ci: move changeset-version to shared config

[lachlancollins]

Takes #6937 and moves it to TanStack/config#356 as a shareable action for all TanStack projects

Summary by CodeRabbit

• Chores
  • Consolidated and streamlined GitHub Actions workflow steps for automated package management processes.
  • Broadened workflow trigger filtering and standardized action references for more consistent CI runs.
  • Removed internal utility scripts used for version-previewing and automated PR comment updates.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9763726

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

Consolidates the Changeset preview workflow to use TanStack's centralized reusable actions and removes two local helper scripts that previously generated preview reports and upserted PR comments.

Changes

Cohort / File(s)	Summary
Workflow configuration .github/workflows/changeset-preview.yml	Removed the on.pull_request.paths filter; changed action owner casing from tanstack to TanStack; replaced multiple local workflow steps with a single TanStack/config reusable workflow invocation for changeset preview and updated setup action.
Removed scripts scripts/benchmarks/common/upsert-pr-comment.mjs, scripts/preview-changeset-versions.mjs	Deleted local Node scripts that handled PR comment upserts and generated changeset version preview reports; their logic is no longer present in the repo.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through commits, tidy and spry,
Merged steps to one and waved scripts goodbye.
A leaner workflow, fewer tails to chase,
I nibble on clarity — a tidy little space.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: moving changeset-version configuration to a shared config repository for reuse across TanStack projects.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch shared-changeset-version

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 9763726

Command	Status	Duration	Result
nx affected --targets=test:eslint,test:unit,tes...	✅ Succeeded	<1s	View ↗
nx run-many --target=build --exclude=examples/*...	✅ Succeeded	2s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-17 03:10:58 UTC

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/changeset-preview.yml:
- Around line 24-26: The workflow is using floating refs for shared actions
("uses: TanStack/config/.github/setup@main" and "uses:
TanStack/config/.github/changeset-preview@main"); replace these with immutable
refs by pinning each to a commit SHA or an immutable release tag (e.g., change
the two "uses: TanStack/config/.github/setup@main" and "uses:
TanStack/config/.github/changeset-preview@main" entries to their corresponding
full commit SHAs or tagged versions) so the CI uses a fixed, auditable action
version.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 66386f23-647c-4c94-892e-d694cb99e037

📥 Commits

Reviewing files that changed from the base of the PR and between 8f54d11 and 6138492.

📒 Files selected for processing (3)

• .github/workflows/changeset-preview.yml
• scripts/benchmarks/common/upsert-pr-comment.mjs
• scripts/preview-changeset-versions.mjs

💤 Files with no reviewable changes (2)

• scripts/preview-changeset-versions.mjs
• scripts/benchmarks/common/upsert-pr-comment.mjs

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify mutable action refs in workflow files.
# Expected after fix: no matches.
fd -e yml -e yaml .github/workflows \
  | xargs rg -nP '^\s*uses:\s*[^@]+@(main|master)\b'

Repository: TanStack/router

Length of output: 434

---

🏁 Script executed:

#!/bin/bash
# Verify mutable action refs in workflow files - corrected syntax
fd --full-path '.github/workflows' -e yml -e yaml | xargs rg -nP 'uses:\s*[^@]+@(main|master)\b'

Repository: TanStack/router

Length of output: 43

---

🏁 Script executed:

#!/bin/bash
# Also directly read the specific file and lines mentioned
cat -n .github/workflows/changeset-preview.yml | sed -n '20,30p'

Repository: TanStack/router

Length of output: 347

---

Pin shared workflow actions to immutable refs instead of @main.

Lines 24 and 26 use floating branch refs, which makes CI behavior mutable and increases supply-chain risk if upstream main changes. Pin both actions to full commit SHAs (or immutable release tags).

🔒 Suggested change

      - name: Setup Tools
-       uses: TanStack/config/.github/setup@main
+       uses: TanStack/config/.github/setup@<full-commit-sha>
      - name: Changeset Preview
-       uses: TanStack/config/.github/changeset-preview@main
+       uses: TanStack/config/.github/changeset-preview@<full-commit-sha>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/changeset-preview.yml around lines 24 - 26, The workflow
is using floating refs for shared actions ("uses:
TanStack/config/.github/setup@main" and "uses:
TanStack/config/.github/changeset-preview@main"); replace these with immutable
refs by pinning each to a commit SHA or an immutable release tag (e.g., change
the two "uses: TanStack/config/.github/setup@main" and "uses:
TanStack/config/.github/changeset-preview@main" entries to their corresponding
full commit SHAs or tagged versions) so the CI uses a fixed, auditable action
version.

[pkg-pr-new]

More templates

• tanstack-router-react-example-authenticated-routes
• tanstack-router-react-example-authenticated-routes-firebase
• tanstack-router-react-example-basic
• tanstack-router-react-example-basic-default-search-params
• tanstack-router-react-example-basic-devtools-panel
• tanstack-router-react-example-basic-file-based
• tanstack-router-react-example-basic-non-nested-devtools
• tanstack-router-react-example-react-query
• tanstack-router-react-example-basic-react-query-file-based
• tanstack-router-react-example-basic-ssr-file-based
• tanstack-router-react-example-basic-ssr-streaming-file-based
• tanstack-router-react-example-basic-virtual-file-based
• tanstack-router-react-example-basic-virtual-inside-file-based
• tanstack-router-react-example-deferred-data
• tanstack-router-i18n-paraglide
• tanstack-router-react-example-kitchen-sink
• tanstack-router-react-example-kitchen-sink-file-based
• tanstack-router-react-example-kitchen-sink-react-query
• tanstack-router-react-example-kitchen-sink-react-query-file-based
• tanstack-router-react-example-large-file-based
• tanstack-router-react-example-location-masking
• tanstack-router-react-example-navigation-blocking
• tanstack-router-react-example-quickstart
• tanstack-router-react-example-quickstart-esbuild-file-based
• tanstack-router-react-example-quickstart-file-based
• tanstack-router-react-example-quickstart-rspack-file-based
• tanstack-router-react-example-quickstart-webpack-file-based
• router-monorepo-react-query
• router-mono-simple
• router-mono-simple-lazy
• tanstack-router-react-example-scroll-restoration
• tanstack-search-validator-adapters
• tanstack-start-example-bare
• tanstack-start-example-basic
• tanstack-start-example-basic-auth
• tanstack-router-react-example-basic-authjs
• tanstack-start-example-basic-cloudflare
• tanstack-start-example-basic-react-query
• tanstack-start-example-basic-rsc
• tanstack-start-example-basic-static
• tanstack-start-bun-hosting
• tanstack-start-example-clerk-basic
• tanstack-start-example-convex-trellaux
• tanstack-start-example-counter
• tanstack-start-i18n-paraglide
• tanstack-start-example-large
• tanstack-start-example-material-ui
• tanstack-start-streaming-data-from-server-functions
• tanstack-start-example-supabase-basic
• tanstack-start-tailwind-v4
• tanstack-start-example-trellaux
• tanstack-start-example-workos
• tanstack-router-react-example-view-transitions
• tanstack-router-react-example-with-framer-motion
• tanstack-router-react-example-with-trpc
• tanstack-router-react-example-with-trpc-react-query
• tanstack-router-vue-example-basic-jsx
• tanstack-router-vue-example-basic-file-based-jsx
• tanstack-router-vue-example-basic-file-based-sfc
• tanstack-router-solid-example-authenticated-routes
• tanstack-router-solid-example-authenticated-routes-firebase
• tanstack-router-solid-example-basic
• tanstack-router-solid-example-basic-default-search-params
• tanstack-router-solid-example-basic-devtools-panel
• tanstack-router-solid-example-basic-file-based
• tanstack-router-solid-example-basic-non-nested-devtools
• tanstack-router-solid-example-basic-solid-query
• tanstack-router-solid-example-basic-solid-query-file-based
• tanstack-router-solid-example-basic-ssr-file-based
• tanstack-router-solid-example-basic-ssr-streaming-file-based
• tanstack-router-solid-example-basic-virtual-file-based
• tanstack-router-solid-example-basic-virtual-inside-file-based
• tanstack-router-solid-example-deferred-data
• tanstack-router-solid-i18n-paraglide
• tanstack-router-solid-example-kitchen-sink
• tanstack-router-solid-example-kitchen-sink-file-based
• tanstack-router-solid-example-kitchen-sink-solid-query
• tanstack-router-solid-example-kitchen-sink-solid-query-file-based
• tanstack-router-solid-example-large-file-based
• tanstack-router-solid-example-location-masking
• tanstack-router-solid-example-navigation-blocking
• tanstack-router-solid-example-quickstart
• tanstack-router-solid-example-quickstart-esbuild-file-based
• tanstack-router-solid-example-quickstart-file-based
• tanstack-router-solid-example-quickstart-rspack-file-based
• tanstack-router-solid-example-quickstart-webpack-file-based
• @tanstack/router-solid-mono-simple
• router-solid-mono-simple-lazy
• router-solid-monorepo-solid-query
• tanstack-router-solid-example-scroll-restoration
• tanstack-solid-router-search-validator-adapters
• tanstack-solid-start-example-basic
• tanstack-solid-start-example-basic-auth
• tanstack-solid-start-example-basic-authjs
• tanstack-solid-start-example-basic-cloudflare
• tanstack-solid-start-example-basic-netlify
• tanstack-solid-start-example-basic-nitro
• tanstack-start-example-basic-solid-query
• tanstack-solid-start-example-basic-static
• tanstack-solid-start-bun-hosting
• tanstack-solid-start-example-convex-better-auth
• tanstack-solid-start-example-counter
• tanstack-solid-start-i18n-paraglide
• tanstack-solid-start-example-large
• tanstack-solid-start-streaming-data-from-server-functions
• tanstack-solid-start-example-supabase-basic
• tanstack-solid-start-tailwind-v4
• tanstack-router-solid-example-view-transitions
• tanstack-router-solid-example-with-framer-motion
• tanstack-router-solid-example-with-trpc

@tanstack/arktype-adapter

npm i https://pkg.pr.new/@tanstack/arktype-adapter@6944

@tanstack/eslint-plugin-router

npm i https://pkg.pr.new/@tanstack/eslint-plugin-router@6944

@tanstack/history

npm i https://pkg.pr.new/@tanstack/history@6944

@tanstack/nitro-v2-vite-plugin

npm i https://pkg.pr.new/@tanstack/nitro-v2-vite-plugin@6944

@tanstack/react-router

npm i https://pkg.pr.new/@tanstack/react-router@6944

@tanstack/react-router-devtools

npm i https://pkg.pr.new/@tanstack/react-router-devtools@6944

@tanstack/react-router-ssr-query

npm i https://pkg.pr.new/@tanstack/react-router-ssr-query@6944

@tanstack/react-start

npm i https://pkg.pr.new/@tanstack/react-start@6944

@tanstack/react-start-client

npm i https://pkg.pr.new/@tanstack/react-start-client@6944

@tanstack/react-start-server

npm i https://pkg.pr.new/@tanstack/react-start-server@6944

@tanstack/router-cli

npm i https://pkg.pr.new/@tanstack/router-cli@6944

@tanstack/router-core

npm i https://pkg.pr.new/@tanstack/router-core@6944

@tanstack/router-devtools

npm i https://pkg.pr.new/@tanstack/router-devtools@6944

@tanstack/router-devtools-core

npm i https://pkg.pr.new/@tanstack/router-devtools-core@6944

@tanstack/router-generator

npm i https://pkg.pr.new/@tanstack/router-generator@6944

@tanstack/router-plugin

npm i https://pkg.pr.new/@tanstack/router-plugin@6944

@tanstack/router-ssr-query-core

npm i https://pkg.pr.new/@tanstack/router-ssr-query-core@6944

@tanstack/router-utils

npm i https://pkg.pr.new/@tanstack/router-utils@6944

@tanstack/router-vite-plugin

npm i https://pkg.pr.new/@tanstack/router-vite-plugin@6944

@tanstack/solid-router

npm i https://pkg.pr.new/@tanstack/solid-router@6944

@tanstack/solid-router-devtools

npm i https://pkg.pr.new/@tanstack/solid-router-devtools@6944

@tanstack/solid-router-ssr-query

npm i https://pkg.pr.new/@tanstack/solid-router-ssr-query@6944

@tanstack/solid-start

npm i https://pkg.pr.new/@tanstack/solid-start@6944

@tanstack/solid-start-client

npm i https://pkg.pr.new/@tanstack/solid-start-client@6944

@tanstack/solid-start-server

npm i https://pkg.pr.new/@tanstack/solid-start-server@6944

@tanstack/start-client-core

npm i https://pkg.pr.new/@tanstack/start-client-core@6944

@tanstack/start-fn-stubs

npm i https://pkg.pr.new/@tanstack/start-fn-stubs@6944

@tanstack/start-plugin-core

npm i https://pkg.pr.new/@tanstack/start-plugin-core@6944

@tanstack/start-server-core

npm i https://pkg.pr.new/@tanstack/start-server-core@6944

@tanstack/start-static-server-functions

npm i https://pkg.pr.new/@tanstack/start-static-server-functions@6944

@tanstack/start-storage-context

npm i https://pkg.pr.new/@tanstack/start-storage-context@6944

@tanstack/valibot-adapter

npm i https://pkg.pr.new/@tanstack/valibot-adapter@6944

@tanstack/virtual-file-routes

npm i https://pkg.pr.new/@tanstack/virtual-file-routes@6944

@tanstack/vue-router

npm i https://pkg.pr.new/@tanstack/vue-router@6944

@tanstack/vue-router-devtools

npm i https://pkg.pr.new/@tanstack/vue-router-devtools@6944

@tanstack/vue-router-ssr-query

npm i https://pkg.pr.new/@tanstack/vue-router-ssr-query@6944

@tanstack/vue-start

npm i https://pkg.pr.new/@tanstack/vue-start@6944

@tanstack/vue-start-client

npm i https://pkg.pr.new/@tanstack/vue-start-client@6944

@tanstack/vue-start-server

npm i https://pkg.pr.new/@tanstack/vue-start-server@6944

@tanstack/zod-adapter

npm i https://pkg.pr.new/@tanstack/zod-adapter@6944

commit: 9763726

[github-actions]

🚀 Changeset Version Preview

No changeset entries found. Merging this PR will not cause a version bump for any packages.

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/changeset-preview.yml (1)

22-24: ⚠️ Potential issue | 🟠 Major

Pin shared workflow refs to immutable versions.

Line 22 and Line 24 still use floating @main refs. That keeps CI behavior mutable and weakens supply-chain guarantees. Please pin both uses: entries to immutable commit SHAs (or immutable release tags).

#!/bin/bash
# Verify floating refs in this workflow (expected after fix: no matches)
rg -nP '^\s*uses:\s*TanStack/config/.+@(main|master)\b' .github/workflows/changeset-preview.yml

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/changeset-preview.yml around lines 22 - 24, Replace the
floating refs for the TanStack shared workflows so they’re pinned to immutable
commits/tags: update the two uses entries "uses:
TanStack/config/.github/setup@main" and "uses:
TanStack/config/.github/changeset-preview@main" to use specific commit SHAs or
release tags (e.g., @<full-commit-sha> or `@vX.Y.Z`) instead of `@main`; ensure both
occurrences are updated and verify by running the provided ripgrep check to
confirm no remaining matches to `@main` or `@master`.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/changeset-preview.yml:
- Around line 22-24: Replace the floating refs for the TanStack shared workflows
so they’re pinned to immutable commits/tags: update the two uses entries "uses:
TanStack/config/.github/setup@main" and "uses:
TanStack/config/.github/changeset-preview@main" to use specific commit SHAs or
release tags (e.g., @<full-commit-sha> or `@vX.Y.Z`) instead of `@main`; ensure both
occurrences are updated and verify by running the provided ripgrep check to
confirm no remaining matches to `@main` or `@master`.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1191f6cd-79f4-49d9-bcbc-7a178ec706be

📥 Commits

Reviewing files that changed from the base of the PR and between 6138492 and 9763726.

📒 Files selected for processing (1)

• .github/workflows/changeset-preview.yml

[Sheraff]

@lachlancollins could you restore the scripts/benchmarks/common/upsert-pr-comment.mjs script that was deleted as part of this PR?

[lachlancollins]

@lachlancollins could you restore the scripts/benchmarks/common/upsert-pr-comment.mjs script that was deleted as part of this PR?

Oh damn, I didn't realise it was used by another workflow, sorry! I'll fix shortly.