From 393fbf0973f42949010f67297c1a3c7d834c1fc2 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 14:44:45 +0200 Subject: [PATCH 01/14] ci: switch npm publish to OIDC trusted publisher (no token needed) Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10d3555..48e59d4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,5 +38,5 @@ jobs: - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_CONFIG_PROVENANCE: "true" run: npx semantic-release From cf53db862a0f44efcad519565fd559f4f2d5c61a Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 14:47:07 +0200 Subject: [PATCH 02/14] chore: fix prettier formatting on release.yml Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 48e59d4..60fa746 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,5 +38,5 @@ jobs: - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_CONFIG_PROVENANCE: "true" + NPM_CONFIG_PROVENANCE: 'true' run: npx semantic-release From 1523e07835dcf82d3092ac7049ee45c7f3183701 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 14:51:08 +0200 Subject: [PATCH 03/14] ci: auto-create PR from dev to main on every push Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/auto-pr.yml | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/auto-pr.yml diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml new file mode 100644 index 0000000..23139c1 --- /dev/null +++ b/.github/workflows/auto-pr.yml @@ -0,0 +1,41 @@ +name: Auto PR dev → main + +on: + push: + branches: [dev] + +permissions: + contents: read + pull-requests: write + +jobs: + open-pr: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Create PR if not exists + uses: actions/github-script@v7 + with: + script: | + const { data: prs } = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + head: `${context.repo.owner}:dev`, + base: 'main', + state: 'open', + }); + + if (prs.length === 0) { + await github.rest.pulls.create({ + owner: context.repo.owner, + repo: context.repo.repo, + head: 'dev', + base: 'main', + title: 'chore: merge dev into main', + body: '### Auto-generated PR\nMerge latest `dev` changes into `main` to trigger a release.\n\n> Squash and merge to keep a clean history.', + }); + console.log('PR created.'); + } else { + console.log('PR already open:', prs[0].html_url); + } From 3073c449ce78c3f9798eec02cef19731c8e1daa6 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 14:55:29 +0200 Subject: [PATCH 04/14] ci: use PAT_TOKEN for PR creation to bypass org restriction Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/auto-pr.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index 23139c1..1bd941f 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -17,6 +17,7 @@ jobs: - name: Create PR if not exists uses: actions/github-script@v7 with: + github-token: ${{ secrets.PAT_TOKEN }} script: | const { data: prs } = await github.rest.pulls.list({ owner: context.repo.owner, From 9871a65f999d1ed3c16a1e0879a7b3df658aeadd Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 15:01:40 +0200 Subject: [PATCH 05/14] chore: trigger auto-pr workflow test Co-Authored-By: Claude Sonnet 4.6 From d88e597016e918e3b9eafb12de0f0f54b67465fd Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 15:04:34 +0200 Subject: [PATCH 06/14] ci: switch to peter-evans/create-pull-request action Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/auto-pr.yml | 35 +++++++++++------------------------ 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index 1bd941f..e47c2cd 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -1,4 +1,4 @@ -name: Auto PR dev → main +name: Auto PR dev -> main on: push: @@ -15,28 +15,15 @@ jobs: - uses: actions/checkout@v4 - name: Create PR if not exists - uses: actions/github-script@v7 + uses: peter-evans/create-pull-request@v6 with: - github-token: ${{ secrets.PAT_TOKEN }} - script: | - const { data: prs } = await github.rest.pulls.list({ - owner: context.repo.owner, - repo: context.repo.repo, - head: `${context.repo.owner}:dev`, - base: 'main', - state: 'open', - }); + token: ${{ secrets.PAT_TOKEN }} + base: main + branch: dev + title: 'chore: merge dev into main' + body: | + ### Auto-generated PR + Merge latest `dev` changes into `main` to trigger a release. - if (prs.length === 0) { - await github.rest.pulls.create({ - owner: context.repo.owner, - repo: context.repo.repo, - head: 'dev', - base: 'main', - title: 'chore: merge dev into main', - body: '### Auto-generated PR\nMerge latest `dev` changes into `main` to trigger a release.\n\n> Squash and merge to keep a clean history.', - }); - console.log('PR created.'); - } else { - console.log('PR already open:', prs[0].html_url); - } + > Squash and merge to keep a clean history. + draft: false From f8b675d25431882ef743b2f1727117f920fd6218 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 15:10:46 +0200 Subject: [PATCH 07/14] ci: use gh CLI for auto PR creation --- .github/workflows/auto-pr.yml | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index e47c2cd..c00532d 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -4,26 +4,27 @@ on: push: branches: [dev] -permissions: - contents: read - pull-requests: write - jobs: open-pr: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Create PR if not exists - uses: peter-evans/create-pull-request@v6 - with: - token: ${{ secrets.PAT_TOKEN }} - base: main - branch: dev - title: 'chore: merge dev into main' - body: | - ### Auto-generated PR - Merge latest `dev` changes into `main` to trigger a release. + - name: Open PR dev -> main if not exists + env: + GH_TOKEN: ${{ secrets.PAT_TOKEN }} + run: | + PR=$(gh pr list --base main --head dev --state open --json number -q '.[0].number') + if [ -z "$PR" ]; then + gh pr create \ + --base main \ + --head dev \ + --title "chore: merge dev into main" \ + --body "### Auto-generated PR + Merge latest \`dev\` changes into \`main\` to trigger a release. - > Squash and merge to keep a clean history. - draft: false + > Squash and merge to keep a clean history." + echo "PR created." + else + echo "PR #$PR already open, skipping." + fi From 385cd6e69de153c839b9a95569aa6e0c78f96124 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 15:14:32 +0200 Subject: [PATCH 08/14] ci: use node 22 for semantic-release compatibility --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 60fa746..5ec26e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 22 cache: npm registry-url: https://registry.npmjs.org From 2bddcee22ff02208b0458238c0b6c5bd92d65073 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 15:25:29 +0200 Subject: [PATCH 09/14] ci: switch auto-pr to GITHUB_TOKEN with pull-requests permission --- .github/workflows/auto-pr.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index c00532d..9367388 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -4,6 +4,10 @@ on: push: branches: [dev] +permissions: + contents: write + pull-requests: write + jobs: open-pr: runs-on: ubuntu-latest @@ -12,7 +16,7 @@ jobs: - name: Open PR dev -> main if not exists env: - GH_TOKEN: ${{ secrets.PAT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | PR=$(gh pr list --base main --head dev --state open --json number -q '.[0].number') if [ -z "$PR" ]; then From ac454405bd4304127cdc55c9a612efd51df5d74c Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 15:59:47 +0200 Subject: [PATCH 10/14] ci: use AUTO_PR_TOKEN for PR creation --- .github/workflows/auto-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index 9367388..135eacb 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -16,7 +16,7 @@ jobs: - name: Open PR dev -> main if not exists env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.AUTO_PR_TOKEN }} run: | PR=$(gh pr list --base main --head dev --state open --json number -q '.[0].number') if [ -z "$PR" ]; then From 3c68a843adb5a529c8ab7380a460c7d21c7ba614 Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 17:26:16 +0200 Subject: [PATCH 11/14] ci: trigger auto-pr workflow From cf48458bb990b90cdb37a2038ff44ef95cf3c32e Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 17:50:32 +0200 Subject: [PATCH 12/14] fix: update auto-pr prefix to trigger semantic-release --- .github/workflows/auto-pr.yml | 2 +- package.json | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index 135eacb..af52905 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -23,7 +23,7 @@ jobs: gh pr create \ --base main \ --head dev \ - --title "chore: merge dev into main" \ + --title "fix: merge latest dev updates into main" \ --body "### Auto-generated PR Merge latest \`dev\` changes into \`main\` to trigger a release. diff --git a/package.json b/package.json index be1e055..954242a 100644 --- a/package.json +++ b/package.json @@ -20,12 +20,13 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/nadav-node9/node9-proxy.git" + "url": "git+https://github.com/node9-ai/node9-proxy.git" }, "bugs": { - "url": "https://github.com/nadav-node9/node9-proxy/issues" + "url": "https://github.com/node9-ai/node9-proxy/issues" + }, - "homepage": "https://github.com/nadav-node9/node9-proxy#readme", + "homepage": "https://github.com/node9-ai/node9-proxy#readme", "keywords": [ "ai-security", "mcp", From 4b0199b077da38afec8e5674142b8bbd8bb6252f Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 17:55:40 +0200 Subject: [PATCH 13/14] style: fix formatting in package.json --- package.json | 1 - 1 file changed, 1 deletion(-) diff --git a/package.json b/package.json index 954242a..43d2e36 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,6 @@ }, "bugs": { "url": "https://github.com/node9-ai/node9-proxy/issues" - }, "homepage": "https://github.com/node9-ai/node9-proxy#readme", "keywords": [ From 33b697226209ac0bec160de91b3719f0be57cbcb Mon Sep 17 00:00:00 2001 From: nadav Date: Tue, 10 Mar 2026 17:58:09 +0200 Subject: [PATCH 14/14] fix: resolve auto-pr shell formatting error --- .github/workflows/auto-pr.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index 9f37761..d22a6f6 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -17,6 +17,14 @@ jobs: - name: Open PR dev -> main if not exists env: GH_TOKEN: ${{ secrets.AUTO_PR_TOKEN }} + PR_BODY: | + ### Auto-generated PR + Merge latest `dev` changes into `main` to trigger a release. + + > **⚠️ Important:** When you click Squash and Merge, ensure the commit message starts with: + > - `fix:` to publish a Patch release (0.0.X) + > - `feat:` to publish a Minor release (0.X.0) + > If it starts with `chore:`, no NPM package will be published! run: | PR=$(gh pr list --base main --head dev --state open --json number -q '.[0].number') if [ -z "$PR" ]; then @@ -24,9 +32,7 @@ jobs: --base main \ --head dev \ --title "fix: merge latest dev updates into main" \ - Merge latest \`dev\` changes into \`main\` to trigger a release. - - > Squash and merge to keep a clean history." + --body "$PR_BODY" echo "PR created." else echo "PR #$PR already open, skipping."