From d85a393bcd4299e9fb2c1b367f3d3adf0356c728 Mon Sep 17 00:00:00 2001 From: samet Date: Tue, 17 Jun 2025 14:04:55 +0300 Subject: [PATCH 01/15] Add vitepress plugin link --- packages/mermaid/src/docs/ecosystem/integrations-community.md | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/mermaid/src/docs/ecosystem/integrations-community.md b/packages/mermaid/src/docs/ecosystem/integrations-community.md index 0af2cc003..f28570196 100644 --- a/packages/mermaid/src/docs/ecosystem/integrations-community.md +++ b/packages/mermaid/src/docs/ecosystem/integrations-community.md @@ -265,5 +265,6 @@ Communication tools and platforms - [reveal.js-mermaid-plugin](https://github.com/ludwick/reveal.js-mermaid-plugin) - [Reveal CK](https://github.com/jedcn/reveal-ck) - [reveal-ck-mermaid-plugin](https://github.com/tmtm/reveal-ck-mermaid-plugin) +- [Vitepress Plugin](https://github.com/sametcn99/vitepress-mermaid-renderer) From badb019d381abe4a0eb76a8db49a69155631f3ac Mon Sep 17 00:00:00 2001 From: "autofix-ci[bot]" <114827586+autofix-ci[bot]@users.noreply.github.com> Date: Tue, 17 Jun 2025 11:17:51 +0000 Subject: [PATCH 02/15] [autofix.ci] apply automated fixes --- docs/ecosystem/integrations-community.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/ecosystem/integrations-community.md b/docs/ecosystem/integrations-community.md index 27cf22ee1..601c4699d 100644 --- a/docs/ecosystem/integrations-community.md +++ b/docs/ecosystem/integrations-community.md @@ -270,5 +270,6 @@ Communication tools and platforms - [reveal.js-mermaid-plugin](https://github.com/ludwick/reveal.js-mermaid-plugin) - [Reveal CK](https://github.com/jedcn/reveal-ck) - [reveal-ck-mermaid-plugin](https://github.com/tmtm/reveal-ck-mermaid-plugin) +- [Vitepress Plugin](https://github.com/sametcn99/vitepress-mermaid-renderer) From c12090174474ac991f475552656db0251c2cf801 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 12:47:17 +0530 Subject: [PATCH 03/15] Added workflow file for validating pnpm-lock file --- .github/workflows/validate-lockfile.yml | 41 +++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/validate-lockfile.yml diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml new file mode 100644 index 000000000..19c7e10fa --- /dev/null +++ b/.github/workflows/validate-lockfile.yml @@ -0,0 +1,41 @@ +name: Validate pnpm-lock.yaml + +on: + pull_request: + paths: + - 'pnpm-lock.yaml' + - '**/package.json' + - '**/*.js' + - '.github/workflows/validate-lockfile.yml' + +jobs: + validate-lockfile: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Check pnpm-lock.yaml for tarball fields and unexpected paths + run: | + if grep -q 'tarball:' pnpm-lock.yaml; then + echo "❌ tarball field found in pnpm-lock.yaml" + exit 1 + fi + if grep -q 'packages/mermaid/src/vitepress' pnpm-lock.yaml; then + echo "❌ Unexpected path found in pnpm-lock.yaml" + exit 1 + fi + + - name: Ensure pnpm-lock.yaml changes only with package.json + run: | + git fetch origin ${{ github.base_ref }} + git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt + if grep -q '^pnpm-lock.yaml$' changed_files.txt && ! grep -q 'package.json' changed_files.txt; then + echo "❌ pnpm-lock.yaml was changed without any package.json" + exit 1 + fi From be13fb0391fc246a3c2cc5affb1984b35bb578a2 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 12:53:47 +0530 Subject: [PATCH 04/15] Updated origin to event.pull_request.base.ref --- .github/workflows/validate-lockfile.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index 19c7e10fa..b9661a75b 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -33,8 +33,8 @@ jobs: - name: Ensure pnpm-lock.yaml changes only with package.json run: | - git fetch origin ${{ github.base_ref }} - git diff --name-only origin/${{ github.base_ref }}...HEAD > changed_files.txt + git fetch origin ${{ github.event.pull_request.base.ref }} + git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD > changed_files.txt if grep -q '^pnpm-lock.yaml$' changed_files.txt && ! grep -q 'package.json' changed_files.txt; then echo "❌ pnpm-lock.yaml was changed without any package.json" exit 1 From bdaa3f693aa7619543a8c4fda72f08a0abb43232 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 13:11:33 +0530 Subject: [PATCH 05/15] Added PR based sha --- .github/workflows/validate-lockfile.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index b9661a75b..3ac5b5314 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -31,11 +31,11 @@ jobs: exit 1 fi - - name: Ensure pnpm-lock.yaml changes only with package.json + - name: Ensure pnpm-lock.yaml changes only when package.json changes run: | - git fetch origin ${{ github.event.pull_request.base.ref }} - git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD > changed_files.txt - if grep -q '^pnpm-lock.yaml$' changed_files.txt && ! grep -q 'package.json' changed_files.txt; then + git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > changed_files.txt + if grep -q '^pnpm-lock.yaml$' changed_files.txt && \ + ! grep -q 'package.json' changed_files.txt; then echo "❌ pnpm-lock.yaml was changed without any package.json" exit 1 fi From 334c8c2962c26a6e95ad7c5bc6ea9b74f79f6008 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 13:12:56 +0530 Subject: [PATCH 06/15] use depth 0 --- .github/workflows/validate-lockfile.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index 3ac5b5314..3d978ef03 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -14,6 +14,9 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + # so we have both base and head SHAs to diff + fetch-depth: 0 - name: Set up Node.js uses: actions/setup-node@v4 From e1030b186e57e5b1b2ae5101fe3266bf2cc6d9cd Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 13:18:50 +0530 Subject: [PATCH 07/15] Added validation for packages/mermaid/src/vitepress path --- .github/workflows/validate-lockfile.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index 3d978ef03..90c76cfe2 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -15,7 +15,6 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - # so we have both base and head SHAs to diff fetch-depth: 0 - name: Set up Node.js @@ -23,18 +22,21 @@ jobs: with: node-version: 20 - - name: Check pnpm-lock.yaml for tarball fields and unexpected paths + - name: Validate pnpm-lock.yaml entries run: | - if grep -q 'tarball:' pnpm-lock.yaml; then - echo "❌ tarball field found in pnpm-lock.yaml" - exit 1 - fi - if grep -q 'packages/mermaid/src/vitepress' pnpm-lock.yaml; then - echo "❌ Unexpected path found in pnpm-lock.yaml" - exit 1 - fi + forbidden=( + 'tarball:' # no tarball fields + 'packages/mermaid/src/vitepress' # no vitepress paths + ) - - name: Ensure pnpm-lock.yaml changes only when package.json changes + for pat in "${forbidden[@]}"; do + if grep -qF "$pat" pnpm-lock.yaml; then + echo "❌ Forbidden pattern \"$pat\" found in pnpm-lock.yaml" + exit 1 + fi + done + + - name: Ensure pnpm-lock.yaml only when package.json changes run: | git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > changed_files.txt if grep -q '^pnpm-lock.yaml$' changed_files.txt && \ From b45b1d7795ee2f0226598ab2c62ce836d5f0b7fe Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 13:54:18 +0530 Subject: [PATCH 08/15] Trigger Build From 3137cff4a5f0449a41d8900de00b0befa567555a Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 14:07:37 +0530 Subject: [PATCH 09/15] Added auto-comment --- .github/workflows/validate-lockfile.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index 90c76cfe2..d1cf1eb13 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -44,3 +44,21 @@ jobs: echo "❌ pnpm-lock.yaml was changed without any package.json" exit 1 fi + + - name: Comment on PR if validation failed + if: failure() + uses: peter-evans/create-or-update-comment@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + issue-number: ${{ github.event.pull_request.number }} + body: | + ## 🔍 Lockfile Validation Failed + + One or more issues were found in `pnpm-lock.yaml`: + - Tarball references are not allowed. + - `packages/mermaid/src/vitepress` path must not appear in the lockfile. + - `pnpm-lock.yaml` should only change when `package.json` changes. + + Please fix these issues and push an update. + + _Posted automatically by GitHub Actions_ From 222d7170f76bac83cd7cb0d4f57dbb6ac12df2e7 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 14:11:26 +0530 Subject: [PATCH 10/15] Added changeset --- .changeset/plain-hats-sniff.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/plain-hats-sniff.md diff --git a/.changeset/plain-hats-sniff.md b/.changeset/plain-hats-sniff.md new file mode 100644 index 000000000..ddf4050fc --- /dev/null +++ b/.changeset/plain-hats-sniff.md @@ -0,0 +1,5 @@ +--- +'mermaid': minor +--- + +chore:Added workflow file for validating pnpm-lock file From 7dd8ddc3ebcbe2b5f7e7de5ff44350af45823224 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 18:55:45 +0530 Subject: [PATCH 11/15] Added generic message. --- .changeset/plain-hats-sniff.md | 5 --- .github/workflows/validate-lockfile.yml | 49 ++++++++++++++----------- 2 files changed, 28 insertions(+), 26 deletions(-) delete mode 100644 .changeset/plain-hats-sniff.md diff --git a/.changeset/plain-hats-sniff.md b/.changeset/plain-hats-sniff.md deleted file mode 100644 index ddf4050fc..000000000 --- a/.changeset/plain-hats-sniff.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -'mermaid': minor ---- - -chore:Added workflow file for validating pnpm-lock file diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index d1cf1eb13..1c88b3063 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -23,25 +23,34 @@ jobs: node-version: 20 - name: Validate pnpm-lock.yaml entries + id: validate # give this step an ID so we can reference its outputs run: | - forbidden=( - 'tarball:' # no tarball fields - 'packages/mermaid/src/vitepress' # no vitepress paths - ) + issues=() - for pat in "${forbidden[@]}"; do - if grep -qF "$pat" pnpm-lock.yaml; then - echo "❌ Forbidden pattern \"$pat\" found in pnpm-lock.yaml" - exit 1 - fi - done + # 1) No tarball references + if grep -qF 'tarball:' pnpm-lock.yaml; then + issues+=("• Tarball references found (forbidden)") + fi - - name: Ensure pnpm-lock.yaml only when package.json changes - run: | - git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > changed_files.txt - if grep -q '^pnpm-lock.yaml$' changed_files.txt && \ - ! grep -q 'package.json' changed_files.txt; then - echo "❌ pnpm-lock.yaml was changed without any package.json" + # 2) No unwanted vitepress paths + if grep -qF 'packages/mermaid/src/vitepress' pnpm-lock.yaml; then + issues+=("• Disallowed path 'packages/mermaid/src/vitepress' present") + fi + + # 3) Lockfile only changes when package.json changes + git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > changed.txt + if grep -q '^pnpm-lock.yaml$' changed.txt && ! grep -q 'package.json' changed.txt; then + issues+=("• pnpm-lock.yaml changed without any package.json modification") + fi + + # If any issues, output them and fail + if [ ${#issues[@]} -gt 0 ]; then + # Use the new GITHUB_OUTPUT approach to set a multiline output + { + echo "errors<> $GITHUB_OUTPUT exit 1 fi @@ -54,11 +63,9 @@ jobs: body: | ## 🔍 Lockfile Validation Failed - One or more issues were found in `pnpm-lock.yaml`: - - Tarball references are not allowed. - - `packages/mermaid/src/vitepress` path must not appear in the lockfile. - - `pnpm-lock.yaml` should only change when `package.json` changes. + The following issue(s) were detected in `pnpm-lock.yaml`: + ${{ steps.validate.outputs.errors }} - Please fix these issues and push an update. + Please address these and push an update. _Posted automatically by GitHub Actions_ From 6f1e0e4d17edda7b45862672b9dbf051778493a1 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Fri, 20 Jun 2025 18:57:22 +0530 Subject: [PATCH 12/15] Updated message --- .github/workflows/validate-lockfile.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index 1c88b3063..c9370814a 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -61,9 +61,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.pull_request.number }} body: | - ## 🔍 Lockfile Validation Failed - - The following issue(s) were detected in `pnpm-lock.yaml`: + The following issue(s) were detected: ${{ steps.validate.outputs.errors }} Please address these and push an update. From 2f58a0e188cf152714f2b69bc934402d7704e8b9 Mon Sep 17 00:00:00 2001 From: Nacho Orlandoni Date: Fri, 20 Jun 2025 22:07:14 -0400 Subject: [PATCH 13/15] Kill the bird This seems like an abandoned product, where the author went on a rampage trying to get it included into as many repositories as he can as a publicity stunt and no longer even works... --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 760ce0f25..3f26a75f2 100644 --- a/README.md +++ b/README.md @@ -95,10 +95,6 @@ In our release process we rely heavily on visual regression tests using [applito -## Mermaid AI Bot - -[Mermaid](https://codeparrot.ai/oracle?owner=mermaid-js&repo=mermaid) Bot will help you understand this repository better. You can ask for code examples, installation guide, debugging help and much more. - ## Examples **The following are some examples of the diagrams, charts and graphs that can be made using Mermaid. Click here to jump into the [text syntax](https://mermaid.js.org/intro/syntax-reference.html).** From c5f89eaa9a08670ddd4eae8fc30600c197ce9422 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Mon, 23 Jun 2025 12:41:21 +0530 Subject: [PATCH 14/15] Update .github/workflows/validate-lockfile.yml Co-authored-by: Sidharth Vinod --- .github/workflows/validate-lockfile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index c9370814a..fd59b73b7 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -34,7 +34,7 @@ jobs: # 2) No unwanted vitepress paths if grep -qF 'packages/mermaid/src/vitepress' pnpm-lock.yaml; then - issues+=("• Disallowed path 'packages/mermaid/src/vitepress' present") + issues+=("• Disallowed path 'packages/mermaid/src/vitepress' present. Run `rm -rf packages/mermaid/src/vitepress && pnpm install` to regenerate.") fi # 3) Lockfile only changes when package.json changes From 0623a87d70eaeccc7ae24b7a3a6ad6621c0dc8a8 Mon Sep 17 00:00:00 2001 From: shubham-mermaid Date: Mon, 23 Jun 2025 12:43:13 +0530 Subject: [PATCH 15/15] Removed js file check in paths --- .github/workflows/validate-lockfile.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/validate-lockfile.yml b/.github/workflows/validate-lockfile.yml index fd59b73b7..38c71adaa 100644 --- a/.github/workflows/validate-lockfile.yml +++ b/.github/workflows/validate-lockfile.yml @@ -5,7 +5,6 @@ on: paths: - 'pnpm-lock.yaml' - '**/package.json' - - '**/*.js' - '.github/workflows/validate-lockfile.yml' jobs: