ci: Refactor release workflow to use bump PR instead of direct push to main

[edwardtfn]

Closes #109

Splits the release process into two workflows to avoid direct pushes to main, which were blocked by branch protection rules.

versioning.yml now creates a bump branch, builds pre-built firmware in parallel, commits all changes (version files, blueprint, binaries) to the bump branch, and opens a PR with auto-merge enabled.

release.yml triggers when the bump PR merges and handles tagging, GitHub Release creation, floating tag updates, and Discord notification.

Summary by CodeRabbit

• Chores
  • Restructured automated release workflow to separate version bumping from GitHub release creation and add Discord notifications
  • Updated firmware source URLs to pull from stable release tags instead of the main development branch, ensuring tested versions are delivered

[coderabbitai]

Warning

Rate limit exceeded

@edwardtfn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 59 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 8 minutes and 59 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b2409496-3b05-4ee6-a88c-4ee31398180d

📥 Commits

Reviewing files that changed from the base of the PR and between 75695c2 and aa4024b.

📒 Files selected for processing (2)

• .github/dependabot.yml
• .github/workflows/release.yml

📝 Walkthrough

Walkthrough

The changes refactor the CI/CD release pipeline by splitting it into two separate workflows: versioning.yml now creates a version-bump PR with metadata, while a new release.yml workflow handles tag creation and GitHub releases separately. Additionally, prebuilt manifest files are removed and their corresponding YAML configurations are updated to use the floating latest release tag instead of the main branch for firmware artifact URLs.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/release.yml, .github/workflows/versioning.yml	New release.yml handles tag creation, GitHub releases, floating tag updates (stable/latest), and Discord notifications. Existing versioning.yml refactored to create and auto-merge a bump PR instead of directly creating tags and releases; job commit-and-release replaced with open-bump-pr, outputs renamed (release_sha → bump_sha/bump_branch), and permissions updated to pull-requests: write.
Prebuilt Manifest Configuration prebuilt/nspanel-esp32/manifest.json, prebuilt/wall-display-esp32/manifest.json, prebuilt/nspanel_esphome_prebuilt.manifest.json, prebuilt/wall_display.manifest.json	Manifest files removed entirely, eliminating stored device metadata, OTA artifact references, and MD5 checksums from these device configurations.
Prebuilt Checksum Files prebuilt/nspanel_esphome_prebuilt.bin.md5, prebuilt/nspanel_esphome_prebuilt.factory.bin.md5, prebuilt/wall_display.bin.md5, prebuilt/wall_display.factory.bin.md5	MD5 checksum entries removed or emptied, eliminating stored integrity references for prebuilt binaries.
Prebuilt YAML Configuration prebuilt/nspanel_esphome_prebuilt.yaml, prebuilt/wall_display.yaml	Firmware and manifest URLs updated to use GitHub latest release tag raw URLs instead of main branch raw URLs for asset resolution.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• Rebuild home_valueXX_icon_color engine #10: Modifies versioning workflow and version bumping automation; overlaps with the refactored versioning.yml logic and version.yaml handling.
• Use GitHub Release (automated) #17: Refactors release workflow with automated GitHub Release creation and floating tag management; directly related to the new release.yml structure and tag-update logic.
• Versioning system refactoring #24: Addresses versioning workflow restructuring and release/tagging logic; overlaps with the architectural shift from unified to split-responsibility workflows.

Poem

🐰 ✨ Two workflows waltz where one once stood,
Bump PR leads, release follows good,
From main to latest, the tags now float,
Version and release in separate note! 🏷️

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main architectural change: refactoring the release workflow from direct pushes to using a bump PR approach.
Linked Issues check	✅ Passed	The PR addresses issue #109 by fixing the root cause: the direct push to main triggered release workflows using a hardcoded test version (9999.99.9), now replaced with a proper bump PR workflow.
Out of Scope Changes check	✅ Passed	All changes are directly related to fixing the release workflow issue: new release.yml and versioning.yml workflows, updates to firmware asset URLs to use 'latest' tags, and removal of old manifest files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v9999.99.9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

72-74: Consider edge case: special characters in PR title.

The grep 'original_title:' pattern could theoretically match multiple lines if the PR body itself contains that string. However, since the bump PR body is constructed programmatically by versioning.yml and the original PR body follows after the --> marker, this is unlikely in practice. The fallback on lines 78-82 provides reasonable resilience.

🔧 Optional: More robust extraction using awk

-          ORIGINAL_TITLE=$(echo "$PR_BODY" \
-            | grep 'original_title:' \
-            | sed 's/original_title: //')
+          ORIGINAL_TITLE=$(echo "$PR_BODY" \
+            | awk '/^<!-- release-meta/,/^-->/' \
+            | grep 'original_title:' \
+            | sed 's/original_title: //' \
+            | head -1)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 72 - 74, The current extraction
for ORIGINAL_TITLE using grep 'original_title:' and sed can mis-handle cases
with multiple matches or special characters; update the extraction logic for
ORIGINAL_TITLE so it only captures the first occurrence and preserves arbitrary
characters in the title (including colons, dashes, and HTML markers) by
switching to a single-pass, robust parser (e.g., use awk or a shell read that
finds the first line matching 'original_title:' and returns the full remainder
of that line) and ensure the code path that assigns ORIGINAL_TITLE exits after
the first match; update the block that currently uses grep 'original_title:' and
sed 's/original_title: //' to the new single-pass approach so later fallback
handling remains correct.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 72-74: The current extraction for ORIGINAL_TITLE using grep
'original_title:' and sed can mis-handle cases with multiple matches or special
characters; update the extraction logic for ORIGINAL_TITLE so it only captures
the first occurrence and preserves arbitrary characters in the title (including
colons, dashes, and HTML markers) by switching to a single-pass, robust parser
(e.g., use awk or a shell read that finds the first line matching
'original_title:' and returns the full remainder of that line) and ensure the
code path that assigns ORIGINAL_TITLE exits after the first match; update the
block that currently uses grep 'original_title:' and sed 's/original_title: //'
to the new single-pass approach so later fallback handling remains correct.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d9eda27b-548d-407c-a07e-990d7a5f581a

📥 Commits

Reviewing files that changed from the base of the PR and between 4fa8dbd and 75695c2.

⛔ Files ignored due to path filters (8)

• prebuilt/nspanel-esp32/nspanel-esp32.factory.bin is excluded by !**/*.bin
• prebuilt/nspanel-esp32/nspanel-esp32.ota.bin is excluded by !**/*.bin
• prebuilt/nspanel_esphome_prebuilt.bin is excluded by !**/*.bin
• prebuilt/nspanel_esphome_prebuilt.factory.bin is excluded by !**/*.bin
• prebuilt/wall-display-esp32/wall-display-esp32.factory.bin is excluded by !**/*.bin
• prebuilt/wall-display-esp32/wall-display-esp32.ota.bin is excluded by !**/*.bin
• prebuilt/wall_display.bin is excluded by !**/*.bin
• prebuilt/wall_display.factory.bin is excluded by !**/*.bin

📒 Files selected for processing (12)

• .github/workflows/release.yml
• .github/workflows/versioning.yml
• prebuilt/nspanel-esp32/manifest.json
• prebuilt/nspanel_esphome_prebuilt.bin.md5
• prebuilt/nspanel_esphome_prebuilt.factory.bin.md5
• prebuilt/nspanel_esphome_prebuilt.manifest.json
• prebuilt/nspanel_esphome_prebuilt.yaml
• prebuilt/wall-display-esp32/manifest.json
• prebuilt/wall_display.bin.md5
• prebuilt/wall_display.factory.bin.md5
• prebuilt/wall_display.manifest.json
• prebuilt/wall_display.yaml

💤 Files with no reviewable changes (8)

• prebuilt/wall_display.factory.bin.md5
• prebuilt/nspanel_esphome_prebuilt.factory.bin.md5
• prebuilt/nspanel-esp32/manifest.json
• prebuilt/wall_display.manifest.json
• prebuilt/nspanel_esphome_prebuilt.manifest.json
• prebuilt/nspanel_esphome_prebuilt.bin.md5
• prebuilt/wall-display-esp32/manifest.json
• prebuilt/wall_display.bin.md5

[edwardtfn]

@codex review

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[edwardtfn]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.