docs(issue-form): guide TestFlight/dev users to report the exact build

The version dropdown lists published releases only, so a TestFlight or dev
build will not appear in it. Point those reporters to the
"TestFlight/Development build" option and the exact version shown in the
app's Settings.

.github/ISSUE_TEMPLATE/issue_report.yml

@@ -75,10 +75,13 @@ body:
     id: version
     attributes:
       label: Streamyfin Version
-      description: What version of Streamyfin are you running?
+      description: What version of Streamyfin are you running? On a TestFlight or development build, choose "TestFlight/Development build" and include the exact version shown in the app's Settings (e.g. 0.55.0 (42)).
       options:
+        - 0.54.1
+        - 0.51.0
         - 0.47.1
         - 0.30.2
+        - 0.28.0
         - older
         - TestFlight/Development build
     validations:

.github/workflows/linting.yml

@@ -12,6 +12,38 @@ permissions:
   contents: read
 
 jobs:
+  validate_pr_title:
+    name: "📝 Validate PR Title"
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: write
+      contents: read
+    steps:
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        id: lint_pr_title
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Hey there and thank you for opening this pull request! 👋🏼
+            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/).
+
+            **Error details:**
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
+        with:
+          header: pr-title-lint-error
+          delete: true
+
   dependency-review:
     name: 🔍 Vulnerable Dependencies
     runs-on: ubuntu-24.04

.github/workflows/pr-validation.yml

@@ -1,136 +0,0 @@
-name: 🚦 PR Validation
-
-# Uses pull_request_target so the jobs get a write token even on fork PRs (to comment
-# and label) — same as seerr. SECURITY: never check out or run the PR head's code here;
-# we only read the title/body from the event payload and run our own scripts from the base.
-on:
-  pull_request_target:
-    types: [opened, edited, synchronize, reopened]
-  workflow_dispatch:
-
-permissions: {}
-
-concurrency:
-  group: pr-validation-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  validate_pr_title:
-    name: "📝 Validate PR Title"
-    if: github.event_name == 'pull_request_target'
-    runs-on: ubuntu-24.04
-    permissions:
-      pull-requests: write
-      contents: read
-    steps:
-      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
-        id: lint_pr_title
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
-        if: always() && (steps.lint_pr_title.outputs.error_message != null)
-        with:
-          header: pr-title-lint-error
-          message: |
-            Hey there and thank you for opening this pull request! 👋🏼
-            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/).
-
-            **Error details:**
-            ```
-            ${{ steps.lint_pr_title.outputs.error_message }}
-            ```
-
-      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
-        with:
-          header: pr-title-lint-error
-          delete: true
-
-  validate_pr_template:
-    name: "📋 Validate PR Template"
-    # Skip pushes to an existing PR (the body rarely changes) and bot-authored PRs.
-    if: >-
-      github.event_name == 'pull_request_target' &&
-      github.event.action != 'synchronize' &&
-      github.actor != 'renovate[bot]' &&
-      github.actor != 'github-actions[bot]'
-    runs-on: ubuntu-24.04
-    permissions:
-      pull-requests: write
-      issues: write
-      contents: read
-    steps:
-      - name: "📥 Checkout"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: "🍞 Setup Bun"
-        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
-        with:
-          bun-version: latest
-
-      - name: "📝 Write PR body to file"
-        env:
-          PR_BODY: ${{ github.event.pull_request.body }}
-        run: printf '%s' "$PR_BODY" > /tmp/pr-body.txt
-
-      - name: "📂 List changed files"
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          gh api "repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files" \
-            --paginate --jq '.[].filename' > /tmp/pr-files.txt
-
-      - name: "🔎 Validate body against template"
-        id: check
-        env:
-          AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
-          PR_FILES: /tmp/pr-files.txt
-        run: |
-          set +e
-          bun scripts/check-pr-template.mjs /tmp/pr-body.txt > /tmp/pr-issues.json
-          echo "code=$?" >> "$GITHUB_OUTPUT"
-
-      - name: "💬 Report problems"
-        if: steps.check.outputs.code != '0'
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v8.0.0
-        with:
-          script: |
-            const fs = require('fs');
-            let issues;
-            try { issues = JSON.parse(fs.readFileSync('/tmp/pr-issues.json', 'utf8')); }
-            catch { issues = ["The PR template check could not parse the description. Please make sure it follows the template."]; }
-            if (!Array.isArray(issues) || issues.length === 0) issues = ["The PR description does not follow the template."];
-            const body = [
-              "👋 Thanks for the PR! A few things in the description need attention before review:",
-              "",
-              ...issues.map((i) => `- ${i}`),
-              "",
-              "Please update the PR description ([template](https://github.com/${{ github.repository }}/blob/develop/.github/pull_request_template.md)). This check re-runs when you edit it.",
-            ].join("\n");
-            const { owner, repo } = context.repo;
-            const issue_number = context.payload.pull_request.number;
-            const marker = "<!-- pr-template-check -->";
-            const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number });
-            const existing = comments.find((c) => c.body?.includes(marker));
-            const payload = `${marker}\n${body}`;
-            if (existing) await github.rest.issues.updateComment({ owner, repo, comment_id: existing.id, body: payload });
-            else await github.rest.issues.createComment({ owner, repo, issue_number, body: payload });
-            const label = "blocked: template";
-            try { await github.rest.issues.getLabel({ owner, repo, name: label }); }
-            catch { await github.rest.issues.createLabel({ owner, repo, name: label, color: "d93f0b", description: "PR description does not follow the template" }); }
-            await github.rest.issues.addLabels({ owner, repo, issue_number, labels: [label] });
-            core.setFailed(`PR template check failed:\n- ${issues.join("\n- ")}`);
-
-      - name: "✅ Clear problems on success"
-        if: steps.check.outputs.code == '0'
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v8.0.0
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const issue_number = context.payload.pull_request.number;
-            const marker = "<!-- pr-template-check -->";
-            const comments = await github.paginate(github.rest.issues.listComments, { owner, repo, issue_number });
-            const existing = comments.find((c) => c.body?.includes(marker));
-            if (existing) await github.rest.issues.deleteComment({ owner, repo, comment_id: existing.id });
-            try { await github.rest.issues.removeLabel({ owner, repo, issue_number, name: "blocked: template" }); } catch {}

.github/workflows/update-issue-form.yml

@@ -1,67 +1,90 @@
-name: 🐛 Update Bug Report Template
+name: 🐛 Update Issue Form Versions
 
 on:
   release:
-    types: [published]  # Run on every published release on any branch
+    # Only full releases populate the dropdown (no drafts/prereleases).
+    types: [released]
+  schedule:
+    - cron: "0 3 * * 1" # Weekly safety net (Mondays 03:00 UTC) in case a release event was missed
+  workflow_dispatch:
 
 concurrency:
-   group: update-issue-form-${{ github.event.release.tag_name || github.run_id }}
-   cancel-in-progress: true
+  group: update-issue-form-${{ github.event.release.tag_name || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
 
 jobs:
-  update-bug-report:
+  update-issue-form:
+    name: 🔢 Populate version dropdown
+    runs-on: ubuntu-24.04
     permissions:
       contents: write
       pull-requests: write
-      issues: write
-    runs-on: ubuntu-24.04
-
     steps:
       - name: 📥 Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: "🟢 Setup Node.js"
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      - name: 🍞 Setup Bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
         with:
-          node-version: '24.x'
-          cache: 'npm'
+          bun-version: latest
 
-      - name: 🔍 Extract minor version from app.json
-        id: minor
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # main
-        with:
-          result-encoding: string
-          script: |
-            const fs = require('fs-extra');
-            const semver = require('semver');
-            const content = fs.readJsonSync('./app.json');
-            const version = content.expo.version;
-            const minorVersion = semver.minor(version);
-            return minorVersion.toString();
+      - name: 🔢 Populate version dropdown from GitHub releases
+        id: populate
+        run: bun scripts/update-issue-form.mjs
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
 
-      - name: 📝 Update bug report version
-        uses: ShaMan123/gha-populate-form-version@be012141ca560dbb92156e3fe098c46035f6260d #v2.0.5
-        with:
-          semver: '^0.${{ steps.minor.outputs.result }}.0'
-          dry_run: no-push
-
-      - name: ⚙️ Update bug report node version dropdown
-        uses: ShaMan123/gha-populate-form-version@be012141ca560dbb92156e3fe098c46035f6260d #v2.0.5
-        with:
-          dropdown: _node_version
-          package: node
-          semver: '>=24.0.0'
-          dry_run: no-push
-
-      - name: 📬 Commit and create pull request
+      - name: 📬 Create pull request
+        id: cpr
         uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
         with:
-          add-paths: .github/ISSUE_TEMPLATE/bug_report.yml
-          branch: ci-update-bug-report
+          add-paths: .github/ISSUE_TEMPLATE/issue_report.yml
+          branch: ci/update-issue-form
           base: develop
           delete-branch: true
           labels: ⚙️ ci, 🤖 github-actions
-          title: 'chore(): Update bug report template to match release version'
+          commit-message: "chore: update issue form version dropdown"
+          title: "chore: update issue form version dropdown"
+          # Follows .github/pull_request_template.md so the bot PR isn't flagged by PR validation.
           body: |
-            Automated update to `.github/ISSUE_TEMPLATE/bug_report.yml`
-            Triggered by workflow run [${{ github.run_id }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
+            # 📦 Pull Request
+
+            ## 📝 Description
+
+            Automated update of the **Streamyfin Version** dropdown in `.github/ISSUE_TEMPLATE/issue_report.yml`, populated from the latest published GitHub releases by `scripts/update-issue-form.mjs`.
+
+            **Version dropdown now lists:** ${{ steps.populate.outputs.versions }}
+
+            Triggered by `${{ github.event_name }}`${{ github.event.release.tag_name && format(' — release {0}', github.event.release.tag_name) || '' }} · [run ${{ github.run_id }}](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+
+            ## 🏷️ Ticket / Issue
+
+            N/A — automated maintenance.
+
+            ### 🖼️ Screenshots / GIFs (if UI)
+
+            N/A — issue-template metadata only, no app UI.
+
+            ## ✅ Checklist
+
+            - [x] I’ve read the [contribution guidelines](CONTRIBUTING.md)
+            - [x] Verified that changes behave as expected for all platforms
+            - [x] Code passes lint/formatting and type checks (`tsc`/`biome`)
+            - [x] No secrets, hardcoded credentials, or private config files are included
+            - [x] I've declared if AI was used to assist with this PR (by uncommenting the line at the bottom, or not)
+
+            ## 🔍 Testing Instructions
+
+            N/A — generated by CI from published releases; review the dropdown diff in `issue_report.yml`.
+
+      - name: 🔀 Enable auto-merge
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}" \
+            || echo "::warning::Could not enable auto-merge — enable 'Allow auto-merge' in repo settings (and branch protection); merge the PR manually for now."

scripts/check-pr-template.mjs

@@ -1,129 +0,0 @@
-#!/usr/bin/env bun
-/**
- * Validates that a pull request body follows .github/pull_request_template.md:
- * required sections are filled in and the key checklist items are ticked.
- *
- * Usage:   bun scripts/check-pr-template.mjs <path-to-pr-body.txt>
- * Output:  a JSON array of human-readable problems (empty array = all good).
- * Exit:    0 = ok, 1 = one or more problems, 2 = no body file given.
- *
- * Env:     AUTHOR_ASSOCIATION — when OWNER/MEMBER/COLLABORATOR, the AI-disclosure
- *          check is skipped (maintainers self-police).
- */
-
-import { existsSync, readFileSync } from "node:fs";
-
-const bodyFile = process.argv[2];
-if (!bodyFile) {
-  console.error("usage: bun scripts/check-pr-template.mjs <pr-body-file>");
-  process.exit(2);
-}
-
-let body;
-try {
-  body = readFileSync(bodyFile, "utf8").replace(/\r\n/g, "\n");
-} catch (e) {
-  console.error(`cannot read body file ${bodyFile}: ${e.message}`);
-  process.exit(2);
-}
-const association = (process.env.AUTHOR_ASSOCIATION || "").toUpperCase();
-const isMaintainer = ["OWNER", "MEMBER", "COLLABORATOR"].includes(association);
-
-// Strip HTML comments in a single linear pass (indexOf scan): no regex backtracking
-// and no loop-until-stable, so a crafted body can't drive it into super-linear time,
-// and it leaves no `<!--` behind. An unterminated `<!-- …` drops to end-of-string.
-const stripComments = (s) => {
-  let out = "";
-  let i = 0;
-  for (;;) {
-    const start = s.indexOf("<!--", i);
-    if (start === -1) {
-      out += s.slice(i);
-      break;
-    }
-    out += s.slice(i, start);
-    const end = s.indexOf("-->", start + 4);
-    if (end === -1) break; // unterminated comment: drop the rest
-    i = end + 3;
-  }
-  return out.trim();
-};
-
-// Grab the text under a heading whose title contains `keyword`, up to the next heading
-// or the end of the body.
-const section = (keyword) => {
-  const re = new RegExp(
-    `(?:^|\\n)#{1,4}\\s*[^\\n]*${keyword}[^\\n]*\\n([\\s\\S]*?)(?=\\n#{1,4}\\s|$)`,
-    "i",
-  );
-  const m = body.match(re);
-  return m ? m[1] : null;
-};
-
-const isFilled = (content) => {
-  if (content == null) return false;
-  // Template guidance lives in HTML comments; once stripped, a real answer remains.
-  return stripComments(content).length > 0;
-};
-
-const issues = [];
-
-if (section("Description") === null)
-  issues.push("The **Description** section is missing.");
-else if (!isFilled(section("Description")))
-  issues.push(
-    "The **Description** section is empty — describe what changed and why.",
-  );
-
-if (section("Ticket") === null)
-  issues.push("The **Ticket / Issue** section is missing.");
-else if (!isFilled(section("Ticket")))
-  issues.push(
-    "The **Ticket / Issue** section is empty — link an issue or write `N/A`.",
-  );
-
-if (section("Testing Instructions") === null)
-  issues.push("The **Testing Instructions** section is missing.");
-else if (!isFilled(section("Testing Instructions")))
-  issues.push(
-    "The **Testing Instructions** section is empty — tell reviewers how to test this, or write `N/A`.",
-  );
-
-const checklist = section("Checklist");
-if (checklist === null) {
-  issues.push("The **Checklist** section is missing.");
-} else {
-  if (!/- \[x\][^\n]*contribution guidelines/i.test(checklist))
-    issues.push(
-      "Please read and tick the **contribution guidelines** checklist item.",
-    );
-  if (!isMaintainer && !/- \[x\][^\n]*declared if AI/i.test(checklist))
-    issues.push(
-      "Please tick the **AI disclosure** checklist item (declare whether AI was used).",
-    );
-}
-
-// Require the Screenshots section when the PR changes UI (.tsx under app/ or components/).
-// PR_FILES points to a newline list of changed paths (provided by the workflow).
-const filesPath = process.env.PR_FILES;
-if (filesPath && existsSync(filesPath)) {
-  const changed = readFileSync(filesPath, "utf8").split("\n").filter(Boolean);
-  const touchesUI = changed.some(
-    (f) =>
-      /^(app|components)\/.*\.tsx$/.test(f) && !/\.(test|spec)\.tsx$/.test(f),
-  );
-  if (touchesUI) {
-    const shots = section("Screenshots");
-    if (shots === null)
-      issues.push(
-        "This PR changes UI (`.tsx`) — add the **Screenshots / GIFs** section with before/after media.",
-      );
-    else if (!isFilled(shots))
-      issues.push(
-        "This PR changes UI — the **Screenshots / GIFs** section is empty; add screenshots (or write `N/A` if it's genuinely not visual).",
-      );
-  }
-}
-
-console.log(JSON.stringify(issues));
-process.exit(issues.length ? 1 : 0);

scripts/update-issue-form.mjs

@@ -0,0 +1,114 @@
+#!/usr/bin/env bun
+/**
+ * Populates the "Streamyfin Version" dropdown in the issue report form with the
+ * latest GitHub releases. Run by the "Update Issue Form Versions" workflow on
+ * release events + a weekly cron (and manually via workflow_dispatch).
+ *
+ * Source: published, non-draft, non-prerelease GitHub releases, newest first.
+ * Non-version sentinels (e.g. "older", "TestFlight/Development build") are
+ * preserved at the end of the list.
+ *
+ * Usage:
+ *   bun scripts/update-issue-form.mjs            # rewrite the form in place
+ *   ISSUE_FORM_LIMIT=8 bun scripts/update-issue-form.mjs
+ *   bun scripts/update-issue-form.mjs --dry-run  # print the new options, don't write
+ *
+ * Env: GITHUB_REPOSITORY (owner/repo), GH_TOKEN/GITHUB_TOKEN (for gh, provided in CI).
+ */
+
+import { execFileSync } from "node:child_process";
+import {
+  appendFileSync,
+  readFileSync as read,
+  writeFileSync as write,
+} from "node:fs";
+
+const FORM = ".github/ISSUE_TEMPLATE/issue_report.yml";
+const DROPDOWN_ID = "version"; // the `id:` of the dropdown to populate
+const parsedLimit = Number.parseInt(process.env.ISSUE_FORM_LIMIT ?? "", 10);
+const LIMIT =
+  Number.isInteger(parsedLimit) && parsedLimit > 0 ? parsedLimit : 5;
+const REPO = process.env.GITHUB_REPOSITORY || "streamyfin/streamyfin";
+const DRY = process.argv.includes("--dry-run");
+
+// Matches "0.54.1" and prerelease/beta tags like "0.54.0-beta.1".
+const isVersion = (s) => /^\d+\.\d+/.test(s.trim());
+
+// 1. Fetch published releases (newest first), excluding drafts and prereleases —
+//    those aren't a full release users run, so they don't belong in the dropdown.
+const raw = execFileSync(
+  "gh",
+  [
+    "api",
+    `repos/${REPO}/releases`,
+    "--paginate",
+    "--jq",
+    ".[] | select(.draft == false and .prerelease == false) | .tag_name",
+  ],
+  { encoding: "utf8" },
+);
+const seen = new Set();
+const versions = [];
+for (const tag of raw.split("\n")) {
+  if (!tag) continue;
+  const ver = tag.trim().replace(/^v/, "");
+  if (!isVersion(ver) || seen.has(ver)) continue;
+  seen.add(ver);
+  versions.push(ver);
+  if (versions.length >= LIMIT) break;
+}
+
+if (!versions.length) {
+  console.error("No release versions found — leaving the form untouched.");
+  process.exit(1);
+}
+
+// 2. rewrite the dropdown options, preserving non-version sentinels
+//    (e.g. "older", "TestFlight/Development build") at the end of the list.
+const lines = read(FORM, "utf8").split("\n");
+const idIdx = lines.findIndex((l) =>
+  l.match(new RegExp(`^\\s*id:\\s*${DROPDOWN_ID}\\s*$`)),
+);
+if (idIdx === -1)
+  throw new Error(`dropdown id: ${DROPDOWN_ID} not found in ${FORM}`);
+const optIdx = lines.findIndex(
+  (l, i) => i > idIdx && /^\s*options:\s*$/.test(l),
+);
+if (optIdx === -1)
+  throw new Error(`options: not found after id: ${DROPDOWN_ID}`);
+
+const itemIndent = lines[optIdx].match(/^\s*/)[0] + "  "; // options items are nested one level deeper
+let end = optIdx + 1;
+const sentinels = [];
+while (end < lines.length && /^\s*-\s+/.test(lines[end])) {
+  const val = lines[end].replace(/^\s*-\s+/, "");
+  if (!isVersion(val)) sentinels.push(val);
+  end++;
+}
+
+const newOptions = [...versions, ...sentinels].map(
+  (v) => `${itemIndent}- ${v}`,
+);
+const updated = [
+  ...lines.slice(0, optIdx + 1),
+  ...newOptions,
+  ...lines.slice(end),
+].join("\n");
+
+console.log(
+  `Versions: ${versions.join(", ")}${sentinels.length ? ` | kept: ${sentinels.join(", ")}` : ""}`,
+);
+if (DRY) {
+  console.log("--dry-run: not writing.");
+} else {
+  write(FORM, updated);
+  console.log(`Updated ${FORM}.`);
+}
+
+// Expose the resulting list for the workflow (PR description).
+if (process.env.GITHUB_OUTPUT) {
+  appendFileSync(
+    process.env.GITHUB_OUTPUT,
+    `versions=${versions.join(", ")}\n`,
+  );
+}