npm - @logickernel/agileflow - Versions diffs - 0.17.1 → 0.21.0 - Mend

@logickernel/agileflow 0.17.1 → 0.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +4 -3
package/docs/guides/github-actions.md +26 -22
package/package.json +1 -1
package/src/github-push.js +10 -7
package/src/utils.js +109 -7

package/README.md CHANGED Viewed

@@ -61,6 +61,9 @@ on:
   push:
     branches: [main]
+permissions:
+  contents: write
 jobs:
   version:
     runs-on: ubuntu-latest
@@ -74,12 +77,10 @@ jobs:
           node-version: '20'
       - name: Create version tag
-        env:
-          AGILEFLOW_TOKEN: ${{ secrets.AGILEFLOW_TOKEN }}
         run: npx @logickernel/agileflow github
 ```
-Requires an `AGILEFLOW_TOKEN` secret — a Personal Access Token with `Contents: Read and write` permission.
+AgileFlow automatically uses the built-in `GITHUB_TOKEN` — no secrets or custom tokens needed. Just grant `contents: write` permission in the workflow. You can also use a [Personal Access Token](./docs/guides/github-actions.md) if your organization restricts `GITHUB_TOKEN` permissions.
 ### GitLab CI

package/docs/guides/github-actions.md CHANGED Viewed

@@ -4,23 +4,7 @@ Two workflows: one that runs AgileFlow on push to main and creates a version tag
 ---
-## Step 1: Create an access token
-1. Go to **Settings → Developer settings → Personal access tokens → Fine-grained tokens**
-2. Click **Generate new token**
-3. Set:
-   - **Name**: `AgileFlow`
-   - **Repository access**: your repository
-   - **Permissions**: `Contents: Read and write`
-4. Copy the token
-## Step 2: Add the token as a secret
-1. In your repository: **Settings → Secrets and variables → Actions**
-2. Click **New repository secret**
-3. Name: `AGILEFLOW_TOKEN`, value: your token
-## Step 3: Create the versioning workflow
+## Step 1: Create the versioning workflow
 `.github/workflows/version.yml`:
@@ -30,6 +14,9 @@ on:
   push:
     branches: [main]
+permissions:
+  contents: write
 jobs:
   version:
     runs-on: ubuntu-latest
@@ -43,14 +30,31 @@ jobs:
           node-version: '20'
       - name: Create version tag
-        env:
-          AGILEFLOW_TOKEN: ${{ secrets.AGILEFLOW_TOKEN }}
         run: npx @logickernel/agileflow github
 ```
+That's it. AgileFlow automatically picks up the `GITHUB_TOKEN` that GitHub Actions provides. The `permissions: contents: write` block grants it permission to create tags.
 `fetch-depth: 0` is required — without it, AgileFlow can only see a shallow clone and cannot find the last version tag.
-## Step 4: Create the release workflow
+### Using a Personal Access Token instead
+If your organization restricts `GITHUB_TOKEN` permissions or you need cross-repository tagging, use a PAT:
+1. Go to **Settings → Developer settings → Personal access tokens → Fine-grained tokens**
+2. Click **Generate new token**
+3. Set:
+   - **Name**: `AgileFlow`
+   - **Repository access**: your repository
+   - **Permissions**: `Contents: Read and write`
+4. Copy the token
+5. In your repository: **Settings → Secrets and variables → Actions**
+6. Click **New repository secret**
+7. Name: `AGILEFLOW_TOKEN`, value: your token
+AgileFlow checks `AGILEFLOW_TOKEN` first, then falls back to `GITHUB_TOKEN`. When `AGILEFLOW_TOKEN` is set, no `permissions` block is needed.
+## Step 3: Create the release workflow
 `.github/workflows/release.yml`:
@@ -99,9 +103,9 @@ If no bump is needed (all commits are `chore`, `docs`, etc.), AgileFlow exits wi
 ## Troubleshooting
-**"AGILEFLOW_TOKEN not set"** — The secret is missing or not passed via `env:`. Verify the secret exists and the `env:` block is present in the step.
+**"No authentication token found"** — Neither `AGILEFLOW_TOKEN` nor `GITHUB_TOKEN` is available. If running in GitHub Actions, ensure the workflow has `permissions: contents: write`. If using a PAT, verify the `AGILEFLOW_TOKEN` secret exists.
-**"Resource not accessible by integration" / 403** — The token lacks `Contents: Read and write` permission. Regenerate with the correct scope.
+**"Resource not accessible by integration" / 403** — The token lacks `contents: write` permission. Add `permissions: contents: write` to your workflow, or regenerate your PAT with the correct scope.
 **"Bad credentials" / 401** — The token has expired or was revoked. Regenerate and update the secret.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@logickernel/agileflow",
-  "version": "0.17.1",
+  "version": "0.21.0",
   "description": "Automatic semantic versioning and changelog generation based on conventional commits",
   "main": "src/index.js",
   "bin": {

package/src/github-push.js CHANGED Viewed

@@ -131,17 +131,20 @@ function makeRequest({ method, path, accessToken, body }) {
  * @returns {Promise<void>}
  */
 async function pushTag(tagName, message, remote = 'origin') {
-  const accessToken = process.env.AGILEFLOW_TOKEN;
+  const accessToken = process.env.AGILEFLOW_TOKEN || process.env.GITHUB_TOKEN;
   const repository = process.env.GITHUB_REPOSITORY;
   const commitSha = process.env.GITHUB_SHA;
   if (!accessToken) {
     throw new Error(
-      `AGILEFLOW_TOKEN environment variable is required but not set.\n\n` +
-      `To fix this:\n` +
-      `1. Create a Personal Access Token with "contents: write" permission\n` +
-      `2. Add it as a repository secret named AGILEFLOW_TOKEN\n` +
-      `3. In your workflow, add: env: AGILEFLOW_TOKEN: \${{ secrets.AGILEFLOW_TOKEN }}`
+      `No authentication token found.\n\n` +
+      `AgileFlow looks for AGILEFLOW_TOKEN or GITHUB_TOKEN (in that order).\n\n` +
+      `In GitHub Actions, GITHUB_TOKEN is available automatically — just add\n` +
+      `permissions to your workflow:\n` +
+      `  permissions:\n` +
+      `    contents: write\n\n` +
+      `Or use a Personal Access Token with "contents: write" permission\n` +
+      `and store it as a secret named AGILEFLOW_TOKEN.`
     );
   }

package/src/utils.js CHANGED Viewed

@@ -224,9 +224,57 @@ function parseConventionalCommit(message) {
 }
 /**
- * Expands commit information by finding the latest version and filtering commits.
- * @param {Array} commits - Array of commit objects (newest to oldest)
- * @returns {{latestVersion: string|null, commits: Array}} Filtered commits since last version
+ * Finds the highest semver version tag in a list of commits.
+ * @param {Array} commits - The commits to scan
+ * @returns {{latestVersion: string|null, taggedCommitHash: string|null}}
+ */
+function findLatestVersionTag(commits) {
+  if (!commits?.length) {
+    return { latestVersion: null, taggedCommitHash: null };
+  }
+  let bestHash = null;
+  let bestVersion = null;
+  for (let i = 0; i < commits.length; i++) {
+    const semverTags = commits[i].tags?.filter(tag => SEMVER_PATTERN.test(tag));
+    if (!semverTags?.length) continue;
+    const highest = semverTags.sort((a, b) => {
+      const pa = parseVersion(a);
+      const pb = parseVersion(b);
+      if (pb.major !== pa.major) return pb.major - pa.major;
+      if (pb.minor !== pa.minor) return pb.minor - pa.minor;
+      return pb.patch - pa.patch;
+    })[0];
+    if (!bestVersion) {
+      bestVersion = highest;
+      bestHash = commits[i].hash;
+    } else {
+      const pBest = parseVersion(bestVersion);
+      const pCand = parseVersion(highest);
+      const isHigher =
+        pCand.major > pBest.major ||
+        (pCand.major === pBest.major && pCand.minor > pBest.minor) ||
+        (pCand.major === pBest.major && pCand.minor === pBest.minor && pCand.patch > pBest.patch);
+      if (isHigher) {
+        bestVersion = highest;
+        bestHash = commits[i].hash;
+      }
+    }
+  }
+  return { latestVersion: bestVersion, taggedCommitHash: bestHash };
+}
+/**
+ * Expands commit info by finding the latest version tag and returning
+ * only commits since that tag. Uses positional slicing from a date-sorted
+ * commit list — for accurate results with merge commits, prefer using
+ * findLatestVersionTag + getCommitsSinceTag (as processVersionInfo does).
+ * @param {Array} commits - All commits (date-sorted, newest first)
+ * @returns {{latestVersion: string|null, commits: Array}}
  */
 function expandCommitInfo(commits) {
   if (!commits?.length) {
@@ -548,6 +596,45 @@ function getAllBranchCommits(branch) {
   }
 }
+/**
+ * Retrieves commits reachable from the branch but not from the given tag,
+ * using git's native range selection so that date ordering cannot cause
+ * commits from merged branches to be missed.
+ * @param {string} tagHash - The commit hash of the version tag
+ * @param {string} branchSha - The resolved SHA of the branch tip
+ * @returns {Array<{hash: string, datetime: string, author: string, message: string, tags: Array<string>}>}
+ */
+function getCommitsSinceTag(tagHash, branchSha) {
+  const tagMap = buildTagMap();
+  const RS = '\x1E';
+  const COMMIT_SEP = `${RS}${RS}`;
+  try {
+    const logCmd = `git log --format=%H${RS}%ai${RS}%an${RS}%B${COMMIT_SEP} ${tagHash}..${branchSha}`;
+    const output = runWithOutput(logCmd).trim();
+    if (!output) return [];
+    return output
+      .split(COMMIT_SEP)
+      .filter(block => block.trim())
+      .map(block => {
+        const parts = block.split(RS);
+        if (parts.length < 4) return null;
+        const hash = parts[0].trim();
+        return {
+          hash,
+          datetime: parts[1].trim(),
+          author: parts[2].trim(),
+          message: parts.slice(3).join(RS).trim(),
+          tags: tagMap.get(hash) || [],
+        };
+      })
+      .filter(Boolean);
+  } catch {
+    return [];
+  }
+}
 /**
  * Processes version information for the current branch.
  * @returns {Promise<{currentVersion: string|null, newVersion: string|null, commits: Array, changelog: string}>}
@@ -556,12 +643,25 @@ async function processVersionInfo() {
   ensureGitRepo();
   const branch = getCurrentBranch();
   fetchTags();
   const allCommits = getAllBranchCommits(branch);
-  const expandedInfo = expandCommitInfo(allCommits);
-  const { latestVersion, commits } = expandedInfo;
+  const { latestVersion, taggedCommitHash } = findLatestVersionTag(allCommits);
+  let commits;
+  if (taggedCommitHash) {
+    // Use git's range selection (tag..HEAD) to correctly identify all commits
+    // since the tag, regardless of commit date ordering. This fixes an issue
+    // where commits from merged feature branches could be missed because their
+    // dates are older than the tagged commit.
+    const branchSha = allCommits[0]?.hash;
+    commits = branchSha ? getCommitsSinceTag(taggedCommitHash, branchSha) : [];
+  } else {
+    commits = allCommits;
+  }
+  const expandedInfo = { latestVersion, commits };
   const { newVersion, changelog } = calculateNextVersionAndChangelog(expandedInfo);
   return {
     currentVersion: latestVersion,
     newVersion,
@@ -577,6 +677,8 @@ module.exports = {
   getCurrentBranch,
   fetchTags,
   getAllBranchCommits,
+  findLatestVersionTag,
+  getCommitsSinceTag,
   expandCommitInfo,
   calculateNextVersionAndChangelog,
   processVersionInfo,