From 7cea2524378a07406d16549215e364c9e7da08b9 Mon Sep 17 00:00:00 2001
From: pushpit kamboj <pushpitkamboj@pushpits-MacBook-Air.local>
Date: Fri, 13 Mar 2026 22:29:28 +0530
Subject: [PATCH 1/6] [ci] Add bot-changelog workflow

---
 .github/workflows/bot-changelog.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/workflows/bot-changelog.yml

diff --git a/.github/workflows/bot-changelog.yml b/.github/workflows/bot-changelog.yml
new file mode 100644
index 000000000..6558c0a27
--- /dev/null
+++ b/.github/workflows/bot-changelog.yml
@@ -0,0 +1,15 @@
+name: Changelog Bot
+
+on:
+  # Trigger when a PR review is submitted with approval
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  changelog:
+    # Call the reusable workflow from openwisp-utils
+    uses: openwisp/openwisp-utils/.github/workflows/reusable-bot-changelog.yml@master
+    secrets:
+      GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+      OPENWISP_BOT_APP_ID: ${{ secrets.OPENWISP_BOT_APP_ID }}
+      OPENWISP_BOT_PRIVATE_KEY: ${{ secrets.OPENWISP_BOT_PRIVATE_KEY }}

From 580df60316a5e771e645a0d70fd87109dc5c4f11 Mon Sep 17 00:00:00 2001
From: pushpit kamboj <pushpitkamboj@pushpits-MacBook-Air.local>
Date: Fri, 27 Mar 2026 11:38:07 +0530
Subject: [PATCH 2/6] [ci] Added bot changelog

---
 .github/workflows/bot-changelog-runner.yml  | 51 +++++++++++++++++++++
 .github/workflows/bot-changelog-trigger.yml | 36 +++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 .github/workflows/bot-changelog-runner.yml
 create mode 100644 .github/workflows/bot-changelog-trigger.yml

diff --git a/.github/workflows/bot-changelog-runner.yml b/.github/workflows/bot-changelog-runner.yml
new file mode 100644
index 000000000..c0ba79e4d
--- /dev/null
+++ b/.github/workflows/bot-changelog-runner.yml
@@ -0,0 +1,51 @@
+name: Changelog Bot Runner
+
+on:
+  workflow_run:
+    workflows: ["Changelog Bot Trigger"]
+    types:
+      - completed
+
+permissions:
+  actions: read
+  contents: read
+  pull-requests: write
+  issues: write
+
+jobs:
+  fetch-metadata:
+    runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
+    outputs:
+      pr_number: ${{ steps.metadata.outputs.pr_number }}
+    steps:
+      - name: Download PR metadata
+        id: download
+        uses: actions/download-artifact@v4
+        with:
+          name: changelog-metadata
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+        continue-on-error: true
+
+      - name: Read PR metadata
+        if: steps.download.outcome == 'success'
+        id: metadata
+        run: |
+          PR_NUMBER=$(cat pr_number)
+          if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then
+            echo "::error::Invalid PR number: $PR_NUMBER"
+            exit 1
+          fi
+          echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
+
+  changelog:
+    needs: fetch-metadata
+    if: needs.fetch-metadata.outputs.pr_number != ''
+    uses: openwisp/openwisp-utils/.github/workflows/reusable-bot-changelog.yml@master
+    with:
+      pr_number: ${{ needs.fetch-metadata.outputs.pr_number }}
+    secrets:
+      GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+      OPENWISP_BOT_APP_ID: ${{ secrets.OPENWISP_BOT_APP_ID }}
+      OPENWISP_BOT_PRIVATE_KEY: ${{ secrets.OPENWISP_BOT_PRIVATE_KEY }}
diff --git a/.github/workflows/bot-changelog-trigger.yml b/.github/workflows/bot-changelog-trigger.yml
new file mode 100644
index 000000000..6d2da58c2
--- /dev/null
+++ b/.github/workflows/bot-changelog-trigger.yml
@@ -0,0 +1,36 @@
+name: Changelog Bot Trigger
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  check:
+    if: |
+      github.event.review.state == 'approved' &&
+      (github.event.review.author_association == 'OWNER' ||
+        github.event.review.author_association == 'MEMBER' ||
+        github.event.review.author_association == 'COLLABORATOR')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for noteworthy PR
+        id: check
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          if echo "$PR_TITLE" | grep -qiE '^\[(feature|fix|change)\]'; then
+            echo "has_noteworthy=true" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Save PR metadata
+        if: steps.check.outputs.has_noteworthy == 'true'
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: echo "$PR_NUMBER" > pr_number
+
+      - name: Upload PR metadata
+        if: steps.check.outputs.has_noteworthy == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: changelog-metadata
+          path: pr_number

From bef545183d00043afc71c1769155d37e1682050d Mon Sep 17 00:00:00 2001
From: pushpit kamboj <pushpitkamboj@pushpits-MacBook-Air.local>
Date: Fri, 27 Mar 2026 11:44:08 +0530
Subject: [PATCH 3/6] [fix] remove old yml file

---
 .github/workflows/bot-changelog.yml | 15 ---------------
 1 file changed, 15 deletions(-)
 delete mode 100644 .github/workflows/bot-changelog.yml

diff --git a/.github/workflows/bot-changelog.yml b/.github/workflows/bot-changelog.yml
deleted file mode 100644
index 6558c0a27..000000000
--- a/.github/workflows/bot-changelog.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: Changelog Bot
-
-on:
-  # Trigger when a PR review is submitted with approval
-  pull_request_review:
-    types: [submitted]
-
-jobs:
-  changelog:
-    # Call the reusable workflow from openwisp-utils
-    uses: openwisp/openwisp-utils/.github/workflows/reusable-bot-changelog.yml@master
-    secrets:
-      GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
-      OPENWISP_BOT_APP_ID: ${{ secrets.OPENWISP_BOT_APP_ID }}
-      OPENWISP_BOT_PRIVATE_KEY: ${{ secrets.OPENWISP_BOT_PRIVATE_KEY }}

From db2de774bf044a6f71e416105a3292dcaca669d2 Mon Sep 17 00:00:00 2001
From: pushpit kamboj <pushpitkamboj@pushpits-MacBook-Air.local>
Date: Fri, 27 Mar 2026 11:54:16 +0530
Subject: [PATCH 4/6] [fix]opt for node24 for github action as node20 is
 depcreated

---
 .github/workflows/bot-changelog-runner.yml  | 3 +++
 .github/workflows/bot-changelog-trigger.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/bot-changelog-runner.yml b/.github/workflows/bot-changelog-runner.yml
index c0ba79e4d..f54737eed 100644
--- a/.github/workflows/bot-changelog-runner.yml
+++ b/.github/workflows/bot-changelog-runner.yml
@@ -12,6 +12,9 @@ permissions:
   pull-requests: write
   issues: write
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
 jobs:
   fetch-metadata:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/bot-changelog-trigger.yml b/.github/workflows/bot-changelog-trigger.yml
index 6d2da58c2..c5738cb03 100644
--- a/.github/workflows/bot-changelog-trigger.yml
+++ b/.github/workflows/bot-changelog-trigger.yml
@@ -4,6 +4,9 @@ on:
   pull_request_review:
     types: [submitted]
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+  
 jobs:
   check:
     if: |

From 35c1c88bce7fcff13b9f2a7a477f692c58910d2a Mon Sep 17 00:00:00 2001
From: pushpit kamboj <pushpitkamboj@pushpits-MacBook-Air.local>
Date: Fri, 27 Mar 2026 13:05:35 +0530
Subject: [PATCH 5/6] [fix] QA checks

---
 .github/workflows/bot-changelog-trigger.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/bot-changelog-trigger.yml b/.github/workflows/bot-changelog-trigger.yml
index c5738cb03..a41854196 100644
--- a/.github/workflows/bot-changelog-trigger.yml
+++ b/.github/workflows/bot-changelog-trigger.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-  
+
 jobs:
   check:
     if: |

From de476b6013907e24d010a15fa89abbf431c99c98 Mon Sep 17 00:00:00 2001
From: pushpit kamboj <pushpitkamboj@pushpits-MacBook-Air.local>
Date: Thu, 23 Apr 2026 15:58:22 +0530
Subject: [PATCH 6/6] [fix] Remove js env and edited permissions for workflow

---
 .github/workflows/bot-changelog-runner.yml  | 14 +++++++-------
 .github/workflows/bot-changelog-trigger.yml |  5 ++---
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/bot-changelog-runner.yml b/.github/workflows/bot-changelog-runner.yml
index f54737eed..218a7cce1 100644
--- a/.github/workflows/bot-changelog-runner.yml
+++ b/.github/workflows/bot-changelog-runner.yml
@@ -8,23 +8,19 @@ on:
 
 permissions:
   actions: read
-  contents: read
-  pull-requests: write
-  issues: write
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
 jobs:
   fetch-metadata:
     runs-on: ubuntu-latest
     if: github.event.workflow_run.conclusion == 'success'
+    permissions:
+      actions: read
     outputs:
       pr_number: ${{ steps.metadata.outputs.pr_number }}
     steps:
       - name: Download PR metadata
         id: download
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           name: changelog-metadata
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -45,6 +41,10 @@ jobs:
   changelog:
     needs: fetch-metadata
     if: needs.fetch-metadata.outputs.pr_number != ''
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
     uses: openwisp/openwisp-utils/.github/workflows/reusable-bot-changelog.yml@master
     with:
       pr_number: ${{ needs.fetch-metadata.outputs.pr_number }}
diff --git a/.github/workflows/bot-changelog-trigger.yml b/.github/workflows/bot-changelog-trigger.yml
index a41854196..0472f2209 100644
--- a/.github/workflows/bot-changelog-trigger.yml
+++ b/.github/workflows/bot-changelog-trigger.yml
@@ -4,8 +4,7 @@ on:
   pull_request_review:
     types: [submitted]
 
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+permissions: {}
 
 jobs:
   check:
@@ -33,7 +32,7 @@ jobs:
 
       - name: Upload PR metadata
         if: steps.check.outputs.has_noteworthy == 'true'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: changelog-metadata
           path: pr_number