Conversation
📝 WalkthroughWalkthroughAdds a GitHub Actions workflow that automatically announces releases on Mastodon when the CHANGELOG.md is updated on the main branch. The workflow verifies a logo file exists, then posts release details to Mastodon using an external action, but only when the commit message contains "chore(main): release". Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/announce-release.yml:
- Line 50: Add a new workflow step with id "extract-release-notes" before the
"Post to Mastodon" step to populate
steps.extract-release-notes.outputs.release_notes; implement it using a
changelog parser action (e.g., stefanzweifel/changelog-parser-action) or a small
script that reads your changelog/release body and sets the output
"release_notes", then reference that output in the existing Post to Mastodon
step so steps.extract-release-notes.outputs.release_notes is defined.
- Line 35: The workflow references a mismatched image name: the verification
step checks for "long_logo_env_modules.png" but the usage line sets image:
"long_logo_conda.png"; update the usage to image: "long_logo_env_modules.png"
(or alternatively change the verification to check for "long_logo_conda.png") so
the filename used by the image key matches the file validated earlier.
- Line 31: Replace the unpinned GitHub Action reference to
snakemake/mastodon-release-post-action@main with a pinned release tag to avoid
accidental or malicious changes; edit the workflow step that currently uses
"snakemake/mastodon-release-post-action@main" and change it to a specific
version such as "snakemake/mastodon-release-post-action@v1.7.6" (or use the
minor-series pin "snakemake/mastodon-release-post-action@v1.7" if you want
automatic patch updates) so the action code is stable and auditable.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pr_logo/logo_logo_env_modules.pngis excluded by!**/*.png
📒 Files selected for processing (1)
.github/workflows/announce-release.yml
| echo "Logo file found at: ${{ github.workspace }}/pr_logo/long_logo_env_modules.png" | ||
|
|
||
| - name: Post to Mastodon | ||
| uses: snakemake/mastodon-release-post-action@main # == latest |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check available tags/releases for the mastodon-release-post-action
gh api repos/snakemake/mastodon-release-post-action/tags --jq '.[].name' 2>/dev/null || echo "No tags found or repo not accessible via gh CLI"
gh api repos/snakemake/mastodon-release-post-action/releases --jq '.[].tag_name' 2>/dev/null || echo "No releases found or repo not accessible via gh CLI"Repository: snakemake/snakemake-software-deployment-plugin-envmodules
Length of output: 424
🌐 Web query:
snakemake mastodon-release-post-action releases versions github
💡 Result:
In the snakemake/snakemake repository there is a GitHub Actions workflow named “Announce Release on Mastodon”, which is intended to post to Mastodon when a GitHub Release is made/published. [1]
To figure out which mastodon-release-post-action repo and which versions/tags it uses:
- Open the workflow definition YAML for that workflow in the Snakemake repo (the file under
.github/workflows/corresponding to “Announce Release on Mastodon”). - In that YAML, find the step like
uses: <owner>/mastodon-release-post-action@....- The part after
@is the version selector (typically a tag likev1or a full tag likev1.2.3).
- The part after
- Go to that action’s GitHub repo Releases/Tags page and confirm what the referenced tag points to (best practice is pinning to a major tag like
@v1so you get non-breaking updates).
Separately, Snakemake itself is actively released (e.g., the repo shows v9.16.3 as a “Latest” release on Feb 5, 2026), which is the kind of event that workflow is meant to announce. [2]
Sources: [1] [2]
🏁 Script executed:
#!/bin/bash
# Try using curl to access GitHub API without authentication for public repos
# Check releases and tags for the mastodon-release-post-action
echo "=== Checking releases via public API ==="
curl -s https://api.github.com/repos/snakemake/mastodon-release-post-action/releases | jq -r '.[].tag_name' | head -20
echo ""
echo "=== Checking tags via public API ==="
curl -s https://api.github.com/repos/snakemake/mastodon-release-post-action/tags | jq -r '.[].name' | head -20
echo ""
echo "=== Checking repo info ==="
curl -s https://api.github.com/repos/snakemake/mastodon-release-post-action | jq '{name, description, default_branch, has_releases}'Repository: snakemake/snakemake-software-deployment-plugin-envmodules
Length of output: 569
🌐 Web query:
site:github.com snakemake/mastodon-release-post-action releases tags
💡 Result:
- The repo snakemake/mastodon-release-post-action has 24 GitHub releases; the latest release is
v1.7.6(Nov 30, 2025). [1] - Its tags include version tags like
v1.7.6, plus moving major/minor tagsv1andv1.7(both dated Nov 30, 2025 and pointing at the same commit asv1.7.6). [2]
Pin action to a specific version.
Using @main for actions is a security and reliability risk—the action code could change unexpectedly or be compromised. The snakemake/mastodon-release-post-action has multiple stable releases available. Pin to a specific version tag instead (e.g., @v1.7.6 for the latest release, or @v1.7 for receiving patch updates within the minor version).
Example fix
- uses: snakemake/mastodon-release-post-action@main # == latest
+ uses: snakemake/mastodon-release-post-action@v1.7.6📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: snakemake/mastodon-release-post-action@main # == latest | |
| uses: snakemake/mastodon-release-post-action@v1.7.6 |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/announce-release.yml at line 31, Replace the unpinned
GitHub Action reference to snakemake/mastodon-release-post-action@main with a
pinned release tag to avoid accidental or malicious changes; edit the workflow
step that currently uses "snakemake/mastodon-release-post-action@main" and
change it to a specific version such as
"snakemake/mastodon-release-post-action@v1.7.6" (or use the minor-series pin
"snakemake/mastodon-release-post-action@v1.7" if you want automatic patch
updates) so the action code is stable and auditable.
| with: | ||
| access-token: ${{ secrets.MASTODONBOT }} | ||
| pr-title: ${{ github.event.head_commit.message }} | ||
| image: "long_logo_conda.png" |
There was a problem hiding this comment.
Image filename mismatch.
Line 24 verifies long_logo_env_modules.png exists, but this line references long_logo_conda.png. The workflow will verify one file and then attempt to use a different file that may not exist.
🐛 Proposed fix
- image: "long_logo_conda.png"
+ image: "pr_logo/long_logo_env_modules.png"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| image: "long_logo_conda.png" | |
| image: "pr_logo/long_logo_env_modules.png" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/announce-release.yml at line 35, The workflow references a
mismatched image name: the verification step checks for
"long_logo_env_modules.png" but the usage line sets image:
"long_logo_conda.png"; update the usage to image: "long_logo_env_modules.png"
(or alternatively change the verification to check for "long_logo_conda.png") so
the filename used by the image key matches the file validated earlier.
|
|
||
| See {{ changelog }} for details. Here is the header of the changelog: | ||
|
|
||
| ${{ steps.extract-release-notes.outputs.release_notes }} |
There was a problem hiding this comment.
Missing step extract-release-notes.
This references steps.extract-release-notes.outputs.release_notes, but no step with id: extract-release-notes is defined in the workflow. This will result in an empty value being interpolated.
You need to add a step that extracts release notes before the "Post to Mastodon" step, for example using an action like stefanzweifel/changelog-parser-action or a custom script.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/announce-release.yml at line 50, Add a new workflow step
with id "extract-release-notes" before the "Post to Mastodon" step to populate
steps.extract-release-notes.outputs.release_notes; implement it using a
changelog parser action (e.g., stefanzweifel/changelog-parser-action) or a small
script that reads your changelog/release body and sets the output
"release_notes", then reference that output in the existing Post to Mastodon
step so steps.extract-release-notes.outputs.release_notes is defined.
1 participant
adding Mastodon announcement workflow.
Please check message and logo file.
Summary by CodeRabbit