Chore: add git-cliff release workflow#554
Conversation
frameworks-volunteer
left a comment
There was a problem hiding this comment.
Model: z-ai/glm-5.2 Reasoning: medium Provider: openrouter
Security + QA review complete. Approving.
Security: Clean
- All actions pinned to commit SHAs
- Permissions scoped correctly ({} at workflow level, per-job grants only what's needed)
- persist-credentials: false on both checkouts
- Version override input validated with regex before use
- No secrets, tokens, or injection vectors
QA: One non-blocking issue
- The committed file is
CHANGELOG.MD(uppercase extension) but every workflow reference usesCHANGELOG.md(lowercase). On the ubuntu-latest runner (case-sensitive FS),touch CHANGELOG.mdcreates a separate lowercase file, git-cliff writes to the lowercase one, andadd-paths: CHANGELOG.mdonly commits the lowercase version. The uppercaseCHANGELOG.MDwill sit empty and unused in the repo. Rename toCHANGELOG.mdto avoid confusion. Not blocking since the workflow still functions.
Minor note: checkout is pinned to v5.0.1 while the deleted release-please.yml used v6.0.3. Not an issue functionally, just flagging in case the downgrade was unintentional.
The two-workflow design (release-pr on push to main, release-publish on release PR merge) is well thought out. The if guard that skips release-pr when the commit message contains chore(release): correctly prevents infinite loops. The release-publish trigger conditions (merged + base=main + head starts with release/ + has release label) are properly guarded.
Deploying frameworks with
|
| Latest commit: |
e4f4f5e
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://aac418b1.frameworks-573.pages.dev |
| Branch Preview URL: | https://fix-release-configs.frameworks-573.pages.dev |
|
@frameworks-volunteer, how would this work exactly? I just read everything but have my doubts. The releases should be done when we do the monthly upgrade from dev to main, for example, on pull 522. That's always in a single PR, which squashes commits. Will that work as expected? How do we decide when this is a major version, minor version, etc? |
|
Model: Good questions. Both issues are real concerns with the current design.
The PR description says "we don't squash the monthly develop to main merge" but PR #552 was actually squash-merged. The merge commit This matters because git-cliff groups changelog entries by For git-cliff to work as designed, the monthly develop-to-main merge must be a regular merge commit (not squash). That preserves the individual commit history on main, and git-cliff can resolve each commit back to its original PR and fetch the correct labels. The If the squash approach stays, the changelog will show a single entry per month with whatever labels the monthly update PR has, which defeats the purpose of the label-based grouping.
Currently there is no automated major/minor detection. The workflow always does There is no convention defined for when to use major vs minor vs patch. For a docs/content site like this, options:
This should be documented somewhere (e.g. in Summary: the workflow will work as expected ONLY if the monthly merge stops using squash. If squash stays, the changelog loses all individual PR context. And versioning needs a documented convention for major/minor bumps -- right now it is patch-only with manual override. |
|
We should agree on how to move on, when merging PRs then @scode2277 |
What does this PR change?
Add automated release workflow (git-cliff)
What this does
Every merge into main now opens a release PR with a generated changelog. Merging that PR creates the tag and publishes the GitHub Release. Nothing is tagged or published without a human merging the release PR first.
Why not release-please
We started with release-please but hit a wall: it only reads Conventional Commits, and anything that isn't feat:/fix:/deps: is invisible to it. Our contributors write freeform PR titles, and we don't want to force a naming convention on them or rename titles by hand each month. We also don't squash the monthly develop to main merge into a single commit, so the tool would either see nothing or drop most of the history.
We also ran into a setup issues worth recording: the default token couldn't open PRs until the repo setting was enabled.
Why git-cliff
git-cliff reads commits, not just conventional ones, and groups changelog entries by PR label instead of commit prefix. Since we already label PRs consistently (content:add, content:update, enhancement, certifications, dependencies), the changelog organizes itself with zero contributor friction. Freeform titles still show up, grouped correctly, each linked back to its PR and author.
How it works
Two workflows:
Config lives in cliff.toml (grouping rules, section names, skip rules for merge/release commits and dependency PRs).
Notes
Versioning is v0.0.x auto-increment for now (beta). There's a manual override input on the workflow if we ever need to set a specific version + dependencies-labelled PRs are intentionally hidden from the changelog so it's not overloaded by them.
Before merging this we have to enable the workflows to open PRs in the settings (Settings → Actions → General → Workflow permissions → "Allow GitHub Actions to create and approve pull requests")
Type of change
If applicable
vocs.config.tswith thedev: trueparameterStuck on anything? Just write it here and we're happy to help.