ci: add PR-build changelog for TestFlight and Play Store

[diegolmello]

Proposed changes

Build PR builds landed on TestFlight and the Play Store internal track with no release notes, so reviewers scrolling a list of near-identical PR builds couldn't tell which build belonged to which PR. This adds a compact identifying changelog to PR builds on both platforms.

The note format:

<PR title> (#<PR number>)

<7-char SHA> <commit subject>
<7-char SHA> <commit subject>
...

Commits are newest-first (HEAD on top), merge commits kept, capped at 500 graphemes with no ellipsis (grapheme-aware so emoji/non-ASCII titles count the way the stores count them). When a PR is large, the oldest rows drop first so the title and latest commit always survive.

What changed:

• Changelog script .github/scripts/changelog.js — one module with two CLI modes. pr mode (PR builds) builds the note from pr.json via formatPrChangelog({title, number, commits}) and writes changelog.txt. cap mode (develop Android) caps an existing changelog.txt to the Play Store 500-grapheme limit (497 + ...). PR data comes from gh pr view --json title,number,commits (the PR title isn't in git history, and gh avoids shallow-clone concerns). This single module replaces the two former scripts — generate-pr-changelog.js and the develop prepare-changelog.js — which each reimplemented the same grapheme-aware cap.
• build-pr.yml — the generate-pr-changelog job publishes the note as the same release-changelog artifact the develop workflow already uses; both build jobs depend on it.
• upload-ios / upload-android actions — download the changelog artifact for the PR trigger too.
• iOS Fastfile — external distribution (distribute_external, notify_external_testers, External Testers group) is now gated on the trigger being develop, not on changelog presence. PR builds get the note but stay internal-only — external testers are never emailed an unreviewed PR build.
• Android Fastfile / upload action — the PR path copies changelog.txt straight into the Play Store changelog metadata (no ellipsis), and the internal beta lane uploads the changelog while skipping other store metadata.

The Build Develop changelog path is unchanged in behavior — the tag-diff git log source, the 500-grapheme ellipsis cap (now via changelog.js cap instead of a separate prep script), the open-testing lane, and external distribution all stay as before.

Issue(s)

https://rocketchat.atlassian.net/browse/NATIVE-1309

How to test or reproduce

This PR's own CI run is the integration test. On the PR build:

• TestFlight "What to Test" shows the PR title + number, then newest-first commit rows (merges included), under 500 graphemes.
• The iOS PR build stays internal-only — no external-tester email/distribution.
• The Play Store internal-track build shows the same note.
• The develop build's changelog and external distribution are unaffected.

Screenshots

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Improvement (non-breaking change which improves a current function)
• New feature (non-breaking change which adds functionality)
• Documentation update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if applicable)
• I have added necessary documentation (if applicable)
• Any dependent changes have been merged and published in downstream modules

Further comments

PR builds now carry a changelog, which flips skip_waiting_for_build_processing to false on iOS — the iOS PR upload now waits for App Store build processing (a few minutes to ~30) to attach "What to Test", instead of returning immediately. That's required to set the note; heads-up for anyone watching PR build durations.

No automated tests are added for the release tooling, matching the repo convention that GitHub Actions / Fastlane scripts aren't unit-tested here. Verification is the PR CI run itself.

https://claude.ai/code/session_01SaW69xLzUYPJdoVJoP2EJQ

Summary by CodeRabbit

• Chores
  • Enhanced changelog generation for beta releases across both Android and iOS platforms
  • Improved changelog metadata handling for Play Store and TestFlight uploads
  • Implemented character limit enforcement for changelog text to ensure proper display in app stores

[coderabbitai]

Walkthrough

Adds a changelog.js script (replacing prepare-changelog.js) that formats PR commit data into a 500-grapheme-capped changelog, introduces a generate-pr-changelog CI job in the PR workflow, and expands the Android and iOS upload actions to run changelog steps for both develop and pr triggers.

Changes

PR Changelog Pipeline

Layer / File(s)	Summary
Changelog formatter script .github/scripts/changelog.js, .github/scripts/prepare-changelog.js	New changelog.js provides grapheme-aware capGraphemes/graphemes utilities, a formatPrChangelog function with 500-grapheme enforcement and newest-first ordering, and a CLI with pr (reads pr.json, writes changelog.txt) and cap (reads changelog.txt, writes versioned Fastlane path) modes. The previous prepare-changelog.js is deleted entirely.
generate-pr-changelog workflow job .github/workflows/build-pr.yml	Adds a generate-pr-changelog job that runs gh pr view into pr.json, executes changelog.js pr, and uploads changelog.txt as the release-changelog artifact; android-build-store and ios-build-store both gain generate-pr-changelog in their needs.
Android upload action and Fastfile .github/actions/upload-android/action.yml, android/fastlane/Fastfile	The release-changelog download and metadata preparation steps now run for develop and pr; the prepare step branches by trigger to either copy changelog.txt directly (pr) or invoke changelog.js cap / write a default message (develop). The Fastfile beta lane adds skip_upload_metadata, skip_upload_images, skip_upload_screenshots: true and skip_upload_changelogs: false flags.
iOS upload action and Fastfile .github/actions/upload-ios/action.yml, ios/fastlane/Fastfile	The step if guard is expanded to develop || pr; a TRIGGER env var is passed to Fastlane. The Fastfile beta lane closes the changelog block and gates distribute_external, notify_external_testers, and External Testers group assignment on ENV["TRIGGER"] == "develop".

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• RocketChat/Rocket.Chat.ReactNative#7321: Touches the same iOS upload composite action's changelog-handling conditional, previously narrowing it to develop-only, which this PR reverses and extends to include pr.

Suggested labels

type: feature

Suggested reviewers

• OtavioStasiak

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding PR-build changelog generation for both TestFlight (iOS) and Play Store (Android) platforms.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (2)

• NATIVE-1309: Request failed with status code 401
• F85F-4929: Request failed with status code 401

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/build-pr.yml (1)

28-30: ⚡ Quick win

Disable credential persistence in checkout for this job.

actions/checkout persists a token in git config by default. This job only needs GH_TOKEN for gh pr view, so turning that off reduces unnecessary credential exposure.

Suggested patch

       - name: Checkout Repository
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build-pr.yml around lines 28 - 30, The actions/checkout
action at version v4.3.1 in the Checkout Repository step is currently persisting
git credentials by default. To reduce unnecessary credential exposure and align
with security best practices, add a with section to the actions/checkout step
that sets persist-credentials to false, since this job only requires GH_TOKEN
for the gh pr view command and does not need git credentials to be stored in the
git config.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/build-pr.yml:
- Around line 28-30: The actions/checkout action at version v4.3.1 in the
Checkout Repository step is currently persisting git credentials by default. To
reduce unnecessary credential exposure and align with security best practices,
add a with section to the actions/checkout step that sets persist-credentials to
false, since this job only requires GH_TOKEN for the gh pr view command and does
not need git credentials to be stored in the git config.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7d2d94cb-848e-4e64-8452-88ee584a000e

📥 Commits

Reviewing files that changed from the base of the PR and between 83b18a2 and 7096bee.

📒 Files selected for processing (6)

• .github/actions/upload-android/action.yml
• .github/actions/upload-ios/action.yml
• .github/scripts/generate-pr-changelog.js
• .github/workflows/build-pr.yml
• android/fastlane/Fastfile
• ios/fastlane/Fastfile

📜 Review details

🧰 Additional context used

🪛 zizmor (1.25.2)

.github/workflows/build-pr.yml

[warning] 28-29: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

---

[warning] 48-48: secrets unconditionally inherited by called workflow (secrets-inherit): this reusable workflow

(secrets-inherit)

🔇 Additional comments (6)

.github/scripts/generate-pr-changelog.js (1)

4-36: LGTM!

.github/workflows/build-pr.yml (1)

31-43: LGTM!

Also applies to: 45-50, 58-58

.github/actions/upload-android/action.yml (1)

41-53: LGTM!

android/fastlane/Fastfile (1)

40-44: LGTM!

.github/actions/upload-ios/action.yml (1)

86-89: LGTM!

Also applies to: 103-103

ios/fastlane/Fastfile (1)

55-57: LGTM!

[github-actions]

Android Build Available

Rocket.Chat 4.74.0.109140

Internal App Sharing: https://play.google.com/apps/test/RQQ8k09hlnQ/ahAO29uNTSAUHUZYHhCIozI1jQp24lvgYDlMCF7-wT0xukI1NiBnl-2pj9IycA5EeEqhIIOe12_zY-bMFIjD-_aGmz

[github-actions]

iOS Build Available

Rocket.Chat 4.74.0.109141

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/workflows/build-pr.yml (1)

22-26: ⚖️ Poor tradeoff

Consider removing the dependency on run-eslint-and-test for faster feedback.

The changelog generation is independent of lint/test results and could run in parallel. The current dependency adds latency but avoids generating changelogs for PRs that fail linting or tests. If CI speed is a priority, consider removing the needs constraint; otherwise, the current design is reasonable for avoiding wasted compute.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/build-pr.yml around lines 22 - 26, The
`generate-pr-changelog` job currently depends on the `run-eslint-and-test` job
via the `needs` constraint, which adds unnecessary latency since changelog
generation is independent of lint and test results. To improve CI speed and
enable parallel execution, remove the `needs: [run-eslint-and-test]` line from
the `generate-pr-changelog` job definition. This will allow the changelog
generation to run concurrently with linting and testing rather than waiting for
them to complete first.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/scripts/changelog.js:
- Around line 20-39: The formatPrChangelog function assumes commits is an array
with objects containing oid and messageHeadline properties without validating
the input structure. If the input is malformed (corrupted JSON or API schema
changes), the function will crash with cryptic errors. Add input validation at
the beginning of the formatPrChangelog function to verify that commits is an
array and that each commit object contains the required oid and messageHeadline
properties. Throw a descriptive error if validation fails, so callers get clear
feedback about what went wrong instead of undefined errors from trying to access
missing properties.
- Around line 50-53: Add validation after the buildVersion constant assignment
to ensure that process.env.BUILD_VERSION is defined and non-empty before passing
it to the file path in the fs.writeFileSync call. If buildVersion is undefined
or falsy, throw an error with a descriptive message instructing that the
BUILD_VERSION environment variable must be set, or exit the process to prevent
silently creating a file with "undefined" in the path.
- Around line 10-18: The capGraphemes function lacks validation for its
documented precondition that when ellipsis is true, the limit must be at least
4. Add a guard clause at the beginning of the capGraphemes function to validate
that when the ellipsis option is enabled, the limit parameter is at least 4.
This will prevent the function from returning only "..." when the limit is too
small, ensuring the precondition stated in the comment is enforced.
- Around line 46-56: Add try-catch blocks around the file I/O operations and
JSON parsing in both the "pr" and "cap" mode branches to prevent script crashes
from missing files, malformed JSON, or permission errors. Specifically, wrap the
fs.readFileSync call for pr.json and its JSON.parse operation in a try-catch
block that logs a clear error message when parsing or reading fails, and
similarly wrap the fs.readFileSync and fs.writeFileSync operations in the "cap"
mode block with error handling that provides actionable feedback. Each catch
block should log descriptive error messages indicating what failed (file not
found, JSON parse error, permission denied, etc.) rather than letting the
generic Node.js error propagate.

---

Nitpick comments:
In @.github/workflows/build-pr.yml:
- Around line 22-26: The `generate-pr-changelog` job currently depends on the
`run-eslint-and-test` job via the `needs` constraint, which adds unnecessary
latency since changelog generation is independent of lint and test results. To
improve CI speed and enable parallel execution, remove the `needs:
[run-eslint-and-test]` line from the `generate-pr-changelog` job definition.
This will allow the changelog generation to run concurrently with linting and
testing rather than waiting for them to complete first.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8f87f335-d963-476c-b1ca-23f6ec1a272b

📥 Commits

Reviewing files that changed from the base of the PR and between 7096bee and 7cf7b8b.

📒 Files selected for processing (4)

• .github/actions/upload-android/action.yml
• .github/scripts/changelog.js
• .github/scripts/prepare-changelog.js
• .github/workflows/build-pr.yml

💤 Files with no reviewable changes (1)

• .github/scripts/prepare-changelog.js

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/actions/upload-android/action.yml

📜 Review details

🔇 Additional comments (5)

.github/scripts/changelog.js (2)

1-8: LGTM!

---

41-41: LGTM!

.github/workflows/build-pr.yml (3)

28-29: LGTM!

---

31-36: LGTM!

---

38-43: LGTM!

[github-actions]

Android Build Available

Rocket.Chat 4.74.0.109144

Internal App Sharing: https://play.google.com/apps/test/RQQ8k09hlnQ/ahAO29uNQp_0N_YuW-8s88yYMpSxIIkuEDihwStz8mxOUqAR1gnxaMVlESBbp8DKcQemTQcNZ2r8L1Gq4-7pmXaZRg

[github-actions]

iOS Build Available

Rocket.Chat 4.74.0.109146