@vv0rkz/js-template 1.8.3 → 1.9.0

package/README.md

@@ -52,16 +52,33 @@ export default {
 
   // Релиз
   release: {
-    requireDemo: true,               // требовать GIF/PNG перед релизом
-    demoDir: 'docs',                 // где искать демо
-    demoFormats: ['gif', 'png'],
+    demo: {
+      enable: true,                  // требовать демо перед релизом
+      dir: 'docs',                   // где искать демо-файлы
+      formats: ['gif', 'png'],       // допустимые форматы
+      style: 'click',                // 'click' | 'side-by-side'
+    },
   },
 
   // Автообновление зависимостей
-  depUpdater: false,                 // 'dependabot' | 'renovate' | false
+  // Короткая форма: 'dependabot' | 'renovate' | false
+  // Расширенная (только dependabot):
+  //   { type: 'dependabot', ignoreMajor: true, autoMerge: { patch: true, minor: true } }
+  depUpdater: false,
+
+  // CI workflow (.github/workflows/ci.yml)
+  ci: {
+    enable: false,                   // включить генерацию ci.yml
+    checks: ['lint', 'test'],        // имена job-ов = имена npm-скриптов
+    nodeVersion: '20',
+  },
 
-  // Репозиторий JST для report-issue
-  jstRepo: 'vv0rkz/js-template',
+  // Branch protection (через gh api)
+  branchProtection: {
+    enable: false,
+    requiredChecks: [],              // должны совпадать с ci.checks
+    enforceAdmins: false,
+  },
 }
 ```
 
@@ -74,8 +91,10 @@ export default {
 | `release.*` | На следующем `jst release` |
 | `labels` | После `jst setup-labels` или `jst apply` |
 | `depUpdater` | После `jst setup-deps` или `jst apply` |
+| `ci.*` | После `jst setup-ci` или `jst apply` |
+| `branchProtection.*` | После `jst setup-branch-protection` (вручную) |
 
-Короткий путь — `jst apply` применит labels + deps за раз.
+Короткий путь — `jst apply` применит labels + deps + ci за раз. Branch protection требует admin-прав и запускается отдельно.
 
 ## Команды
 
@@ -91,9 +110,11 @@ npx jst <команда>       # напрямую
 |---|---|
 | `init` | Инициализация нового проекта |
 | `upgrade` | Обновить конфиги после `npm update` |
-| `apply` | Применить изменения из `jst.config.js` |
+| `apply` | Применить изменения из `jst.config.js` (labels + deps + ci) |
 | `setup-labels` | Настроить GitHub labels |
-| `setup-deps` | Настроить dependabot/renovate |
+| `setup-deps` | Настроить dependabot/renovate (+ auto-merge workflow) |
+| `setup-ci` | Сгенерировать `.github/workflows/ci.yml` |
+| `setup-branch-protection` | Настроить защиту главной ветки через `gh api` |
 
 ### Разработка
 
@@ -219,6 +240,33 @@ npm run _ push-release
 - [Changelogen](https://github.com/unjs/changelogen) — Генерация changelog
 - [GitHub CLI](https://cli.github.com/) — Управление issues
 
+## Migration Guide
+
+### v1.9.0 — `release.demo` (breaking change)
+
+Настройки демо переехали из плоского `release.*` в объект `release.demo`:
+
+```js
+// ❌ Было (до v1.9.0)
+release: {
+  requireDemo: true,
+  demoDir: 'docs',
+  demoFormats: ['gif', 'png'],
+}
+
+// ✅ Стало
+release: {
+  demo: {
+    enable: true,
+    dir: 'docs',
+    formats: ['gif', 'png'],
+    style: 'click',   // новая опция: 'click' | 'side-by-side'
+  },
+}
+```
+
+Если в `jst.config.js` остались старые ключи, при запуске любой `jst`-команды появится предупреждение с инструкцией по миграции.
+
 ## Лицензия
 
 MIT © [vv0rkz](https://github.com/vv0rkz)

package/bin/cli.js

@@ -101,6 +101,14 @@ const commands = {
     spawnSync('node', [join(toolsDir, 'setup-deps.js')], { stdio: 'inherit' })
   },
 
+  'setup-ci': () => {
+    spawnSync('node', [join(toolsDir, 'setup-ci.js')], { stdio: 'inherit' })
+  },
+
+  'setup-branch-protection': () => {
+    spawnSync('node', [join(toolsDir, 'setup-branch-protection.js')], { stdio: 'inherit' })
+  },
+
   upgrade: () => {
     spawnSync('node', [join(toolsDir, 'upgrade.js')], { stdio: 'inherit' })
   },
@@ -109,7 +117,10 @@ const commands = {
     console.log('⚙️  Применение jst.config.js...\n')
     spawnSync('node', [join(toolsDir, 'setup-labels.js')], { stdio: 'inherit' })
     spawnSync('node', [join(toolsDir, 'setup-deps.js')], { stdio: 'inherit' })
+    spawnSync('node', [join(toolsDir, 'setup-ci.js')], { stdio: 'inherit' })
     console.log('\n✅ Конфиг применён!')
+    console.log('💡 Branch protection не применяется автоматически (требует admin прав).')
+    console.log('   Запусти вручную: npm run _ setup-branch-protection')
   },
 
   'pr-list': () => {
@@ -175,6 +186,8 @@ if (commands[command]) {
   init-readme               Создать стартовый README.md
   setup-labels              Настроить GitHub labels
   setup-deps                Настроить dependabot/renovate
+  setup-ci                  Сгенерировать .github/workflows/ci.yml
+  setup-branch-protection   Настроить защиту главной ветки (gh api)
 
 🔧 РАЗРАБОТКА:
   update-readme             Обновить README с версией

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vv0rkz/js-template",
-  "version": "1.8.3",
+  "version": "1.9.0",
   "description": "Reusable setup for JS projects with husky, changelog, gh tools",
   "type": "module",
   "bin": {

package/templates/jst.config.js

@@ -121,12 +121,55 @@ export default {
 
   /**
    * Автообновление зависимостей
-   * @type {'dependabot' | 'renovate' | false}
    *
-   * 'dependabot' — создаст .github/dependabot.yml
-   * 'renovate'   — создаст renovate.json
-   * false        — отключено
+   * Короткая форма:
+   *   depUpdater: 'dependabot'   — создаст .github/dependabot.yml
+   *   depUpdater: 'renovate'     — создаст renovate.json
+   *   depUpdater: false          — отключено
+   *
+   * Расширенная форма (только dependabot):
+   *   depUpdater: {
+   *     type: 'dependabot',
+   *     ignoreMajor: true,                       // не открывать major PR-ы
+   *     ignore: { major: true, minor: false },   // или более гранулярно
+   *     autoMerge: { patch: true, minor: true, major: false },
+   *   }
+   *
+   * При `autoMerge` jst дополнительно создаёт
+   * .github/workflows/dependabot-auto-merge.yml
    */
   depUpdater: false,
 
+  /**
+   * Continuous Integration (GitHub Actions)
+   *
+   * При `enable: true` команда `jst setup-ci` (и `jst apply`) создаёт
+   * .github/workflows/ci.yml — workflow с по одной job на каждый check.
+   * Имя job совпадает с именем npm-скрипта, который оно запускает.
+   *
+   *   ci.yml: jobs.lint → runs `npm run lint`
+   *           jobs.test → runs `npm run test`
+   */
+  ci: {
+    enable: false,
+    checks: ['lint', 'test'],
+    nodeVersion: '20',
+  },
+
+  /**
+   * Branch protection (через `gh api`)
+   *
+   * Команда `jst setup-branch-protection` настраивает защиту главной ветки
+   * через GitHub API. Не запускается автоматически в `jst apply` —
+   * требует admin прав на репозитории.
+   *
+   *   requiredChecks — список обязательных status checks (должны совпадать
+   *   с именами job-ов из ci.checks).
+   */
+  branchProtection: {
+    enable: false,
+    requiredChecks: [],
+    enforceAdmins: false,
+  },
+
 }

package/tools-gh/check-demo-for-release.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { existsSync, readFileSync } from 'fs'
-import { execSync } from 'child_process'
 import { loadConfig } from './config.js'
+import { predictNextVersion } from './version-utils.js'
 
 const config = await loadConfig()
 
@@ -11,16 +11,7 @@ if (!config.release.demo.enable) {
 }
 
 const packageJson = JSON.parse(readFileSync('package.json', 'utf8'))
-const [major, minor, patch] = packageJson.version.split('.').map(Number)
-
-const commitMessages = execSync('git log --oneline -10', { encoding: 'utf8' })
-
-let nextVersion
-if (commitMessages.includes('feat:')) {
-  nextVersion = `v${major}.${minor + 1}.0`
-} else {
-  nextVersion = `v${major}.${minor}.${patch + 1}`
-}
+const nextVersion = predictNextVersion(packageJson.version)
 
 console.log(`📦 Предполагаемая следующая версия: ${nextVersion}`)
 

package/tools-gh/config.js

@@ -35,6 +35,28 @@ const DEFAULTS = {
     },
   },
   depUpdater: false,
+  ci: {
+    enable: false,
+    checks: ['lint', 'test'],
+    nodeVersion: '20',
+  },
+  branchProtection: {
+    enable: false,
+    requiredChecks: [],
+    enforceAdmins: false,
+  },
+}
+
+/**
+ * Normalizes `depUpdater` to an object form.
+ *   false               → { type: false }
+ *   'dependabot'        → { type: 'dependabot' }
+ *   { type, ...opts }   → unchanged
+ */
+export function normalizeDepUpdater(depUpdater) {
+  if (!depUpdater) return { type: false }
+  if (typeof depUpdater === 'string') return { type: depUpdater }
+  return { type: false, ...depUpdater }
 }
 
 // --- Branch pattern template engine ---
@@ -100,6 +122,35 @@ function deepMerge(target, source) {
   return result
 }
 
+/**
+ * Checks for deprecated config keys and prints migration warnings.
+ * Old flat release.* keys were moved to release.demo.* in v1.9.0.
+ */
+function warnDeprecatedKeys(userConfig) {
+  const deprecated = [
+    { old: 'release.requireDemo', newKey: 'release.demo.enable' },
+    { old: 'release.demoDir',     newKey: 'release.demo.dir' },
+    { old: 'release.demoFormats', newKey: 'release.demo.formats' },
+  ]
+
+  const found = deprecated.filter(({ old }) => {
+    const [top, key] = old.split('.')
+    return userConfig[top]?.[key] !== undefined
+  })
+
+  if (found.length === 0) return
+
+  console.warn('\n⚠️  jst.config.js: устаревшие настройки (обнови конфиг)\n')
+  found.forEach(({ old, newKey }) => {
+    console.warn(`   ${old}  →  ${newKey}`)
+  })
+  console.warn('\n   Было:')
+  console.warn('     release: { requireDemo, demoDir, demoFormats }')
+  console.warn('\n   Стало (начиная с v1.9.0):')
+  console.warn('     release: { demo: { enable, dir, formats, style } }')
+  console.warn('\n   Запусти: npm run _ upgrade  — чтобы получить актуальный конфиг\n')
+}
+
 /**
  * Loads config from jst.config.js (preferred) or jst.config.json (fallback)
  * Deep-merges user config with defaults
@@ -124,5 +175,7 @@ export async function loadConfig() {
     }
   }
 
+  warnDeprecatedKeys(userConfig)
+
   return deepMerge(DEFAULTS, userConfig)
 }

package/tools-gh/post-commit-hook.js

@@ -5,8 +5,13 @@ import { loadConfig } from './config.js'
 const config = await loadConfig()
 const { closeKeyword, requireIssue } = config.commits
 
-const commitMsg = execSync('git log -1 --pretty=%B', { encoding: 'utf8' }).trim()
-const commitHash = execSync('git rev-parse --short HEAD', { encoding: 'utf8' }).trim()
+function safeExec(cmd) {
+  try {
+    return execSync(cmd, { encoding: 'utf8', stdio: ['pipe', 'pipe', 'ignore'] }).trim()
+  } catch {
+    return ''
+  }
+}
 
 let repoUrl = execSync('git remote get-url origin', { encoding: 'utf8' }).trim()
 if (repoUrl.startsWith('git@github.com:')) {
@@ -15,26 +20,56 @@ if (repoUrl.startsWith('git@github.com:')) {
   repoUrl = repoUrl.replace(/\.git$/, '')
 }
 
-execSync('git push origin HEAD', { stdio: 'inherit' })
+// Capture upstream BEFORE push so we can scan everything that lands on the
+// remote in this push — including older commits whose pushes were previously
+// rejected by pre-push (fixes #10).
+const beforeUpstream = safeExec('git rev-parse @{u}')
+
+try {
+  execSync('git push -u origin HEAD', { stdio: 'inherit' })
+} catch {
+  // pre-push hook may have rejected the push; nothing to close yet.
+  process.exit(1)
+}
+
+// On successful push, scan every commit between the previously known remote
+// HEAD and the new HEAD for close-keywords. If we had no upstream before,
+// fall back to the last 50 commits.
+const range = beforeUpstream ? `${beforeUpstream}..HEAD` : '-50'
+const log = safeExec(`git log ${range} --format=%H%x09%s`)
+
+if (!log) process.exit(0)
 
 const escClose = closeKeyword.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
 const typesGroup = requireIssue.join('|')
 const closePattern = new RegExp(`^(${typesGroup})(\\(.+\\))?: ${escClose} #(\\d+)`)
-const match = commitMsg.match(closePattern)
 
-if (match) {
+const seen = new Set()
+
+for (const line of log.split('\n').filter(Boolean)) {
+  const tabIndex = line.indexOf('\t')
+  if (tabIndex === -1) continue
+  const hash = line.slice(0, tabIndex)
+  const subject = line.slice(tabIndex + 1)
+
+  const match = subject.match(closePattern)
+  if (!match) continue
+
   const issueNumber = match[3]
-  const commitLink = `${repoUrl}/commit/${commitHash}`
-  const firstLine = commitMsg.split('\n')[0]
+  if (seen.has(issueNumber)) continue
+  seen.add(issueNumber)
+
+  const shortHash = hash.slice(0, 7)
+  const commitLink = `${repoUrl}/commit/${hash}`
 
-  console.log(`🔧 Закрываю issue #${issueNumber}...`)
+  console.log(`🔧 Закрываю issue #${issueNumber} (коммит ${shortHash})...`)
 
   try {
     execSync(
-      `gh issue close "${issueNumber}" --comment "✅ Завершено в коммите: [${commitHash}](${commitLink}) - ${firstLine}"`,
+      `gh issue close "${issueNumber}" --comment "✅ Завершено в коммите: [${shortHash}](${commitLink}) - ${subject}"`,
       { stdio: 'inherit' },
     )
   } catch {
-    console.log(`⚠️  Не удалось закрыть issue #${issueNumber}`)
+    console.log(`⚠️  Не удалось закрыть issue #${issueNumber} (возможно уже закрыт)`)
   }
 }

package/tools-gh/release.js

@@ -1,10 +1,11 @@
 #!/usr/bin/env node
-import { execSync, spawnSync } from 'child_process'
+import { spawnSync } from 'child_process'
 import { existsSync, readFileSync } from 'fs'
 import { platform } from 'os'
 import { dirname, join } from 'path'
 import { fileURLToPath } from 'url'
 import { loadConfig } from './config.js'
+import { getCommitsSinceLastTag, getLastTag, predictNextVersion } from './version-utils.js'
 
 const __dirname = dirname(fileURLToPath(import.meta.url))
 const isWin = platform() === 'win32'
@@ -23,12 +24,7 @@ console.log(`📦 Текущая версия: ${currentVersion}`)
 
 // 2. Demo check (configurable)
 if (config.release.demo.enable) {
-  const [major, minor, patch] = currentVersion.split('.').map(Number)
-  const recentCommits = execSync('git log --oneline -10', { encoding: 'utf8' })
-  const nextVersion = recentCommits.includes('feat:')
-    ? `v${major}.${minor + 1}.0`
-    : `v${major}.${minor}.${patch + 1}`
-
+  const nextVersion = predictNextVersion(currentVersion)
   console.log(`📦 Предполагаемая следующая версия: ${nextVersion}`)
 
   const { dir: demoDir, formats: demoFormats } = config.release.demo
@@ -58,19 +54,11 @@ if (currentVersion.startsWith('0.')) {
 }
 
 // 4. Commit analysis
-let lastTag = ''
-try {
-  lastTag = execSync('git describe --tags --abbrev=0', { encoding: 'utf8' }).trim()
-  console.log(`📌 Последний тег: ${lastTag}`)
-} catch {
-  console.log('📌 Теги не найдены (первый релиз)')
-}
-
-const commitLog = lastTag
-  ? execSync(`git log ${lastTag}..HEAD --format=%s`, { encoding: 'utf8' })
-  : execSync('git log --format=%s -10', { encoding: 'utf8' })
+const lastTag = getLastTag()
+if (lastTag) console.log(`📌 Последний тег: ${lastTag}`)
+else console.log('📌 Теги не найдены (первый релиз)')
 
-const commits = commitLog.split('\n').filter(Boolean)
+const commits = getCommitsSinceLastTag(lastTag)
 const countByType = (prefix) => commits.filter((c) => c.startsWith(`${prefix}:`)).length
 
 const featCount = countByType('feat')

package/tools-gh/report-issue.js

@@ -6,25 +6,41 @@ const jstRepo = 'vv0rkz/js-template'
 const isWin = platform() === 'win32'
 const ghCmd = isWin ? 'gh.exe' : 'gh'
 
-const title = process.argv.slice(2).join(' ')
+const rawArgs = process.argv.slice(2)
 
 console.log(`📝 Создаю issue в ${jstRepo}...`)
 
-if (!title) {
-  const result = spawnSync(ghCmd, ['issue', 'create', '--repo', jstRepo], { stdio: 'inherit' })
-  process.exit(result.status || 0)
+// If the caller passed any flag (anything starting with `-`), we assume a
+// non-interactive invocation and forward every argument verbatim to
+// `gh issue create`. This enables script/CI usage like:
+//   jst report-issue --title "..." --body-file body.md --label bug
+//
+// Otherwise we keep the historical shorthand and join the positional args
+// into the title:
+//   jst report-issue "Quick bug description"
+const hasFlags = rawArgs.some((a) => a.startsWith('-'))
+
+let ghArgs
+if (rawArgs.length === 0) {
+  ghArgs = ['issue', 'create', '--repo', jstRepo]
+} else if (hasFlags) {
+  ghArgs = ['issue', 'create', '--repo', jstRepo, ...rawArgs]
+} else {
+  ghArgs = ['issue', 'create', '--repo', jstRepo, '--title', rawArgs.join(' ')]
 }
 
-const result = spawnSync(ghCmd, ['issue', 'create', '--repo', jstRepo, '--title', title], {
-  stdio: 'inherit',
-})
+const result = spawnSync(ghCmd, ghArgs, { stdio: 'inherit' })
 
 if (result.status === 0) {
   console.log('\n✅ Issue создан!')
-} else {
-  console.error('❌ Ошибка создания issue')
-  console.log('\n💡 Убедись что:')
-  console.log('   1. Установлен GitHub CLI: gh --version')
-  console.log('   2. Выполнена авторизация: gh auth login')
-  process.exit(1)
+  process.exit(0)
 }
+
+console.error('❌ Ошибка создания issue')
+console.log('\n💡 Убедись что:')
+console.log('   1. Установлен GitHub CLI: gh --version')
+console.log('   2. Выполнена авторизация: gh auth login')
+console.log('   3. Для non-interactive вызова используй флаги:')
+console.log('      jst report-issue --title "..." --body "..."')
+console.log('      jst report-issue --title "..." --body-file body.md')
+process.exit(result.status || 1)

package/tools-gh/setup-branch-protection.js

@@ -0,0 +1,79 @@
+#!/usr/bin/env node
+import { execSync, spawnSync } from 'child_process'
+import { platform } from 'os'
+import { loadConfig } from './config.js'
+
+const config = await loadConfig()
+const bp = config.branchProtection
+
+if (!bp || !bp.enable) {
+  console.log('⏭️  Branch protection отключена (branchProtection.enable = false)')
+  console.log('💡 Включи в jst.config.js: branchProtection: { enable: true, requiredChecks: [...] }')
+  process.exit(0)
+}
+
+const requiredChecks = Array.isArray(bp.requiredChecks) ? bp.requiredChecks.filter(Boolean) : []
+const enforceAdmins = !!bp.enforceAdmins
+const mainBranch = (config.branch && config.branch.main) || 'main'
+
+const isWin = platform() === 'win32'
+const ghCmd = isWin ? 'gh.exe' : 'gh'
+
+console.log(`🔒 Настройка branch protection для ветки "${mainBranch}"...\n`)
+
+try {
+  execSync(`${ghCmd} auth status`, { stdio: 'ignore' })
+} catch {
+  console.error('❌ GitHub CLI не установлен или не авторизован')
+  console.log('💡 Установи: https://cli.github.com/')
+  console.log('   И выполни: gh auth login')
+  process.exit(1)
+}
+
+let repoSlug = ''
+try {
+  const remote = execSync('git remote get-url origin', { encoding: 'utf8' }).trim()
+  const match = remote.match(/[:/]([^/:]+\/[^/]+?)(?:\.git)?$/)
+  if (match) repoSlug = match[1]
+} catch {
+  // ignore
+}
+
+if (!repoSlug) {
+  console.error('❌ Не удалось определить owner/repo из git remote origin')
+  process.exit(1)
+}
+
+const payload = {
+  required_status_checks:
+    requiredChecks.length > 0 ? { strict: true, contexts: requiredChecks } : null,
+  enforce_admins: enforceAdmins,
+  required_pull_request_reviews: null,
+  restrictions: null,
+}
+
+console.log(`📍 Repo: ${repoSlug}`)
+console.log(`📍 Required checks: ${requiredChecks.length ? requiredChecks.join(', ') : '(none)'}`)
+console.log(`📍 Enforce admins: ${enforceAdmins}`)
+console.log()
+
+const result = spawnSync(
+  ghCmd,
+  ['api', '-X', 'PUT', `repos/${repoSlug}/branches/${mainBranch}/protection`, '--input', '-'],
+  {
+    input: JSON.stringify(payload),
+    stdio: ['pipe', 'inherit', 'inherit'],
+    encoding: 'utf8',
+  },
+)
+
+if (result.status === 0) {
+  console.log('\n✅ Branch protection настроена!')
+} else {
+  console.error('\n❌ Не удалось настроить branch protection')
+  console.log('💡 Возможные причины:')
+  console.log('   • Нет прав admin на репозиторий')
+  console.log('   • Репозиторий приватный на бесплатном плане (нужен Pro/Team/Enterprise)')
+  console.log('   • Указанные required checks ещё не запускались на этой ветке')
+  process.exit(result.status || 1)
+}

package/tools-gh/setup-ci.js

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+import { existsSync, mkdirSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { loadConfig } from './config.js'
+
+const config = await loadConfig()
+const ci = config.ci
+
+if (!ci || !ci.enable) {
+  console.log('⏭️  CI отключён (ci.enable = false)')
+  process.exit(0)
+}
+
+const checks = Array.isArray(ci.checks) ? ci.checks.filter(Boolean) : []
+if (checks.length === 0) {
+  console.log('⚠️  ci.enable = true, но ci.checks пуст — workflow не создан')
+  process.exit(0)
+}
+
+const nodeVersion = ci.nodeVersion || '20'
+const mainBranch = (config.branch && config.branch.main) || 'main'
+
+const workflowsDir = join(process.cwd(), '.github', 'workflows')
+if (!existsSync(workflowsDir)) mkdirSync(workflowsDir, { recursive: true })
+
+const filePath = join(workflowsDir, 'ci.yml')
+if (existsSync(filePath)) {
+  console.log('⏭️  .github/workflows/ci.yml уже существует')
+  process.exit(0)
+}
+
+const jobs = checks
+  .map(
+    (check) => `  ${check}:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '${nodeVersion}'
+          cache: npm
+      - run: npm ci
+      - run: npm run ${check}`,
+  )
+  .join('\n\n')
+
+const yaml = `name: CI
+
+on:
+  push:
+    branches: [${mainBranch}]
+  pull_request:
+    branches: [${mainBranch}]
+
+jobs:
+${jobs}
+`
+
+writeFileSync(filePath, yaml)
+console.log('✅ Создан .github/workflows/ci.yml')
+console.log(`   ↳ checks: ${checks.join(', ')}`)
+console.log(`   ↳ node: ${nodeVersion}`)
+console.log(`   ↳ branch: ${mainBranch}`)

package/tools-gh/setup-deps.js

@@ -1,43 +1,139 @@
 #!/usr/bin/env node
 import { existsSync, mkdirSync, writeFileSync } from 'fs'
 import { join } from 'path'
-import { loadConfig } from './config.js'
+import { loadConfig, normalizeDepUpdater } from './config.js'
 
 const config = await loadConfig()
-const { depUpdater } = config
+const dep = normalizeDepUpdater(config.depUpdater)
 
-if (!depUpdater) {
+if (!dep.type) {
   console.log('⏭️  Автообновление зависимостей отключено (depUpdater = false)')
   process.exit(0)
 }
 
-if (depUpdater === 'dependabot') {
+if (dep.type === 'dependabot') {
+  writeDependabotConfig(dep)
+  if (dep.autoMerge) {
+    // shorthand: `autoMerge: true` → enable patch + minor auto-merge
+    const am = dep.autoMerge === true ? { patch: true, minor: true } : dep.autoMerge
+    writeDependabotAutoMergeWorkflow(am)
+  }
+} else if (dep.type === 'renovate') {
+  writeRenovateConfig()
+} else {
+  console.log(`⚠️  Неизвестный depUpdater.type: "${dep.type}"`)
+  console.log('💡 Допустимые значения: "dependabot", "renovate", false')
+  process.exit(1)
+}
+
+// ---- helpers ------------------------------------------------------------
+
+function buildIgnoreList(dep) {
+  // Granular `ignore: { major, minor, patch }` takes precedence over
+  // the simple `ignoreMajor` boolean.
+  const types = []
+  if (dep.ignore && typeof dep.ignore === 'object') {
+    if (dep.ignore.major) types.push('version-update:semver-major')
+    if (dep.ignore.minor) types.push('version-update:semver-minor')
+    if (dep.ignore.patch) types.push('version-update:semver-patch')
+  } else if (dep.ignoreMajor) {
+    types.push('version-update:semver-major')
+  }
+  return types
+}
+
+function writeDependabotConfig(dep) {
   const dir = join(process.cwd(), '.github')
   if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
 
   const filePath = join(dir, 'dependabot.yml')
   if (existsSync(filePath)) {
     console.log('⏭️  .github/dependabot.yml уже существует')
-    process.exit(0)
+    return
   }
 
-  writeFileSync(
-    filePath,
-    `version: 2
-updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-`,
-  )
+  const ignoreTypes = buildIgnoreList(dep)
+  const ignoreBlock = ignoreTypes.length
+    ? `    ignore:\n      - dependency-name: "*"\n        update-types: [${ignoreTypes
+        .map((t) => `"${t}"`)
+        .join(', ')}]\n`
+    : ''
+
+  const yaml =
+    `version: 2\n` +
+    `updates:\n` +
+    `  - package-ecosystem: "npm"\n` +
+    `    directory: "/"\n` +
+    `    schedule:\n` +
+    `      interval: "weekly"\n` +
+    `    open-pull-requests-limit: 10\n` +
+    ignoreBlock
+
+  writeFileSync(filePath, yaml)
   console.log('✅ Создан .github/dependabot.yml')
-} else if (depUpdater === 'renovate') {
+  if (ignoreTypes.length) {
+    console.log(`   ↳ ignore update-types: ${ignoreTypes.join(', ')}`)
+  }
+}
+
+function writeDependabotAutoMergeWorkflow(autoMerge) {
+  const dir = join(process.cwd(), '.github', 'workflows')
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
+
+  const filePath = join(dir, 'dependabot-auto-merge.yml')
+  if (existsSync(filePath)) {
+    console.log('⏭️  .github/workflows/dependabot-auto-merge.yml уже существует')
+    return
+  }
+
+  const conditions = []
+  if (autoMerge.patch) conditions.push("steps.meta.outputs.update-type == 'version-update:semver-patch'")
+  if (autoMerge.minor) conditions.push("steps.meta.outputs.update-type == 'version-update:semver-minor'")
+  if (autoMerge.major) conditions.push("steps.meta.outputs.update-type == 'version-update:semver-major'")
+
+  if (conditions.length === 0) {
+    console.log('⏭️  depUpdater.autoMerge не содержит ни одного true — auto-merge workflow не создан')
+    return
+  }
+
+  const ifClause = conditions.join(' || ')
+
+  const yaml = `name: Dependabot auto-merge
+
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Fetch metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "\${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Enable auto-merge
+        if: ${ifClause}
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: \${{ github.event.pull_request.html_url }}
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+`
+
+  writeFileSync(filePath, yaml)
+  console.log('✅ Создан .github/workflows/dependabot-auto-merge.yml')
+}
+
+function writeRenovateConfig() {
   const filePath = join(process.cwd(), 'renovate.json')
   if (existsSync(filePath)) {
     console.log('⏭️  renovate.json уже существует')
-    process.exit(0)
+    return
   }
 
   writeFileSync(
@@ -52,8 +148,4 @@ updates:
     ) + '\n',
   )
   console.log('✅ Создан renovate.json')
-} else {
-  console.log(`⚠️  Неизвестный depUpdater: "${depUpdater}"`)
-  console.log('💡 Допустимые значения: "dependabot", "renovate", false')
-  process.exit(1)
 }

package/tools-gh/version-utils.js

@@ -0,0 +1,40 @@
+import { execSync } from 'child_process'
+
+/**
+ * Returns the last tag (e.g. "v1.8.4") or '' if no tags exist.
+ */
+export function getLastTag() {
+  try {
+    return execSync('git describe --tags --abbrev=0', {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'ignore'],
+    }).trim()
+  } catch {
+    return ''
+  }
+}
+
+/**
+ * Returns commit subjects since the last tag (or last 10 commits if no tag).
+ */
+export function getCommitsSinceLastTag(lastTag = getLastTag()) {
+  const log = lastTag
+    ? execSync(`git log ${lastTag}..HEAD --format=%s`, { encoding: 'utf8' })
+    : execSync('git log --format=%s -10', { encoding: 'utf8' })
+  return log.split('\n').filter(Boolean)
+}
+
+/**
+ * Predicts the next semver version string ("vX.Y.Z") based on commits since the
+ * last tag. If any feat: commit is present → minor bump; otherwise patch bump.
+ *
+ * Uses commits since the last tag (not last 10 commits) so the prediction stays
+ * correct even after many docs:/refactor: commits land on top of older feat:s.
+ */
+export function predictNextVersion(currentVersion) {
+  const [major, minor, patch] = currentVersion.split('.').map(Number)
+  const commits = getCommitsSinceLastTag()
+  const hasFeat = commits.some((c) => /^feat(\(.+\))?!?:/.test(c))
+
+  return hasFeat ? `v${major}.${minor + 1}.0` : `v${major}.${minor}.${patch + 1}`
+}