ci(repo): post Major Version Check as a commit status on the PR head

[jacekradko]

Approving an !allow-major bump never cleared this check, because the issue_comment re-run's implicit check-run lands on main, not the PR head, which is why it couldn't be required. It now writes an explicit Major Version Check commit status to the PR head on every run, and keeps the job green even when posting a red status so the approval re-run's green isn't shadowed by a stale red check-run.

Two things to scrutinize: approver detection uses the default GITHUB_TOKEN, which only sees public org members, so !allow-major from a private member is silently ignored (approvers need public clerk membership); and fork PRs get a read-only token, so the workflow swallows that one 403 to stay green while rethrowing everything else, including a transient 403/5xx during the membership check that would otherwise drop a valid approval.

Also recomputes on comment deleted and paginates the file/comment lists. Follow-up after merge: add Major Version Check to the required checks on main, merge-first or it blocks every open PR waiting on a context that doesn't exist yet.

Summary by CodeRabbit

• Chores
  • Enhanced the major version check workflow to post an explicit commit status directly on the pull request head for clearer visibility.
  • Added support for reacting to relevant issue comments in addition to existing pull request events.
  • Updated major-change detection to review changeset metadata and require an explicit approval comment before allowing major changes, otherwise the check reports failure.

[changeset-bot]

🦋 Changeset detected

Latest commit: 0b9cb26

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 29, 2026 4:13pm
swingset	Ready	Preview, Comment	Jun 29, 2026 4:13pm

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates the major version check workflow to post commit statuses on the PR head SHA, paginate PR files and comments, inspect .changeset/ frontmatter for major, and validate !allow-major approvals from organization members.

Changes

Major Version Check Workflow Refactor

Layer / File(s)	Summary
Permissions, infrastructure, and changeset metadata .changeset/major-version-check-pr-head-status.md, .github/workflows/major-version-check.yml	Workflow permissions add statuses: write, the script resolves PR and head SHA for both trigger payload shapes, and a new changeset markdown file is added.
Commit status posting .github/workflows/major-version-check.yml	A shared helper posts commit statuses to the PR head SHA with repos.createCommitStatus, and HTTP 403 responses are warned on without failing the job.
Major changeset detection .github/workflows/major-version-check.yml	PR files are paginated, non-removed .changeset/ files are fetched at the head ref, and only YAML frontmatter is checked for a major field; missing majors post success and exit.
Approval verification and final status .github/workflows/major-version-check.yml	PR comments are paginated to find trimmed, case-insensitive !allow-major comments, commenters are verified with orgs.checkMembershipForUser, and the result posts success or failure statuses while leaving the job non-failing.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested Reviewers

• wobsoriano

Poem

🐇 I hop through checks with status bright,
A PR head shines in GitHub light,
Major blooms in YAML's nest,
!allow-major seals the rest,
With rabbit paws, the workflow's set 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main workflow change: posting Major Version Check as a commit status on the PR head.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8761

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8761

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8761

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8761

@clerk/electron

npm i https://pkg.pr.new/@clerk/electron@8761

@clerk/electron-passkeys

npm i https://pkg.pr.new/@clerk/electron-passkeys@8761

@clerk/eslint-plugin

npm i https://pkg.pr.new/@clerk/eslint-plugin@8761

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8761

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8761

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8761

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8761

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8761

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8761

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8761

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8761

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8761

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8761

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8761

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8761

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8761

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8761

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8761

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8761

commit: 0b9cb26

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/major-version-check.yml:
- Around line 101-112: The catch block around
github.rest.orgs.checkMembershipForUser currently swallows all errors; change it
to only ignore a 404 by checking error?.status === 404 and continuing in that
case, but rethrow any other errors so transient 403/5xx fail fast; update the
catch that wraps the call to github.rest.orgs.checkMembershipForUser (the block
referencing comment.user.login and approvalFound) to implement this conditional
rethrow.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: ebe6bfe6-06fb-45cb-85b5-de8a05713ccb

📥 Commits

Reviewing files that changed from the base of the PR and between 83f50f6 and 84d3685.

📒 Files selected for processing (2)

• .changeset/major-version-check-pr-head-status.md
• .github/workflows/major-version-check.yml