version"' | head -1 | sed 's/.*"version": "\(.*\)".*/\1/') + echo "Current version: $CURRENT_VERSION" + + # Split version into parts (assuming semver: major.minor.patch) + IFS='.' read -r -a version_parts <<< "$CURRENT_VERSION" + MAJOR="${version_parts[0]}" + MINOR="${version_parts[1]}" + PATCH="${version_parts[2]}" + + # Bump patch version + NEW_PATCH=$((PATCH + 1)) + NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}" + echo "New version: $NEW_VERSION" + + # Update deno.json + sed -i "s/\"version\": \"${CURRENT_VERSION}\"/\"version\": \"${NEW_VERSION}\"/" deno.json + + # Output for later steps + echo "old_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT + echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT + + - name: Bump version in package.json + run: | + # Update package.json if it exists with a version field + if [ -f "package.json" ] && grep -q '"version"' package.json; then + OLD_VERSION="${{ steps.bump_version.outputs.old_version }}" + NEW_VERSION="${{ steps.bump_version.outputs.new_version }}" + sed -i "s/\"version\": \"${OLD_VERSION}\"/\"version\": \"${NEW_VERSION}\"/" package.json + echo "Updated package.json version to ${NEW_VERSION}" + fi + + - name: Check for changes + id: check_changes + run: | + if git diff --quiet; then + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No version changes needed" + else + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "Version files updated" + fi + + - name: Commit and push version bump + if: steps.check_changes.outputs.has_changes == 'true' + run: | + git add deno.json package.json + git commit -m "chore: bump version to ${{ steps.bump_version.outputs.new_version }}" + git push origin ${{ github.head_ref }} + + - name: Add comment to PR + if: steps.check_changes.outputs.has_changes == 'true' + uses: actions/github-script@v7 + with: + script: | + github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: '🚀 Version automatically bumped from `${{ steps.bump_version.outputs.old_version }}` to `${{ steps.bump_version.outputs.new_version }}`' + }) From 0001d28cade94a2656602d3eb6da96a508a42246 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 4 Jan 2026 03:59:05 +0000 Subject: [PATCH 3/5] Document auto version bump workflow Co-authored-by: jaypatrick <1800595+jaypatrick@users.noreply.github.com> --- .github/workflows/README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 7c004a5..51017d7 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -4,6 +4,29 @@ This directory contains the GitHub Actions workflows for the adblock-compiler pr ## Workflows +### Auto Version Bump (`version-bump.yml`) + +Automatically bumps the version number when a pull request is opened. + +#### Trigger +- Runs when a pull request is opened targeting master/main branches +- Does not run for PRs created by bots (github-actions[bot], dependabot[bot]) + +#### What it does +1. Extracts the current version from `deno.json` +2. Increments the patch version (e.g., 0.6.88 → 0.6.89) +3. Updates the version in both `deno.json` and `package.json` +4. Commits the changes with message: `chore: bump version to X.Y.Z` +5. Pushes the commit to the PR branch +6. Adds a comment to the PR confirming the version bump + +#### Why it's needed +JSR (JavaScript Registry) only accepts new versions when publishing. Without automatic version bumping, merged PRs would not trigger a new JSR publication, preventing updated code from being available to users. + +#### Permissions +- `contents: write` - Required to commit and push version changes +- `pull-requests: write` - Required to add comments to PRs + ### CI/CD Pipeline (`ci.yml`) The main CI/CD pipeline that runs on every push and pull request to master/main branches. From cf39a4a0d8bc2ec3d13e74ab362773af9223be3a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 4 Jan 2026 04:02:01 +0000 Subject: [PATCH 4/5] Improve version bump workflow with robust JSON parsing and validation Co-authored-by: jaypatrick <1800595+jaypatrick@users.noreply.github.com> --- .github/workflows/version-bump.yml | 34 ++++++++++++++++++++++++------ deno.lock | 4 +--- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index c3e173b..d371e7c 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -41,23 +41,39 @@ jobs: - name: Bump version in deno.json id: bump_version run: | - # Read current version from deno.json - CURRENT_VERSION=$(cat deno.json | grep '"version"' | head -1 | sed 's/.*"version": "\(.*\)".*/\1/') + # Read current version from deno.json using deno for robust JSON parsing + CURRENT_VERSION=$(deno eval 'console.log(JSON.parse(Deno.readTextFileSync("deno.json")).version)') echo "Current version: $CURRENT_VERSION" - # Split version into parts (assuming semver: major.minor.patch) + # Validate version format (must be major.minor.patch with numeric parts only) + if ! [[ "$CURRENT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Error: Version '$CURRENT_VERSION' is not in valid semver format (major.minor.patch)" + exit 1 + fi + + # Split version into parts IFS='.' read -r -a version_parts <<< "$CURRENT_VERSION" MAJOR="${version_parts[0]}" MINOR="${version_parts[1]}" PATCH="${version_parts[2]}" + # Validate PATCH is numeric (extra safety check) + if ! [[ "$PATCH" =~ ^[0-9]+$ ]]; then + echo "Error: Patch version '$PATCH' is not numeric" + exit 1 + fi + # Bump patch version NEW_PATCH=$((PATCH + 1)) NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}" echo "New version: $NEW_VERSION" - # Update deno.json - sed -i "s/\"version\": \"${CURRENT_VERSION}\"/\"version\": \"${NEW_VERSION}\"/" deno.json + # Update deno.json using deno for safe JSON manipulation + deno eval " + const config = JSON.parse(Deno.readTextFileSync('deno.json')); + config.version = '$NEW_VERSION'; + Deno.writeTextFileSync('deno.json', JSON.stringify(config, null, 4) + '\n'); + " # Output for later steps echo "old_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT @@ -67,9 +83,13 @@ jobs: run: | # Update package.json if it exists with a version field if [ -f "package.json" ] && grep -q '"version"' package.json; then - OLD_VERSION="${{ steps.bump_version.outputs.old_version }}" NEW_VERSION="${{ steps.bump_version.outputs.new_version }}" - sed -i "s/\"version\": \"${OLD_VERSION}\"/\"version\": \"${NEW_VERSION}\"/" package.json + # Use deno for safe JSON manipulation + deno eval " + const pkg = JSON.parse(Deno.readTextFileSync('package.json')); + pkg.version = '$NEW_VERSION'; + Deno.writeTextFileSync('package.json', JSON.stringify(pkg, null, '\t') + '\n'); + " echo "Updated package.json version to ${NEW_VERSION}" fi diff --git a/deno.lock b/deno.lock index 7287c76..14b35c8 100644 --- a/deno.lock +++ b/deno.lock @@ -23,7 +23,6 @@ "jsr:@std/testing@*": "1.0.16", "jsr:@std/testing@1": "1.0.16", "npm:@cloudflare/workers-types@^4.20260103.0": "4.20260103.0", - "npm:tldts@^6.1.0": "6.1.86", "npm:wrangler@^4.54.0": "4.54.0_unenv@2.0.0-rc.24_workerd@1.20251210.0_@cloudflare+workers-types@4.20260103.0" }, "jsr": { @@ -683,8 +682,7 @@ "jsr:@std/flags@0.224", "jsr:@std/fs@1", "jsr:@std/path@1", - "jsr:@std/testing@1", - "npm:tldts@^6.1.0" + "jsr:@std/testing@1" ], "packageJson": { "dependencies": [ From f531980c0cb480a6f2586e62b79cfc15dbf3d009 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 4 Jan 2026 04:04:10 +0000 Subject: [PATCH 5/5] Fix shell injection vulnerabilities and add error handling Co-authored-by: jaypatrick <1800595+jaypatrick@users.noreply.github.com> --- .github/workflows/version-bump.yml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index d371e7c..a1a6789 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -42,7 +42,15 @@ jobs: id: bump_version run: | # Read current version from deno.json using deno for robust JSON parsing - CURRENT_VERSION=$(deno eval 'console.log(JSON.parse(Deno.readTextFileSync("deno.json")).version)') + if [ ! -f "deno.json" ]; then + echo "Error: deno.json not found" + exit 1 + fi + + CURRENT_VERSION=$(deno eval 'console.log(JSON.parse(Deno.readTextFileSync("deno.json")).version)' 2>&1) || { + echo "Error: Failed to read version from deno.json" + exit 1 + } echo "Current version: $CURRENT_VERSION" # Validate version format (must be major.minor.patch with numeric parts only) @@ -69,11 +77,13 @@ jobs: echo "New version: $NEW_VERSION" # Update deno.json using deno for safe JSON manipulation + # Pass version as command-line argument to avoid shell injection deno eval " + const newVersion = Deno.args[0]; const config = JSON.parse(Deno.readTextFileSync('deno.json')); - config.version = '$NEW_VERSION'; + config.version = newVersion; Deno.writeTextFileSync('deno.json', JSON.stringify(config, null, 4) + '\n'); - " + " "$NEW_VERSION" # Output for later steps echo "old_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT @@ -85,11 +95,13 @@ jobs: if [ -f "package.json" ] && grep -q '"version"' package.json; then NEW_VERSION="${{ steps.bump_version.outputs.new_version }}" # Use deno for safe JSON manipulation + # Pass version as command-line argument to avoid shell injection deno eval " + const newVersion = Deno.args[0]; const pkg = JSON.parse(Deno.readTextFileSync('package.json')); - pkg.version = '$NEW_VERSION'; + pkg.version = newVersion; Deno.writeTextFileSync('package.json', JSON.stringify(pkg, null, '\t') + '\n'); - " + " "$NEW_VERSION" echo "Updated package.json version to ${NEW_VERSION}" fi