Versioning system refactoring

[edwardtfn]

Replace dual VERSION/VERSION_YAML files with single source of truth (version.yaml).

Changes:

• Consolidate versioning into single version.yaml file
• Move version calculation logic into versioning.yml workflow
• Update versioning.yml to:
  • Trigger only on PR merges to main (not direct commits)
  • Check for [skip-versioning] marker to prevent loops
  • Update version.yaml and bug.yml before committing
  • Handle tagging, releases, and floating tags (stable/latest)
• Remove bump_version.sh script (logic now in workflow)
• Update nspanel_esphome_version.yaml to include version.yaml

Benefits:

• Single file to maintain instead of two
• Workflow controls entire release process
• Cleaner separation of concerns
• No tagging duplication

Coverage:

#	Step	Description
1	Check for [skip-versioning] marker	If present in the merge commit, skip the entire workflow
2	Read current version from version.yaml	Read after rebasing on latest main to avoid race conditions
3	Calculate next version	CalVer format: YYYY.M.seq — increments seq or resets for new month
4	Update version.yaml using yq	Write the new version back to the file
5	Update bug template with current versions	Update TFT, Firmware, and Blueprint version placeholders
6	Commit all changes with [skip-versioning]	Prevents the version bump commit from re-triggering this workflow
7	Push commit to main	Push the version bump commit
8	Create version tag (e.g., v2026.2.4)	Annotated tag with PR title and body as the tag message
9	Push tag	Push the version tag to origin
10	Create GitHub Release	Auto-generates release notes via softprops/action-gh-release
11	Update stable tag (floating)	Force-updates the floating stable tag to the new version
12	Update latest tag (floating)	Force-updates the floating latest tag to the new version

Summary by CodeRabbit

• Chores

  • Run versioning on merged PRs (pull_request closed) with guards to avoid loops; use merge payload to drive flow.
  • Persist CalVer (YYYY.M.seq) in a single version metadata file, compute next sequence (monthly reset), rebase against main before bump, commit with skip marker, create tags, release notes, and update floating "stable"/"latest" tags conditionally.

• Documentation

  • Added cautionary notes and comments for the version metadata file.

[coderabbitai]

📝 Walkthrough

Walkthrough

Reworks CI versioning to compute and persist a CalVer (YYYY.M.seq) into versioning/version.yaml on merged PRs or manual dispatch, adds skip-marker handling, rebases and pushes version changes/tags, updates templates, and conditions release and floating-tag updates on PR merge or dispatch. (34 words)

Changes

Cohort / File(s)	Summary
Workflow (versioning) ​.github/workflows/versioning.yml	Replaced push trigger with pull_request: closed + workflow_dispatch; added merged-PR gating, [skip-versioning] check, PR-payload metadata reads, rebase/fetch before bump, compute/write versioning/version.yaml, conditional tag/release/float-tag flows, and updated action versions/permissions.
Version files & ignore versioning/version.yaml, versioning/VERSION, versioning/VERSION_YAML, versioning/.gitignore	Added version.yaml as the canonical CalVer source (2026.2.12); removed contents from legacy VERSION/VERSION_YAML; updated .gitignore to track lowercase version.yaml instead of legacy uppercase files.
Removed bump script / marker versioning/bump_version.sh, versioning/DO_NOT_SET_VERSION_MANUALLY	Deleted the standalone Bash bump script and removed a one-line directive; bump logic migrated into the workflow.
ESPhome include update esphome/nspanel_esphome_version.yaml	Switched substitutions include to reference ../versioning/version.yaml and added explanatory comments about minimum versions.
Template updates & commits versioning/..., esphome/... (templates updated by workflow)	Workflow now extracts VERSION/MIN_* values from YAML, updates bug-report/template placeholders, generates tag_message.txt from PR data or fallback, and commits versioning/version.yaml and template updates using [skip-versioning] when appropriate.
Floating tags & release flow ​.github/workflows/versioning.yml (tag/release steps)	Tag creation and GitHub Release publishing moved to the PR-merged flow; updates stable/latest floating tags conditionally (force-with-lease) and logs previous SHAs.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer (PR)
  participant GH as GitHub (Event)
  participant Action as GitHub Actions
  participant Repo as Repository
  participant API as GitHub API

  Dev->>GH: Merge PR into main
  GH->>Action: Trigger workflow (pull_request: closed) or manual dispatch
  Action->>Repo: Read `versioning/version.yaml`
  Action->>Action: Check for `[skip-versioning]` and compute NEXT_VERSION (YYYY.M.SEQ)
  alt not skipped
    Action->>Repo: Fetch/rebase main, update `versioning/version.yaml` and templates
    Action->>Repo: Commit changes with "[skip-versioning]"
    Action->>API: Push commit and create/update tag `vNEXT_VERSION`
    Action->>API: Optionally create GitHub Release and update stable/latest tags
  end
  API-->>Action: Return status
  Action-->>Dev: Expose outputs (version, min versions)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Use GitHub Release (automated) #17 — Modifies the same .github/workflows/versioning.yml workflow and tag/release logic.
• Rebuild home_valueXX_icon_color engine #10 — Updates esphome/nspanel_esphome_version.yaml substitutions to reference the versioning YAML file.

Poem

🐰 I hopped through commits and tags tonight,
swapped scripts for YAML under moonlight,
month and seq now counted in my paw,
commit, tag, release — a tidy law,
carrot-cheer for CI, hop with delight 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'Versioning system refactoring' is directly related to the main objective of consolidating versioning files and moving version logic into the GitHub Actions workflow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch v9999.99.9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6dd4d58d4e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/versioning.yml:
- Around line 147-148: The yq reads for MIN_BLUEPRINT_VERSION and
MIN_TFT_VERSION are using the repository root path but the file lives under
esphome; update the yq commands that set MIN_BLUEPRINT_VERSION and
MIN_TFT_VERSION to point to esphome/nspanel_esphome_version.yaml (keep the same
yq expression '.substitutions.min_blueprint_version' and
'.substitutions.min_tft_version') so the workflow reads the correct file.
- Around line 170-173: The commit step "Commit version and template changes"
(id: commit) is guarded by the wrong event check; update its if condition to
include pull_request instead of push so merged PR runs don't skip it — e.g.,
change "if: github.event_name == 'workflow_dispatch' || (github.event_name ==
'push' && steps.skip_check.outputs.skip == 'false')" to include
github.event_name == 'pull_request' (or replace the push branch with
pull_request while keeping the skip_check guard) so steps.commit.outputs.version
is produced for downstream tag/release steps.
- Around line 162-168: Replace the literal "${VAR}" placeholders in the three yq
eval calls with yq's strenv() so the environment variables are read at runtime;
specifically update the expressions targeting '.body[3].attributes.placeholder',
'.body[4].attributes.placeholder', and '.body[5].attributes.placeholder' to use
strenv(MIN_TFT_VERSION), strenv(VERSION), and strenv(MIN_BLUEPRINT_VERSION)
respectively so yq interpolates the environment values instead of writing the
literal ${...} strings.

In `@versioning/version.yaml`:
- Around line 1-3: The YAML file lacks document start/end markers; open the file
containing the version: key (the version: 2026.2.12 entry) and add a document
start marker `---` before the first line and a document end marker `...` after
the last line so the file begins with `---` and ends with `...` to satisfy the
YAML document-start/document-end lint rules.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1c8bb58 and 6dd4d58.

📒 Files selected for processing (8)

• .github/workflows/versioning.yml
• esphome/nspanel_esphome_version.yaml
• versioning/.gitignore
• versioning/DO_NOT_SET_VERSION_MANUALLY
• versioning/VERSION
• versioning/VERSION_YAML
• versioning/bump_version.sh
• versioning/version.yaml

💤 Files with no reviewable changes (4)

• versioning/bump_version.sh
• versioning/VERSION
• versioning/DO_NOT_SET_VERSION_MANUALLY
• versioning/VERSION_YAML

[edwardtfn]

@codex review

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/versioning.yml (2)

197-202: ⚠️ Potential issue | 🔴 Critical

The heredoc terminator is misaligned and will cause shell parsing failure—replace with printf.

The cat << EOF block uses a plain << delimiter without the - flag, which requires the EOF terminator to start at column 0. However, the EOF at line 202 has leading whitespace, causing the shell to never recognize the terminator and hang indefinitely. The proposed printf solution eliminates this fragility.

🔧 Proposed fix

           else
             # Manual dispatch or PR info unavailable - simpler message
-            cat > tag_message.txt << EOF
-          # v${NEW_VERSION} - Manual tag update
-
-          Tag updated via manual workflow dispatch.
-          EOF
+            {
+              printf '# v%s - Manual tag update\n\n' "$NEW_VERSION"
+              printf '%s\n' 'Tag updated via manual workflow dispatch.'
+            } > tag_message.txt
           fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 197 - 202, The heredoc writing
to tag_message.txt using "cat > tag_message.txt << EOF" has a misaligned EOF
terminator and can hang; replace the heredoc with a safe printf-based write that
emits the same multiline contents (including the v${NEW_VERSION} header and the
"Tag updated via manual workflow dispatch." body) into tag_message.txt, ensuring
proper newlines and quoting so the NEW_VERSION variable expands correctly.

---

46-50: ⚠️ Potential issue | 🟠 Major

Use HEAD:main to push deterministically in CI context.

The workflow uses git push origin main without a local main branch explicitly set (checkout lacks ref: main). In CI environments with potential detached HEAD states, git push origin HEAD:main is more reliable—it explicitly pushes the current HEAD regardless of branch state.

🔧 Proposed fix

       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          ref: main
...
       - name: Push changes
         if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && steps.skip_check.outputs.skip == 'false')
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          git push origin main
+          git push origin HEAD:main

Also applies to: 225, 268, 292

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 46 - 50, The checkout step
uses "uses: actions/checkout@v4" without pinning a branch and the workflow later
runs "git push origin main" which can fail in detached-HEAD CI runs; update the
checkout step to include "ref: main" or (preferable) change all push commands
that currently run "git push origin main" to "git push origin HEAD:main" so the
current commit is pushed deterministically; update every occurrence of the push
command (the occurrences flagged around the later push steps) and keep the
checkout action as-is except add ref if you prefer explicit branch checkout.

🧹 Nitpick comments (1)

.github/workflows/versioning.yml (1)

120-130: Remove stray # #endif`` markers from shell comments.

These markers look accidental and reduce readability in the version calculation block.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 120 - 130, Remove the stray "#
`#endif`" tokens embedded in comments around the version calculation block; edit
the lines that set CURRENT_MONTH, the comment after it, and the comment after
NEXT_SEQ so they are regular shell comments (e.g., "Avoid leading zero for the
month" and "Reset sequence for a new month") without the "# `#endif`" fragments;
ensure variables CURRENT_MONTH, CURRENT_SEQ, CURRENT_VERSION, VERSION_YEAR,
VERSION_MONTH, and NEXT_SEQ remain unchanged and logic in the if block is
preserved.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/versioning.yml:
- Around line 2-7: Update the top comment block to accurately reflect the
workflow triggers: replace the incorrect “Pushing to main” description with
wording that states the workflow runs on merged PR close (pull_request with
types: closed/merged) and via manual dispatch (workflow_dispatch); mention that
it still skips execution when the commit message contains [skip-versioning] to
avoid loops and reference the workflow trigger keys 'on:', 'pull_request', and
'workflow_dispatch' so operators can quickly map the comment to the actual
triggers.

---

Outside diff comments:
In @.github/workflows/versioning.yml:
- Around line 197-202: The heredoc writing to tag_message.txt using "cat >
tag_message.txt << EOF" has a misaligned EOF terminator and can hang; replace
the heredoc with a safe printf-based write that emits the same multiline
contents (including the v${NEW_VERSION} header and the "Tag updated via manual
workflow dispatch." body) into tag_message.txt, ensuring proper newlines and
quoting so the NEW_VERSION variable expands correctly.
- Around line 46-50: The checkout step uses "uses: actions/checkout@v4" without
pinning a branch and the workflow later runs "git push origin main" which can
fail in detached-HEAD CI runs; update the checkout step to include "ref: main"
or (preferable) change all push commands that currently run "git push origin
main" to "git push origin HEAD:main" so the current commit is pushed
deterministically; update every occurrence of the push command (the occurrences
flagged around the later push steps) and keep the checkout action as-is except
add ref if you prefer explicit branch checkout.

---

Nitpick comments:
In @.github/workflows/versioning.yml:
- Around line 120-130: Remove the stray "# `#endif`" tokens embedded in comments
around the version calculation block; edit the lines that set CURRENT_MONTH, the
comment after it, and the comment after NEXT_SEQ so they are regular shell
comments (e.g., "Avoid leading zero for the month" and "Reset sequence for a new
month") without the "# `#endif`" fragments; ensure variables CURRENT_MONTH,
CURRENT_SEQ, CURRENT_VERSION, VERSION_YEAR, VERSION_MONTH, and NEXT_SEQ remain
unchanged and logic in the if block is preserved.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6dd4d58 and b27c0b3.

📒 Files selected for processing (2)

• .github/workflows/versioning.yml
• versioning/version.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• versioning/version.yaml

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b27c0b3f66

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/versioning.yml (1)

120-130: Clean up the # #endif`` comment artifacts.

The comments on lines 120 and 130 contain # #endif`` which appears to be a copy-paste artifact or leftover from a different context. These should be simplified to standard comments.

✨ Suggested cleanup

-          CURRENT_MONTH=$(date +%-m)  # `#endif` Avoid leading zero for the month
+          CURRENT_MONTH=$(date +%-m)  # Avoid leading zero for the month
           CURRENT_SEQ=$(echo "$CURRENT_VERSION" | awk -F. '{print $3}')
           ...
           if [[ "$CURRENT_YEAR" == "$VERSION_YEAR" && "$CURRENT_MONTH" == "$VERSION_MONTH" ]]; then
             NEXT_SEQ=$((CURRENT_SEQ + 1))
           else
-            NEXT_SEQ=1  # `#endif` Reset sequence for a new month
+            NEXT_SEQ=1  # Reset sequence for a new month
           fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 120 - 130, Remove the stray "#
`#endif`" artifacts in the versioning logic comments and replace them with clear
standard comments: update the comment after CURRENT_MONTH to something like
"Avoid leading zero for the month" and change the comment after NEXT_SEQ=1 to
"Reset sequence for a new month"; ensure you edit lines around the variables
CURRENT_MONTH, CURRENT_SEQ, VERSION_YEAR, VERSION_MONTH and NEXT_SEQ in the
versioning workflow so only meaningful explanatory comments remain.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/versioning.yml:
- Around line 120-130: Remove the stray "# `#endif`" artifacts in the versioning
logic comments and replace them with clear standard comments: update the comment
after CURRENT_MONTH to something like "Avoid leading zero for the month" and
change the comment after NEXT_SEQ=1 to "Reset sequence for a new month"; ensure
you edit lines around the variables CURRENT_MONTH, CURRENT_SEQ, VERSION_YEAR,
VERSION_MONTH and NEXT_SEQ in the versioning workflow so only meaningful
explanatory comments remain.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b27c0b3 and 552c026.

📒 Files selected for processing (1)

• .github/workflows/versioning.yml

[edwardtfn]

@codex review

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/versioning.yml:
- Around line 99-110: The workflow currently lets manual workflow_dispatch runs
perform the full bump/commit/tag/release flow because multiple steps (e.g., the
steps with ids current_version and next_version and the bump/commit/tag/release
steps referenced in the comment) use a condition that permits workflow_dispatch;
change those steps' if conditions so full release actions only run when NOT a
manual dispatch OR when an explicit allow flag is set (e.g., if:
github.event_name != 'workflow_dispatch' || inputs.allow_release == 'true' or
similar), and keep the existing read-only floats/maintenance steps available for
workflow_dispatch without triggering bump/commit/tag/release; apply this guard
to all bump/commit/tag/release steps to ensure manual runs can perform
floating-tag maintenance only.
- Around line 209-215: The "Push changes" step currently runs git push origin
HEAD:main which will fail if origin/main advanced during the job; update the
step to fetch origin/main and rebase local HEAD onto it before pushing (e.g.,
run git fetch origin main && git rebase origin/main) and then push, or if you
must force use git push --force-with-lease to avoid clobbering concurrent
changes; modify the command that currently uses "git push origin HEAD:main" to
perform a safe fetch+rebase or use --force-with-lease so the push won't be
rejected when main has advanced.
- Around line 164-170: The yq assignments for .body[3].attributes.placeholder,
.body[4].attributes.placeholder, and .body[5].attributes.placeholder are using
the unsafe pattern `= strenv(VAR) | "e.g., " + .` which pipes the whole document
into concatenation and fails; update each yq eval to perform the concatenation
on the right-hand side so the placeholder is assigned the string "e.g., " +
value of the environment variable (use MIN_TFT_VERSION for the first, VERSION
for the second, and MIN_BLUEPRINT_VERSION for the third) when writing to
.github/ISSUE_TEMPLATE/bug.yml, ensuring the assignment expression is `= "e.g.,
" + strenv(VARIABLE)` rather than piping the document into the concatenation.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 552c026 and 2bc4550.

📒 Files selected for processing (2)

• .github/workflows/versioning.yml
• versioning/version.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• versioning/version.yaml

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2bc4550a1c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/versioning.yml (1)

205-210: ⚠️ Potential issue | 🟡 Minor

Push step remains vulnerable to race conditions.

The push at line 210 can fail if main advances after the early rebase (line 100). While concurrency control reduces risk from parallel workflow runs, direct pushes to main during workflow execution would cause a failure.

Consider adding fetch/rebase immediately before the push, or use --force-with-lease with appropriate safeguards:

🔧 Proposed hardening

       - name: Push changes to main
         if: steps.skip_check.outputs.skip == 'false'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
+          # Rebase in case main advanced during workflow execution
+          git fetch origin main
+          git rebase origin/main || {
+            echo "Rebase failed - main has diverged"
+            exit 1
+          }
           git push origin HEAD:main

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 205 - 210, The push step "Push
changes to main" currently does a direct git push (git push origin HEAD:main)
which can fail due to race conditions if main advanced; update the step to fetch
the remote and rebase/merge the latest main before pushing or change the push to
use a safe force with lease (e.g., use git fetch origin main then git rebase
origin/main or git merge --ff-only origin/main, and if necessary push with
--force-with-lease) to prevent clobbering concurrent updates while avoiding race
failures.

🧹 Nitpick comments (2)

.github/workflows/versioning.yml (2)

106-113: Consider handling missing or null version.

If version.yaml doesn't exist or the .version key is missing, yq eval '.version' returns null. The regex validation would catch this, but an explicit existence check would provide a clearer error message.

🔧 Suggested improvement

           # Read version AFTER rebase to avoid race conditions
           CURRENT_VERSION=$(yq eval '.version' ./versioning/version.yaml)
+          if [[ -z "$CURRENT_VERSION" || "$CURRENT_VERSION" == "null" ]]; then
+            echo "Error: Could not read version from versioning/version.yaml"
+            exit 1
+          fi

           # Validate the current version format (CalVer: YYYY.M.seq)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 106 - 113, Check for a missing
or null version before applying the regex: after reading CURRENT_VERSION via yq
eval '.version' (used in the workflow), add an explicit check that
CURRENT_VERSION is non-empty and not "null" and emit a clear error message
(e.g., "Error: version not found in versioning/version.yaml") and exit non-zero
if it is missing; then proceed with the existing regex validation of
CURRENT_VERSION.

---

138-139: Consider using strenv() for version strings.

Using env() works for CalVer versions, but strenv() explicitly treats the value as a string, avoiding any edge cases where YAML parsing could interpret the version unexpectedly.

🔧 Suggested change

-          yq eval '.version = env(NEW_VERSION)' -i ./versioning/version.yaml
+          yq eval '.version = strenv(NEW_VERSION)' -i ./versioning/version.yaml

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/versioning.yml around lines 138 - 139, The yq expression
uses env(NEW_VERSION) which can let YAML parser treat the version non-string;
change the assignment to use strenv(NEW_VERSION) so the version is injected
explicitly as a string. Update the command that runs yq (the line containing
".version = env(NEW_VERSION)" and the yq invocation) to replace env(...) with
strenv(...) to ensure CalVer or other versions are always written as strings
into version.yaml.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/versioning.yml:
- Around line 205-210: The push step "Push changes to main" currently does a
direct git push (git push origin HEAD:main) which can fail due to race
conditions if main advanced; update the step to fetch the remote and
rebase/merge the latest main before pushing or change the push to use a safe
force with lease (e.g., use git fetch origin main then git rebase origin/main or
git merge --ff-only origin/main, and if necessary push with --force-with-lease)
to prevent clobbering concurrent updates while avoiding race failures.

---

Nitpick comments:
In @.github/workflows/versioning.yml:
- Around line 106-113: Check for a missing or null version before applying the
regex: after reading CURRENT_VERSION via yq eval '.version' (used in the
workflow), add an explicit check that CURRENT_VERSION is non-empty and not
"null" and emit a clear error message (e.g., "Error: version not found in
versioning/version.yaml") and exit non-zero if it is missing; then proceed with
the existing regex validation of CURRENT_VERSION.
- Around line 138-139: The yq expression uses env(NEW_VERSION) which can let
YAML parser treat the version non-string; change the assignment to use
strenv(NEW_VERSION) so the version is injected explicitly as a string. Update
the command that runs yq (the line containing ".version = env(NEW_VERSION)" and
the yq invocation) to replace env(...) with strenv(...) to ensure CalVer or
other versions are always written as strings into version.yaml.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2bc4550 and 5daecae.

📒 Files selected for processing (1)

• .github/workflows/versioning.yml

[edwardtfn]

@codex review
@coderabbitai review

[coderabbitai]

@edwardtfn, I'll review the changes in this pull request for you.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 83abca7c49

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/versioning.yml:
- Line 39: The workflow currently pins third-party actions with mutable tags
(actions/checkout@v6, mikefarah/yq@v4.43.1, actions/github-script@v7,
softprops/action-gh-release@v2); replace each of those references with the
corresponding repository commit SHA (the 40-character immutable commit hash) for
the exact tag/version you intend to use—fetch the commit SHA from the action's
GitHub repo (releases/tags or the tag's commit) and update the workflow
references so each action entry uses the full 40-character SHA instead of the
floating tag.
- Around line 43-52: The current skip check step (name "Check for skip marker",
id skip_check) is reading the merge commit message and can be triggered by PR
metadata; change it to branch behavior on GITHUB_EVENT_NAME: when
GITHUB_EVENT_NAME == "pull_request" read the PR title/body from the GitHub event
file (GITHUB_EVENT_PATH) and only set skip if the PR title/body contains
"[skip-versioning]", and when GITHUB_EVENT_NAME == "push" (merged branch)
examine the last non-merge commit message (use git log --no-merges -1
--pretty=%B) for the marker; update the logic that echoes
"skip=true"/"skip=false" accordingly so PR metadata no longer unintentionally
disables releases.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5daecae and 83abca7.

📒 Files selected for processing (1)

• .github/workflows/versioning.yml

[edwardtfn]

@coderabbitai resume

[coderabbitai]

✅ Actions performed

Reviews resumed.