feat: changelog - formatted links, more git providers & copy markdown#2983
feat: changelog - formatted links, more git providers & copy markdown#2983WilcoSp wants to merge 302 commits into
Conversation
…ble to the version that was selected
…nd idk how it should be now
added scroll margin classes ensuring to navigate to hash if present
… back releases title's will now use slugify instead of encodeUri to fix issues with encoding
…eive query params
There was a problem hiding this comment.
Actionable comments posted: 12
🧹 Nitpick comments (3)
server/api/changelog/releases/[provider]/[owner]/[repo]/raw/[tag].get.ts (1)
116-127: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winSet
User-Agentheader for Forgejo and GitLab API calls.
getMarkdownFromGithubsetsUser-Agent: 'npmx.dev', butgetMarkdownFromForgejoandgetMarkdownFromGitlabdon't. The detection functions indetectChangelog.tsdo set this header for the same APIs. Some Forgejo/GitLab instances may reject requests without aUser-Agent.♻️ Proposed fix
async function getMarkdownFromForgejo( owner: string, repo: string, tag: string, host: string = 'codeberg.org', ) { - const data = await $fetch(`https://${host}/api/v1/repos/${owner}/${repo}/releases/tags/${tag}`) + const data = await $fetch(`https://${host}/api/v1/repos/${owner}/${repo}/releases/tags/${encodeURIComponent(tag)}`, { + headers: { + 'User-Agent': 'npmx.dev', + 'accept': 'application/json', + }, + }) const release = v.parse(ForgejoReleaseSchama, data) return release.body } async function getMarkdownFromGitlab( owner: string, repo: string, tag: string, host: string = 'gitlab.com', ) { owner = decodeURIComponent(owner) const repoPath = encodeURIComponent(`${owner}/${repo}`) - const data = await $fetch(`https://${host}/api/v4/projects/${repoPath}/releases/${tag}`) + const data = await $fetch(`https://${host}/api/v4/projects/${repoPath}/releases/${encodeURIComponent(tag)}`, { + headers: { + 'User-Agent': 'npmx.dev', + 'accept': 'application/json', + }, + }) const release = v.parse(GitlabReleaseSchame, data) return release.description }Also applies to: 129-143
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@server/api/changelog/releases/`[provider]/[owner]/[repo]/raw/[tag].get.ts around lines 116 - 127, Update getMarkdownFromForgejo and getMarkdownFromGitlab so their $fetch API requests include the same User-Agent header as getMarkdownFromGithub, using the value npmx.dev. Preserve the existing request URLs and response parsing.server/utils/changelog/detectChangelog.ts (1)
106-114: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick winAdd a timeout to the
fetchcall incheckFiles.The global
fetchhas no timeout, so a slow or unresponsive provider will hang the request indefinitely. While.catch(() => false)handles errors, a hung connection never triggers the catch. Consider usingAbortControlleror switching to$fetchwith atimeoutoption.♻️ Proposed fix using AbortSignal.timeout
const exists = await fetch(resolveURL(baseUrl.raw, dir ?? '', fileName), { headers: { // GitHub API requires User-Agent 'User-Agent': 'npmx.dev', }, method: ref.provider != 'tangled' ? 'HEAD' : 'GET', // we just need to know if it exists or not, tangled doesn't support HEAD + signal: AbortSignal.timeout(5000), }) .then(r => r.ok) .catch(() => false)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@server/utils/changelog/detectChangelog.ts` around lines 106 - 114, Update the fetch call in checkFiles to enforce a finite timeout, using AbortSignal.timeout or an equivalent AbortController signal, while preserving the existing URL, headers, method selection, and false-on-error behavior.app/components/Changelog/Markdown.vue (1)
24-26: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueNon-obvious guard could use a brief comment.
typeof data.value == 'string'isn't self-explanatory — presumably guarding against the union response type this endpoint can return (object vs raw string) depending on therawquery used elsewhere in this file. A short comment would help future readers.As per coding guidelines, "Add comments only to explain complex logic or non-obvious implementations."
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@app/components/Changelog/Markdown.vue` around lines 24 - 26, Add a brief explanatory comment immediately above the typeof data.value == 'string' guard in the watchEffect callback, clarifying that the endpoint may return either a parsed object or raw string depending on the raw query. Keep the existing guard and behavior unchanged.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@app/components/Button/CopyMd.vue`:
- Around line 15-36: Update prefetchMarkdown and the fetch condition inside
copyMarkdown so status === 'error' retries fetchMarkdown before copying,
preventing stale or empty markdown after transient failures. Preserve the
existing idle/pending behavior and ensure copying proceeds only with the
refreshed result or surfaces the fetch failure.
In `@app/components/Changelog/Releases.vue`:
- Around line 11-21: Pass the existing host value from Releases.vue into each
ChangelogCard, then update ChangelogCard’s raw release useLazyFetch query to
include host alongside the existing parameters. Ensure the raw endpoint receives
the self-hosted host instead of falling back to its default.
In `@server/api/changelog/md/`[provider]/[owner]/[repo]/[...path].get.ts:
- Around line 19-20: The changelog fetch path must not pass arbitrary host
values from the host query parameter into server-side requests. Update the
validation and fetch flow around the parsed host, including the logic at lines
32-46, to reuse a shared outbound-host validator that validates URL structure,
resolved addresses, and every redirect, or enforce the established host
allowlist before fetching and returning raw content.
- Around line 93-101: Add a `tangled` case to the `getRepoInfo()` provider
switch and dispatch to the existing `createTangledInfo` function with the
appropriate repository parameters, so Tangled repositories return their info
instead of falling through as undefined. Preserve the existing dispatch behavior
for GitHub, Forgejo/Codeberg, and GitLab.
In `@server/api/changelog/releases/`[provider]/[owner]/[repo].get.ts:
- Around line 37-41: Add a `tangled` branch to the provider switch alongside the
existing Forgejo and GitLab cases, routing through a dedicated
`getReleasesFromTangled` fetcher with the appropriate owner, repository, and
host values. Ensure the endpoint’s provider-specific release retrieval and
rendering path covers Tangled requests consistently with the advertised support.
- Around line 23-24: Validate the optional host from the query before it reaches
the Forgejo and GitLab $fetch URL construction, allowing only approved public
destinations or an explicit host allowlist. Apply the same protection to every
provider request and validate each redirect target to block private, loopback,
link-local, reserved, and DNS-rebinding addresses; reject invalid hosts before
fetching.
In `@server/api/changelog/releases/`[provider]/[owner]/[repo]/raw/[tag].get.ts:
- Line 75: URL-encode the decoded tag route parameter in the upstream API URL
construction for all three provider functions. Update each URL template using
tag to apply encodeURIComponent(tag), while leaving owner, repo, and the
surrounding request behavior unchanged.
- Around line 17-18: Validate the user-controlled host from rawQuery before
constructing any upstream URL. Add or reuse a validateHost(provider, host) guard
that permits only approved Git hosting providers (or otherwise enforces valid
public hostnames and rejects private, loopback, and link-local ranges), then
invoke it in the raw release flow before the provider-specific API calls; apply
the same protection to the corresponding releases endpoint and every listed host
usage.
In `@server/utils/changelog/detectChangelog.ts`:
- Around line 243-248: Update ROOT_ONLY_REGEX and both directory-filter
conditions in checkLatestForgejoRelease and checkLatestGitlabRelease so
extracted root-level paths such as changelog.md match without a leading slash,
while nested paths still require the configured directory prefix.
In `@server/utils/changelog/markdown.ts`:
- Line 239: Update accountRegex and the corresponding matching logic at the
referenced usage to exclude @ segments from email addresses and package-version
suffixes such as package@latest, while preserving valid standalone account
mentions. Ensure both account-matching paths use the same corrected boundary
behavior.
- Line 100: Update the textFilter configuration to prevent
createResolveGitTextToLinks from emitting unsafe raw anchor markup from
request-derived host, owner, or repo values; build links before sanitization or
HTML-escape both generated URLs and labels before insertion. Add a regression
test covering quote-containing repository components and verify the resulting
href and text cannot inject markup.
In `@shared/utils/constants.ts`:
- Line 48: Update the ERROR_CHANGELOG_NOT_FOUND constant’s user-facing message
to use “was found” instead of “had been found,” preserving the rest of the
wording.
---
Nitpick comments:
In `@app/components/Changelog/Markdown.vue`:
- Around line 24-26: Add a brief explanatory comment immediately above the
typeof data.value == 'string' guard in the watchEffect callback, clarifying that
the endpoint may return either a parsed object or raw string depending on the
raw query. Keep the existing guard and behavior unchanged.
In `@server/api/changelog/releases/`[provider]/[owner]/[repo]/raw/[tag].get.ts:
- Around line 116-127: Update getMarkdownFromForgejo and getMarkdownFromGitlab
so their $fetch API requests include the same User-Agent header as
getMarkdownFromGithub, using the value npmx.dev. Preserve the existing request
URLs and response parsing.
In `@server/utils/changelog/detectChangelog.ts`:
- Around line 106-114: Update the fetch call in checkFiles to enforce a finite
timeout, using AbortSignal.timeout or an equivalent AbortController signal,
while preserving the existing URL, headers, method selection, and false-on-error
behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 3e14fb36-dfc4-4096-947f-8c8738e998bf
📒 Files selected for processing (24)
app/components/Button/CopyMd.vueapp/components/Changelog/Card.vueapp/components/Changelog/Markdown.vueapp/components/Changelog/Releases.vueapp/pages/package-changelog/[[org]]/[name].vueapp/pages/package/[[org]]/[name].vuei18n/locales/en.jsoni18n/locales/nl.jsoni18n/schema.jsonnuxt.config.tsserver/api/changelog/info/[name]/v/[version].get.tsserver/api/changelog/md/[provider]/[owner]/[repo]/[...path].get.tsserver/api/changelog/releases/[provider]/[owner]/[repo].get.tsserver/api/changelog/releases/[provider]/[owner]/[repo]/raw/[tag].get.tsserver/utils/changelog/baseFileUrl.tsserver/utils/changelog/detectChangelog.tsserver/utils/changelog/markdown.tsserver/utils/changelog/mdRepoInfo.tsserver/utils/mdKit.tsshared/schemas/changelog/release.tsshared/types/changelog.tsshared/utils/constants.tstest/nuxt/a11y.spec.tstest/unit/server/utils/changelog/markdown.spec.ts
given changelogCard now also host added tests to ensure that email & package@version isn't formatted to a git link
…ithub.com:WilcoSp/npmx.dev into changelog/format-link+git-providers+copy-markdown
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
shared/utils/git-providers.ts (1)
291-291: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winType
NEED_HOSTasProviderId[].Currently inferred as
string[], so invalid or misspelt provider IDs would not be caught at compile time.As per coding guidelines: "Ensure you write strictly type-safe code".
♻️ Proposed change
-export const NEED_HOST = ['gitlab', 'gitea', 'forgejo', 'radicle'] +export const NEED_HOST: ProviderId[] = ['gitlab', 'gitea', 'forgejo', 'radicle']🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@shared/utils/git-providers.ts` at line 291, Type the NEED_HOST constant explicitly as ProviderId[] so its provider entries are compile-time validated. Preserve the existing provider values and locate the change at the NEED_HOST declaration.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@shared/utils/git-providers.ts`:
- Around line 305-311: Update the provider parsing logic around the discarded
NEED_HOST.includes(provider.id) expression to retain its boolean result, then
use that result when assigning host in the returned object. Ensure host is
populated only for providers listed in NEED_HOST and remains undefined for all
others.
---
Nitpick comments:
In `@shared/utils/git-providers.ts`:
- Line 291: Type the NEED_HOST constant explicitly as ProviderId[] so its
provider entries are compile-time validated. Preserve the existing provider
values and locate the change at the NEED_HOST declaration.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 13f42098-7fdb-46aa-aa4c-f442d909cdaa
📒 Files selected for processing (9)
app/components/Changelog/Card.vueapp/components/Changelog/Releases.vueserver/api/changelog/md/[provider]/[owner]/[repo]/[...path].get.tsserver/api/changelog/releases/[provider]/[owner]/[repo].get.tsserver/api/changelog/releases/[provider]/[owner]/[repo]/raw/[tag].get.tsserver/utils/changelog/validateHost.tsshared/utils/constants.tsshared/utils/git-providers.tstest/unit/server/utils/changelog/markdown.spec.ts
🚧 Files skipped from review as they are similar to previous changes (6)
- app/components/Changelog/Releases.vue
- app/components/Changelog/Card.vue
- server/api/changelog/releases/[provider]/[owner]/[repo]/raw/[tag].get.ts
- server/api/changelog/md/[provider]/[owner]/[repo]/[...path].get.ts
- server/api/changelog/releases/[provider]/[owner]/[repo].get.ts
- test/unit/server/utils/changelog/markdown.spec.ts
fixing the validation for host.
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@test/unit/server/utils/changelog/validateHost.spec.ts`:
- Line 52: Correct the describe block title in the host validation tests by
changing “know host” to “known host”; leave the test behavior unchanged.
- Line 46: Correct the typo in the test description for the “require radicle to
have a host” case by changing “shoud” to “should.”
- Around line 179-182: Correct the test description in the radicle host
validation test so it states that gitea.com should be rejected or disallowed.
Keep the existing createSchema('radicle') setup and toBeFalsy assertion
unchanged.
- Around line 19-27: Update the second test description in the changelog host
validation tests to say it allows tangled without a host, while leaving its
createSchema('tangled') setup and assertions unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 700712cc-2f91-4022-a66a-ee0ede851d79
📒 Files selected for processing (5)
server/utils/changelog/detectChangelog.tsserver/utils/changelog/markdown.tsserver/utils/changelog/validateHost.tsshared/utils/constants.tstest/unit/server/utils/changelog/validateHost.spec.ts
🚧 Files skipped from review as they are similar to previous changes (4)
- server/utils/changelog/validateHost.ts
- shared/utils/constants.ts
- server/utils/changelog/detectChangelog.ts
- server/utils/changelog/markdown.ts
|
@coderabbitai is there anything left that should be addressed in this pr? |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: #!/bin/bash
gh pr view 2983 --repo npmx-dev/npmx.dev --json reviews,comments -q '.reviews[] | {author: .author.login, body: .body, state: .state}' | head -200
echo "---REVIEW COMMENTS---"
gh api repos/npmx-dev/npmx.dev/pulls/2983/comments --paginate | jq -r '.[] | select(.user.login=="coderabbitai") | "ID:\(.id) PATH:\(.path) LINE:\(.line) BODY:\(.body[0:200])"'Length of output: 23556 🏁 Script executed: #!/bin/bash
gh api graphql -f query='
query {
repository(owner: "npmx-dev", name: "npmx.dev") {
pullRequest(number: 2983) {
reviewThreads(first: 100) {
nodes {
isResolved
isOutdated
path
line
comments(first: 1) {
nodes {
author { login }
body
}
}
}
}
}
}
}' --jq '.data.repository.pullRequest.reviewThreads.nodes[] | select(.comments.nodes[0].author.login=="coderabbitai") | {path, line, isResolved, isOutdated, body: .comments.nodes[0].body[0:150]}'Length of output: 5640 All review threads from CodeRabbit are resolved. Nothing outstanding remains from my automated review.
A couple of earlier nitpicks (non-blocking, lower priority) that I don't have a resolved/unresolved thread confirmation for, in case you want to double check they were addressed:
If those are already handled, feel free to ignore this. Otherwise, this PR looks ready from my side. |
adding typing for NEED_HOST
|
I've just done the last bits that needed to be addressed, so for right now I do think this pr is complete and really ready for review. |
preview
🔗 Linked issue
🧭 Context
📚 Description
added providers:
#, will in the future change due to tangled not having shorthands yet)(the following aren't required for this pr, just nice to have and are here if review takes long)
Adding support to format links to the git providers (same repo only):
Added button to allow copying the raw markdown
I did only use AI for some of the regular expressions
this pr continued from #2717 which continued from the pr before, that's why there are so many commits