Hi @2zqa 👋

[Evilwa1]

          Hi @2zqa 👋 

Thanks for the input! I do agree that it would be useful, however as you've noticed there are some complications involved with updating the package.json and package-lock.json. Additionally, developers may be using other runtimes, so it may not work correctly in those cases.

As an alternative, I maintain a separate action, issue-ops/semver that can be used as a PR check to confirm that the version has been updated before a PR is merged. A usage example is below:

# This workflow checks the version of the application package that is being
# built in the current pull request. If the version has already been published,
# the workflow fails to prevent PRs from being merged until the version has been
# incremented in the manifest file.
name: Version Check

on:
  pull_request:
    branches:
      - main

env:
  MANIFEST_PATH: package.json

permissions:
  checks: write
  contents: read
  pull-requests: write

jobs:
  check-version:
    name: Version Check
    runs-on: ubuntu-latest

    if: ${{ github.actor != 'dependabot[bot]' }}

    steps:
      # The fetch-depth and fetch-tags options are required
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          fetch-tags: true

      - name: Check Version
        id: check-version
        uses: issue-ops/[email protected]
        with:
          check-only: true
          manifest-path: ${{ env.MANIFEST_PATH }}

The end result is the Version Check job is added as a PR check that fails if the version in package.json is already present in the repository tags.

You would need to then need to enable the Require status checks to pass before merging option in your branch protection rules.

Let me know if that helps you!

Originally posted by @ncalteen in #854 (comment)