feat: updated release implementation for neovim config #20

gemini-code-assist · 2025-12-30T04:17:37Z

Hardcoding personal information like your name and email address in a configuration file within a public repository is a significant security and privacy risk. This information can be scraped by bots and used for spam, phishing, or other malicious activities. It's recommended to remove this information from the repository. If this information is required by the auto tool, consider using environment variables or a local, untracked configuration file to provide it.

coderabbitai · 2025-12-30T04:26:38Z

🧹 Nitpick | 🔵 Trivial

Remove unused environment variable.

The LUA_LS_VERSION environment variable is defined but not used anywhere in the workflow. Consider removing it to keep the configuration clean.

🤖 Prompt for AI Agents

.github/workflows/release.yaml around lines 10 to 11 defines an unused environment variable LUA_LS_VERSION; remove the LUA_LS_VERSION entry from the env block (or the entire env block if it becomes empty) to keep the workflow configuration clean and avoid unused configuration.

coderabbitai · 2025-12-30T04:26:38Z

⚠️ Potential issue | 🔴 Critical

Fix concurrency group to handle both push and PR events.

The concurrency group uses github.head_ref, which is only defined for pull_request events. For push events (including pushes to main), this will be empty, causing all push runs to share the same concurrency group and potentially cancel each other unexpectedly.

🔎 Proposed fix

concurrency: - group: github.head_ref + group: ${{ github.head_ref || github.ref }} cancel-in-progress: true

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

concurrency:

group: github.head_ref

cancel-in-progress: true

concurrency:

group: ${{ github.head_ref || github.ref }}

cancel-in-progress: true

🤖 Prompt for AI Agents

In .github/workflows/release.yaml around lines 12-14, the concurrency group currently uses github.head_ref which is undefined for push events; replace it with a deterministic expression that works for both PRs and pushes, for example set group to an expression combining the workflow and either head_ref or ref (e.g. ${{ github.workflow }}-${{ github.head_ref || github.ref }}), so push runs use the branch ref and PR runs use the head_ref and runs don’t inadvertently share/cancel each other.

coderabbitai · 2025-12-30T04:26:38Z

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's see the full context of the workflow file around line 39-40 head -50 .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 978

🏁 Script executed:

# Check package.json for the release script cat package.json | jq '.scripts.release' 2>/dev/null || cat package.json | grep -A 2 '"release"'

Repository: stephansama/nvim

Length of output: 73

🏁 Script executed:

# Search for release tool configurations fd -t f '(autorc|\.release-it|semantic-release)' -E node_modules 2>/dev/null ls -la | grep -i auto 2>/dev/null

Repository: stephansama/nvim

Length of output: 119

🏁 Script executed:

# Check the .autorc configuration cat .autorc

Repository: stephansama/nvim

Length of output: 301

🏁 Script executed:

# Check if there are any environment variables set in the release job grep -A 20 "jobs:" .github/workflows/release.yaml | grep -E "(env:|GITHUB|NPM|TOKEN)"

Repository: stephansama/nvim

Length of output: 42

🏁 Script executed:

# Check if secrets are referenced anywhere in the workflow grep -r "secrets\." .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 42

🏁 Script executed:

# Look for any GitHub Actions documentation or setup in other workflow files find .github/workflows -name "*.yaml" -o -name "*.yml" | head -5

Repository: stephansama/nvim

Length of output: 90

🏁 Script executed:

# Check if the workflow specifies permissions for the job grep -B 10 "release:" .github/workflows/release.yaml | grep -E "(permissions|contents)"

Repository: stephansama/nvim

Length of output: 42

🏁 Script executed:

# Look for any other release workflows that might have the proper setup find .github -name "*.yaml" -o -name "*.yml" | xargs grep -l "auto shipit" 2>/dev/null

Repository: stephansama/nvim

Length of output: 44

🏁 Script executed:

# Check if there's documentation or CI config that shows how auto is being used find . -maxdepth 2 -type f $ -name "*.md" -o -name ".github" -type d $ | head -10

Repository: stephansama/nvim

Length of output: 71

🏁 Script executed:

# Verify the auto tool requirements - check node_modules or package.json for auto cat package.json | jq '.devDependencies, .dependencies' | grep -i auto

Repository: stephansama/nvim

Length of output: 198

🏁 Script executed:

# Check the full job definition for permissions cat .github/workflows/release.yaml | grep -A 30 "jobs:"

Repository: stephansama/nvim

Length of output: 769

🏁 Script executed:

# Look at the README to see if there's any documentation about the release process cat README.md | grep -A 10 -B 5 -i "release\|auto"

Repository: stephansama/nvim

Length of output: 1356

🏁 Script executed:

# Check if GITHUB_TOKEN is typically needed for auto - look at GitHub Actions context # In GitHub Actions, GITHUB_TOKEN is automatically available, but we need to verify # if it's being passed correctly. Let's check the step more carefully. grep -A 5 -B 5 "pnpm run release" .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 232

🏁 Script executed:

# Let's check if there's any documentation about auto and GitHub Actions # Search for any GitHub Actions specific setup in the repo find . -name "*.md" -o -name "*.txt" | xargs grep -l "GITHUB_TOKEN\|GH_TOKEN\|NPM_TOKEN" 2>/dev/null

Repository: stephansama/nvim

Length of output: 44

🏁 Script executed:

# Check if setup-node with registry-url automatically sets NPM_TOKEN # Also check if there's a .npmrc file ls -la .npmrc 2>/dev/null || echo "No .npmrc found" cat .npmrc 2>/dev/null || echo "No .npmrc to display"

Repository: stephansama/nvim

Length of output: 96

🏁 Script executed:

# Let's examine what permissions the checkout action needs grep -A 10 "actions/checkout" .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 419

🏁 Script executed:

# Search for any other workflows that might show the proper pattern for using auto find .github/workflows -type f $ -name "*.yaml" -o -name "*.yml" $ -exec basename {} \;

Repository: stephansama/nvim

Length of output: 72

🏁 Script executed:

# Let's check if the auto tool expects GITHUB_TOKEN as an environment variable # by looking at the package.json scripts and any documentation cat package.json | jq '.scripts'

Repository: stephansama/nvim

Length of output: 523

🏁 Script executed:

# Check if there's a GitHub Actions configuration file or docs about secrets find . -name ".github" -type d -exec find {} -type f \; | head -20

Repository: stephansama/nvim

Length of output: 92

🏁 Script executed:

# Let's verify the specific version of auto being used and its requirements # Check if there's a lockfile that shows what auto needs if [ -f pnpm-lock.yaml ]; then echo "Checking pnpm-lock.yaml for auto configuration..." head -100 pnpm-lock.yaml elif [ -f package-lock.json ]; then echo "Checking package-lock.json..." grep -A 5 '"auto"' package-lock.json | head -20 elif [ -f yarn.lock ]; then echo "Checking yarn.lock..." grep -A 5 "auto@" yarn.lock | head -20 fi

Repository: stephansama/nvim

Length of output: 3133

🏁 Script executed:

# Check GitHub's documentation - does auto need explicit token passing? # Let's look for any CI config or documentation in the repo find . -maxdepth 2 -name "*.md" -type f -exec grep -l "auto\|release" {} \;

Repository: stephansama/nvim

Length of output: 71

🏁 Script executed:

# Check if the package is published to npm (look for publish config in package.json) cat package.json | jq '.publishConfig, .version' 2>/dev/null

Repository: stephansama/nvim

Length of output: 72

🏁 Script executed:

# Check if there's any GitHub Actions secrets configured in the repo # Also check for any documentation about the release process find . -name "*.md" -type f -exec grep -l "npm\|publish\|deploy\|secret" {} \; 2>/dev/null | head -10

Repository: stephansama/nvim

Length of output: 71

🏁 Script executed:

# Let's specifically check what auto's shipit command does # by looking at the auto documentation in devDependencies or checking version echo "Looking for auto shipit documentation or config..." grep -r "shipit" . --include="*.md" --include="*.js" --include="*.ts" --include="*.json" 2>/dev/null | grep -v node_modules | head -20

Repository: stephansama/nvim

Length of output: 153

🏁 Script executed:

# Let's check GitHub's documentation about GITHUB_TOKEN in Actions # The key is whether auto can access it automatically or needs it passed explicitly # Let's look for any GitHub Actions documentation in the repo or check common patterns # Check if there are any environment variable settings in the workflow cat .github/workflows/release.yaml | grep -E "env:|GITHUB_TOKEN|secrets" # Also check if the checkout action fetches with token cat .github/workflows/release.yaml | grep -A 5 "checkout"

Repository: stephansama/nvim

Length of output: 245

🏁 Script executed:

# Check if the project has any CI documentation or examples find . -maxdepth 2 -name "*.md" -o -name ".git*" -type f 2>/dev/null | xargs grep -l "GITHUB_TOKEN\|GH_TOKEN\|release" 2>/dev/null | head -5

Repository: stephansama/nvim

Length of output: 42

🏁 Script executed:

# Check auto CLI documentation to understand what credentials it needs # Look in the repository for any documentation about setting up releases ls -la .github/ 2>/dev/null cat .github/CONTRIBUTING.md 2>/dev/null || cat .github/DEVELOPMENT.md 2>/dev/null || echo "No development docs found"

Repository: stephansama/nvim

Length of output: 255

🏁 Script executed:

# Check the auto GitHub Actions documentation/examples # Look for what environment variables auto expects # The key question: does auto automatically use the GitHub Actions GITHUB_TOKEN? # Let's search the actual documentation or examples online by looking at # what the .autorc expects and what auto needs # First, let's check if there's any GitHub Actions setup specifically for auto find . -type f $ -name "*.yml" -o -name "*.yaml" -o -name "*.md" $ -exec grep -l "auto\|GITHUB_TOKEN" {} \; 2>/dev/null # Also check if the repository is actually using GitHub Actions features that # would require token passing cat .github/workflows/release.yaml | head -20

Repository: stephansama/nvim

Length of output: 393

🏁 Script executed:

# Key check: In GitHub Actions, GITHUB_TOKEN is available but needs explicit passing # Let's verify what the auto tool documentation says about authentication # by checking if there are any examples in the repo or standard patterns # Check how the checkout action is configured - does it pass a token? grep -A 3 "uses: actions/checkout" .github/workflows/release.yaml # Check if there's a permissions section in the job grep -B 5 "name: Release" .github/workflows/release.yaml | grep -E "permissions|contents"

Repository: stephansama/nvim

Length of output: 178

🏁 Script executed:

# Let's get more context - look for any GitHub Actions documentation or examples # Check what the standard pattern is for using auto in GitHub Actions # Search for auto-related issues or examples in common places find . -name "*.md" -o -name "*.txt" | xargs grep -i "auto\|shipit\|release" 2>/dev/null | grep -v node_modules | head -30

Repository: stephansama/nvim

Length of output: 454

🏁 Script executed:

# The key question: Can auto access GITHUB_TOKEN automatically in GitHub Actions? # According to GitHub Actions documentation, GITHUB_TOKEN is available but needs explicit passing # Let's verify the actual checkout configuration more carefully cat .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 978

🏁 Script executed:

# Check if there's a specific section about permissions needed # Also check what version of checkout is being used grep -E "permissions:|persist-credentials:|token:" .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 42

🏁 Script executed:

# Let me verify the core issue: whether auto/shipit needs GITHUB_TOKEN as an env var # by checking if there are any GitHub Actions best practices documented # Check the actions/checkout documentation - does persist-credentials=true make GITHUB_TOKEN available? # According to GitHub Actions docs, GITHUB_TOKEN is NOT automatically available as an env var # It needs to be explicitly passed with: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Let's verify if the current checkout setup would work with auto cat .github/workflows/release.yaml | grep -A 2 "Checkout"

Repository: stephansama/nvim

Length of output: 151

🏁 Script executed:

# Final verification: Check if auto's documentation or examples show GITHUB_TOKEN requirements # Look at auto's standard usage patterns - does it need the token as env var? # According to auto documentation, it needs: # - GITHUB_TOKEN for GitHub API calls (creating releases, tags, comments) # - The token should be available as environment variable or passed explicitly # Let's check if there's any configuration that passes it implicitly cat .github/workflows/release.yaml | grep -B 5 -A 10 "Run release"

Repository: stephansama/nvim

Length of output: 246

Add GITHUB_TOKEN to the release step.

The auto shipit command requires GITHUB_TOKEN to create git tags and GitHub releases. Although this token is available in GitHub Actions, it must be explicitly passed as an environment variable.

Add to the release step:

- name: Run release run: pnpm run release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

🤖 Prompt for AI Agents

.github/workflows/release.yaml around lines 39 to 40: the release step runs `pnpm run release` but does not expose the required GITHUB_TOKEN to the process; update the step to add an env mapping that sets GITHUB_TOKEN to ${{ secrets.GITHUB_TOKEN }} so the auto shipit/release tooling can create tags and GitHub releases.

coderabbitai · 2025-12-30T04:26:38Z

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # First, locate and read .autorc to see the asset path if [ -f ".autorc" ]; then echo "=== .autorc content ===" cat .autorc else echo ".autorc not found in root" fi

Repository: stephansama/nvim

Length of output: 325

🏁 Script executed:

#!/bin/bash # Search for bloat.json references in the codebase echo "=== Files mentioning bloat.json ===" rg "bloat\.json" --type-list | head -5 rg "bloat\.json" -l

Repository: stephansama/nvim

Length of output: 538

🏁 Script executed:

#!/bin/bash # Check if bloat.js exists and examine it if [ -f "lua/plugins/debug/bloat.js" ]; then echo "=== lua/plugins/debug/bloat.js ===" cat lua/plugins/debug/bloat.js else echo "bloat.js not found at lua/plugins/debug/bloat.js" # Search for it fd "bloat" --type f fi

Repository: stephansama/nvim

Length of output: 1052

🏁 Script executed:

#!/bin/bash # Check init.lua for Bloat command configuration echo "=== Searching for Bloat command in Lua files ===" rg "Bloat" --type lua -B 2 -A 2

Repository: stephansama/nvim

Length of output: 271

🏁 Script executed:

#!/bin/bash # Check if there are other Makefile targets or if bloat.js is called elsewhere echo "=== Full Makefile content ===" cat Makefile echo -e "\n=== Search for bloat.js execution ===" rg "bloat\.js" --type sh --type makefile --type bash

Repository: stephansama/nvim

Length of output: 964

🏁 Script executed:

#!/bin/bash # Check if there's a release workflow or script that calls bloat.js echo "=== Check for CI/release workflows ===" fd "workflow|release|build" --type f -d 3 ls -la .github/workflows/ 2>/dev/null || echo "No .github/workflows found"

Repository: stephansama/nvim

Length of output: 290

🏁 Script executed:

#!/bin/bash # Check the release workflow echo "=== .github/workflows/release.yaml ===" cat .github/workflows/release.yaml

Repository: stephansama/nvim

Length of output: 1017

🏁 Script executed:

#!/bin/bash # Search for any pnpm script that might call bloat.js echo "=== Checking package.json for bloat-related scripts ===" cat package.json | jq '.scripts' 2>/dev/null || grep -A 20 '"scripts"' package.json 2>/dev/null | head -50

Repository: stephansama/nvim

Length of output: 579

The release workflow must run the bloat.json transformation step before asset upload.

The make generate-bloat target generates bloat.json in the repository root via the bloat.nvim plugin, but the release workflow never invokes pnpm run build:bloat, which reads the root file and writes the transformed version to ./dist/bloat.json as expected by .autorc.

Without this step, the asset upload in .autorc will fail because ./dist/bloat.json does not exist. Either add pnpm run build:bloat to the release workflow after make generate-bloat, or add it as a step within the Makefile's generate-bloat target.

🤖 Prompt for AI Agents

In Makefile around lines 6 to 10, the generate-bloat target creates bloat.json in repo root but does not run the transformation that writes ./dist/bloat.json required by the release asset upload; update the target to run the transformation (execute `pnpm run build:bloat`) after the nvim invocation so the transformed file is produced in ./dist, or alternatively add a step to the release workflow immediately after calling `make generate-bloat` to run `pnpm run build:bloat`; ensure the command runs in the repository root and fails the target/workflow if the build step exits non‑zero.

coderabbitai · 2025-12-30T04:28:38Z

🧹 Nitpick | 🔵 Trivial

Consider adding error handling for the Neovim command.

The target doesn't verify whether the headless Neovim command succeeds or whether bloat.json is actually created. If the Bloat plugin fails or the command errors, the Makefile will continue silently.

🔎 Proposed improvement with validation

generate-bloat: nvim --version | head -n 1 XDG_CONFIG_HOME=$PWD \ nvim --headless \ +"Bloat bloat.json" \ +qa + @test -f bloat.json || (echo "Error: bloat.json was not generated" && exit 1) $(MISE) pnpm run build:bloat

🤖 Prompt for AI Agents

In Makefile around lines 6 to 11, the generate-bloat target runs headless Neovim but doesn’t check the command’s exit status or verify that bloat.json was produced; update the recipe to fail the build on error by checking nvim’s exit code and then asserting bloat.json exists (e.g., run the nvim command and if it returns non-zero print an error and exit 1, then test -f bloat.json and if missing print an error and exit 1).

-Original file line number
+Diff line change
@@ -0,0 +1,16 @@
+    {
+    	"plugins": [
+    		"git-tag",
+    		"conventional-commits",
+    		[
+    			"upload-assets",
+    			{
+    				"assets": ["./dist/bloat.json"]
+    			}
+    		]
+    	],
+    	"owner": "stephansama",
+    	"repo": "nvim",
+    	"name": "Stephan Randle",
+    	"email": "stephanrandle@hotmail.com"
+    }

-Original file line number
+Diff line change
@@ Expand Up / @@ -11,5 +11,5 @@ indent_size = 4 @@
     indent_style = tab
     insert_final_newline = true
-    [*.json]
+    [*.{json,yml,yaml}]
     indent_size = 2

-Original file line number
+Diff line change
@@ -1,18 +1,21 @@
     **/*schema.json
     **/*schema.lua
     *import.lua
+    bloat.json
+    deps
+    dist
     lua/config/constants.lua
     lua/icons/*.lua
     lua/keys/*.lua
-    lua/utils/tailwindcss.lua
-    lua/schemas/modes.ts
-    lua/schemas/*.lua
-    lua/schemas/*.json
     lua/plugins/enabled.lua
     lua/plugins/lang/enabled.lua
     lua/plugins/lang/init.lua
     lua/plugins/lang/packs.lua
     lua/plugins/ui/dashboard/*.lua
+    lua/schemas/*.json
+    lua/schemas/*.lua
+    lua/schemas/modes.ts
+    lua/utils/tailwindcss.lua
     lualib_bundle.lua
     node_modules
     scripts/language-pack.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -2,6 +2,7 @@ @@
     *.scm
     .gitignore
     .prettierignore
+    .editorconfig
     Makefile
     commit-msg
     pnpm-lock.yaml
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -3,6 +3,13 @@ MISE = if [ -f /tmp/mise.sh ]; then . /tmp/mise.sh; fi; @@
     generate-dictionary:
     	curl -L -o ./dictionary/words.txt https://github.com/dwyl/english-words/raw/refs/heads/master/words.txt
+    generate-bloat:
+    	nvim --version | head -n 1
+    	XDG_CONFIG_HOME=$PWD \
+    	nvim --headless \
+    		+"Bloat bloat.json" \
+    		+qa
     install:
     	$(MISE) pnpm install
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: updated release implementation for neovim config #20

Uh oh!

Diff view

Diff view

There are no files selected for viewing

gemini-code-assist bot Dec 30, 2025

Uh oh!

coderabbitai bot Dec 30, 2025

Uh oh!

coderabbitai bot Dec 30, 2025

Uh oh!

coderabbitai bot Dec 30, 2025

Uh oh!

coderabbitai bot Dec 30, 2025

Uh oh!

coderabbitai bot Dec 30, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

feat: updated release implementation for neovim config #20

Are you sure you want to change the base?

Uh oh!

feat: updated release implementation for neovim config #20

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

gemini-code-assist bot Dec 30, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Dec 30, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Dec 30, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Dec 30, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Dec 30, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Dec 30, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!