[#723] Automate GitHub Release creation process and tagging

[phongvhd93]

• Close [Feature] Automate GitHub Release creation process and tagging #723

What happened 👀

• Change the fetch depth in create release pr workflow to 0 -> need to get all commit history to generate change log.
• Add permission to read milestones
• Include the assignee to the PR in the release change log
• Create tag_release.yml workflow to automatically create new release and tag release version after merging release to main

Insight 📝

Automate create release and tagging a version on GitHub

Proof Of Work 📹

Run:

• https://github.com/phongvhd93/ios-template-playground/actions/runs/26275124799

Note: You can check the release format and tag from my playground repo. Better to try it yourself.

Summary by CodeRabbit

• New Features

  • Automated release tagging and GitHub Release generation now triggers automatically when pull requests containing release-type labels are merged to the main branch.

• Chores

  • Improved release workflow with enhanced permission controls for repository contents and pull requests, plus full repository history access.
  • Updated pull request template configuration for consistent release note formatting.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR automates the GitHub Release creation pipeline by introducing a changelog PR template configuration, enhancing the release PR workflow with proper permissions and dynamic assignee handling, and adding a new workflow that creates annotated git tags and publishes GitHub Releases when release PRs merge to main.

Changes

GitHub Release Automation

Layer / File(s)	Summary
Changelog PR template configuration .cicdtemplate/.github/workflows/configs/changelog-config.json	The changelog configuration adds a pr_template field that formats merged pull requests for inclusion in changelogs, with placeholders for title, assignees, number, and URL.
Release PR workflow improvements .cicdtemplate/.github/workflows/create_release_pull_request.yml	Job-level permissions are declared for contents, pull-requests, and issues. The checkout step now fetches full history (fetch-depth: 0). Release version extraction is refactored to use a named step (extract_version) that outputs via GITHUB_OUTPUT instead of GITHUB_ENV, and the release PR is assigned to the triggering user (github.actor) instead of a fixed bot.
Release tagging and publishing workflow .cicdtemplate/.github/workflows/tag_release.yml	A new workflow automates tagging and release creation: it triggers on merged PRs to main with a release label, extracts the semantic version from the PR head branch name (release/X.Y.Z), creates and pushes an annotated git tag, and publishes a GitHub Release with auto-generated notes at the merge commit.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• nimblehq/ios-templates#619: Directly related updates to create_release_pull_request workflow logic and release version extraction/output wiring.

Suggested labels

type : feature

Suggested reviewers

• suho
• markgravity
• minhnimble
• nmint8m
• vnntsu
• patcharapon-j
• dquangit
• roman-nimble
• nhgia
• donmartial
• kevinhoangpq

Poem

🐰 A rabbit hops through workflows new,
Tags dance and releases ring true,
No hands needed to push and create,
From branch to release—let GitHub automate!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: automating GitHub Release creation and tagging, which matches the primary objective of the changeset.
Linked Issues check	✅ Passed	All acceptance criteria from issue #723 are met: the workflow creates annotated git tags, triggers on PR closed events targeting main, extracts version from release/X.Y.Z branch pattern, and creates GitHub Releases.
Out of Scope Changes check	✅ Passed	All changes are directly related to automating release creation and tagging as specified in issue #723; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description includes all required template sections (Close, What happened, Insight, Proof of Work) with substantive content and a screenshot demonstrating the changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/#723-automate-create-release-and-tagging

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

.cicdtemplate/.github/workflows/tag_release.yml (2)

27-27: 💤 Low value

Version pattern excludes pre-release and build metadata.

The regex ^release/([0-9]+\.[0-9]+\.[0-9]+)$ only matches numeric semantic versions (e.g., 1.2.3) and will reject pre-release versions like 1.2.3-alpha or 1.2.3-beta.1. If pre-release versions are part of your release strategy, the pattern should be expanded to support them.

📝 Expanded pattern for pre-release support (if needed)

-          if [[ ! "$head_ref" =~ ^release/([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
+          if [[ ! "$head_ref" =~ ^release/([0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?(\+[a-zA-Z0-9.]+)?)$ ]]; then

This pattern would accept:

• release/1.2.3 (standard)
• release/1.2.3-alpha (pre-release)
• release/1.2.3-beta.1 (pre-release with build)
• release/1.2.3+build.123 (build metadata)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.cicdtemplate/.github/workflows/tag_release.yml at line 27, The if condition
that tests head_ref uses the regex ^release/([0-9]+\.[0-9]+\.[0-9]+)$ which only
accepts core numeric semver and rejects pre-release or build metadata; update
the pattern used in that conditional (the if [[ ! "$head_ref" =~ ... ]]) to a
SemVer-aware regex that allows optional pre-release (hyphen followed by
alphanumerics, dots and hyphens) and optional build metadata (plus followed by
alphanumerics and dots), so branch names like release/1.2.3,
release/1.2.3-alpha, release/1.2.3-beta.1 and release/1.2.3+build.123 are
accepted.

---

50-68: ⚡ Quick win

Consider atomic release creation to handle partial failures.

If tag creation and push succeed (lines 50-57) but the GitHub Release creation fails (lines 59-68), the tag will exist in the remote repository without a corresponding release. This could require manual cleanup or result in confusion.

Consider either:

1. Creating the release first using the merge commit SHA directly (before creating the local tag), or
2. Adding error handling to delete the pushed tag if release creation fails.

However, given that gh release create can fail for transient reasons (network, API rate limits), option 1 is preferred since the release can be retried or created manually afterward without tag conflicts.

🔄 Proposed refactor: create release before pushing tag

-      - name: Create and push tag
+      - name: Create annotated tag locally
         shell: bash
         run: |
           tag="${{ steps.extract_version.outputs.version }}"
           git config --local user.email "action@github.com"
           git config --local user.name "GitHub Action"
           git tag -a "$tag" -m "Release $tag"
-          git push origin "$tag"
 
       - name: Create GitHub Release
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: |
           tag="${{ steps.extract_version.outputs.version }}"
           gh release create "$tag" \
             --target "${{ github.event.pull_request.merge_commit_sha }}" \
             --title "$tag" \
             --generate-notes
+
+      - name: Push tag after successful release
+        shell: bash
+        run: |
+          tag="${{ steps.extract_version.outputs.version }}"
+          git push origin "$tag"

This ensures the GitHub Release exists before the tag is pushed, avoiding orphaned tags.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.cicdtemplate/.github/workflows/tag_release.yml around lines 50 - 68, The
workflow currently creates and pushes the tag (step "Create and push tag")
before invoking gh release create, which can leave an orphaned remote tag if the
release step fails; change the flow to call gh release create (using the merge
commit SHA and the same tag name variable tag) before running git tag / git
push, or if you prefer rollback keep the existing order but add error handling
that deletes the pushed tag (git push origin --delete "$tag" or git push origin
:$tag) when gh release create fails; update the steps referencing tag, git push,
and gh release create accordingly so the release creation is attempted first or
the pushed tag is removed on failure.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.cicdtemplate/.github/workflows/tag_release.yml:
- Line 27: The if condition that tests head_ref uses the regex
^release/([0-9]+\.[0-9]+\.[0-9]+)$ which only accepts core numeric semver and
rejects pre-release or build metadata; update the pattern used in that
conditional (the if [[ ! "$head_ref" =~ ... ]]) to a SemVer-aware regex that
allows optional pre-release (hyphen followed by alphanumerics, dots and hyphens)
and optional build metadata (plus followed by alphanumerics and dots), so branch
names like release/1.2.3, release/1.2.3-alpha, release/1.2.3-beta.1 and
release/1.2.3+build.123 are accepted.
- Around line 50-68: The workflow currently creates and pushes the tag (step
"Create and push tag") before invoking gh release create, which can leave an
orphaned remote tag if the release step fails; change the flow to call gh
release create (using the merge commit SHA and the same tag name variable tag)
before running git tag / git push, or if you prefer rollback keep the existing
order but add error handling that deletes the pushed tag (git push origin
--delete "$tag" or git push origin :$tag) when gh release create fails; update
the steps referencing tag, git push, and gh release create accordingly so the
release creation is attempted first or the pushed tag is removed on failure.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 96c06703-382d-4109-a665-a0275da0f306

📥 Commits

Reviewing files that changed from the base of the PR and between 341c038 and b135ea5.

📒 Files selected for processing (3)

• .cicdtemplate/.github/workflows/configs/changelog-config.json
• .cicdtemplate/.github/workflows/create_release_pull_request.yml
• .cicdtemplate/.github/workflows/tag_release.yml