chore(ci): add release-please configs

[SoulPancake]

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• New Features

  • Automated release management for multiple packages with independent versioning.
  • Manual and automatic release triggers with customizable version bumping options.
  • Automated release notes generation and GitHub release creation.

• Chores

  • Added Release Please configuration and CI/CD automation workflows.
  • Added supporting utilities for release parsing.

• Tests

  • Added test coverage for release automation scripts.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0d6589e3-8b89-4b64-99d2-6994437f00e4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This PR adds a complete release automation system using Google Release Please. It includes configuration for three packages (pkg/go, pkg/js, pkg/java), Bash utility scripts for version computation and changelog parsing with tests, a manual-dispatch and push-triggered GitHub Actions entry workflow, a reusable workflow that orchestrates release-please-action calls with PR retargeting, and a post-release job for signed tag creation and draft release generation.

Changes

Release Automation Setup

Layer / File(s)	Summary
Release configuration and manifest release-please-config.json, .release-please-manifest.json, pkg/js/.prettierignore	Release Please configuration defines three tracked packages with separate pull requests; manifest initializes versions for pkg/go (0.2.1), pkg/js (0.2.1), and pkg/java (0.2.0-beta.2); Prettier is configured to ignore .npm-upgrade.json and CHANGELOG.md files.
Release utility functions and tests \.github/workflows/scripts/parse-release.sh, \.github/workflows/scripts/parse-release.test.sh, \.github/workflows/test-release-scripts.yml	parse-release.sh provides manifest-diff, changelog-notes, and next-version subcommands via jq/awk; comprehensive Bash test suite validates each function against fixture manifests and changelogs with deterministic sorted output; CI workflow runs tests on script changes.
Release Please entry point workflow \.github/workflows/release-please.yaml	Workflow exposes workflow_dispatch inputs for target package, bump type (auto/patch/minor/major/explicit), and explicit version; triggers on push to main; routes to reusable workflow with computed trigger event and GitHub/GPG secrets.
Release Please orchestration job \.github/workflows/reusable-release-please.yaml (release-please job)	Reusable workflow accepts typed inputs and secrets; generates GitHub App token, checks out full repository history and tags, resets release branch to origin/main, creates baseline component tags from manifest, closes stale release-please PRs, removes stale labels from merged non-main PRs, computes new versions (if not auto), writes marker commits, calls googleapis/release-please-action against computed target branch (release for dispatch, main otherwise), and retargets dispatch-triggered PRs back to main with rewritten head refs.
Post-release signed tagging and release management \.github/workflows/reusable-release-please.yaml (post-release job)	Conditionally runs after push commits prefixed with "release:"; generates app token, imports GPG key, diffs manifest to identify changed components, creates and pushes signed tags for each changed component if missing, generates combined release notes from package CHANGELOG and GitHub auto-notes API, creates draft releases if absent, and force-syncs release branch to main.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change—adding release-please configuration files for the monorepo structure. It is concise, clear, and directly reflects the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/releaser-configs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR introduces release-please configuration and GitHub Actions workflows/scripts to automate multi-package releases (Go/JS/Java) and to publish tagged draft GitHub releases with combined changelog + generated notes.

Changes:

• Add release-please config (release-please-config.json) and manifest (.release-please-manifest.json) for pkg/go, pkg/js, and pkg/java.
• Add reusable release workflow (.github/workflows/reusable-release-please.yaml) plus entrypoint workflow (.github/workflows/release-please.yaml) and helper parsing scripts/tests.
• Update JS prettier ignore rules to avoid formatting CHANGELOG.md which is generated by release tooling.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
release-please-config.json	Adds release-please configuration for multi-package releases (needs cleanup of empty bootstrap-sha).
.release-please-manifest.json	Seeds per-package starting versions for release-please manifest mode.
pkg/js/.prettierignore	Excludes generated CHANGELOG.md from Prettier formatting.
.github/workflows/release-please.yaml	Adds the top-level workflow to run release automation on dispatch and on pushes to main.
.github/workflows/reusable-release-please.yaml	Implements the core release-please + post-release publishing flow (contains a critical PR retargeting bug and a trigger-file side effect).
.github/workflows/scripts/parse-release.sh	Adds helper commands for manifest diffs, changelog section extraction, and semver bumping (needs more exact changelog header matching).
.github/workflows/scripts/parse-release.test.sh	Adds lightweight bash tests for the parsing helpers (doc header references wrong filename).
.github/workflows/test-release-scripts.yml	Adds CI coverage to run the parsing helper tests when scripts change.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (1)

.github/workflows/scripts/parse-release.test.sh (1)

89-101: ⚡ Quick win

Add a regression case for version-prefix collisions in changelog-notes.

Current coverage doesn’t test ambiguous headers like v0.2.1 vs v0.2.10, so this class of bug can slip through.

Suggested test addition

 ##### changelog-notes #####
@@
 assert_eq "changelog-notes extracts the matching section body" "$expected_notes" "$notes"
+
+# Ensure exact version matching (0.2.1 should not match 0.2.10).
+cat >"$TMP/CHANGELOG-edge.md" <<'EOF'
+# Changelog
+
+## pkg/js/v0.2.10
+- notes for 0.2.10
+
+## pkg/js/v0.2.1
+- notes for 0.2.1
+EOF
+edge_notes="$("$PARSE" changelog-notes "$TMP/CHANGELOG-edge.md" "0.2.1")"
+assert_eq "changelog-notes matches exact version, not prefix" "- notes for 0.2.1" "$edge_notes"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/scripts/parse-release.test.sh around lines 89 - 101, Add a
regression test covering version-prefix collisions for the changelog-notes
parser: create a test case invoking "$PARSE changelog-notes" against a temporary
CHANGELOG content (TMP/CHANGELOG.md) that contains ambiguous headers like
"v0.2.1" and "v0.2.10" and assert that changelog-notes returns the exact section
for the requested version (e.g., "0.2.1") using assert_eq. Ensure the test
mirrors the existing pattern (the notes="$("$PARSE" changelog-notes ...)" setup
and expected_notes string) but includes both headers and verifies the parser
does not match the shorter prefix (v0.2.1) to v0.2.10.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/reusable-release-please.yaml:
- Around line 191-199: The rename path fails because origin/${head} may not
exist locally; before computing sha with git rev-parse in the block that uses
variables head and new_head, explicitly fetch the remote branch so the newly
created release-please PR head is available (i.e., perform a git fetch of origin
for the branch referenced by ${head} and then run git rev-parse); keep the
existing logic that pushes the sha to refs/heads/${new_head}, updates the PR
head via gh api, and deletes the old remote head if present.
- Around line 156-163: In the "Resolve target branch" step (id: target) avoid
interpolating ${{ inputs.trigger-event }} directly into the shell; instead pass
it via env (e.g., TRIGGER_EVENT) and update the run script to compare
"$TRIGGER_EVENT" (or $TRIGGER_EVENT) in the if expression; modify the step to
add an env entry that sets TRIGGER_EVENT from the input and change the
conditional to reference that env variable to prevent command injection.
- Around line 52-58: The GitHub App token steps are missing explicit permission
inputs so they inherit the app installation’s full permissions; update the
"Generate GitHub App token" step (id: app-token) and the other token step around
lines 217-222 to add permission-contents: write for both, and additionally add
permission-pull-requests: write only on the Phase 1 token used to
create/retarget PRs; ensure these are added as top-level with: style inputs
(permission-contents and permission-pull-requests) to the
actions/create-github-app-token steps to enforce least-privilege.

In @.github/workflows/scripts/parse-release.sh:
- Around line 63-68: The header-detection uses substring checks (index($0, "v"
ver) / index($0, ver)) so searching for "0.2.1" can match "0.2.10"; replace that
substring logic with a regex boundary match. In the is_header block (the lines
using index($0, "v" ver) > 0 || index($0, ver) > 0), change it to use awk regex
matching that enforces version boundaries, e.g. test $0 against a pattern like
"(^|[^0-9.])v?VER([^0-9.]|$)" (substituting VER with the ver variable) so only
exact version tokens (with optional leading "v") are accepted; keep setting
found = 1 when the regex matches.

In @.github/workflows/test-release-scripts.yml:
- Line 22: Update the actions/checkout step to explicitly disable credential
persistence by setting persist-credentials: false on the checkout action; locate
the checkout usage (the line using
actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd) and add the
persist-credentials: false input so the workflow does not write GITHUB_TOKEN
credentials to disk.

---

Nitpick comments:
In @.github/workflows/scripts/parse-release.test.sh:
- Around line 89-101: Add a regression test covering version-prefix collisions
for the changelog-notes parser: create a test case invoking "$PARSE
changelog-notes" against a temporary CHANGELOG content (TMP/CHANGELOG.md) that
contains ambiguous headers like "v0.2.1" and "v0.2.10" and assert that
changelog-notes returns the exact section for the requested version (e.g.,
"0.2.1") using assert_eq. Ensure the test mirrors the existing pattern (the
notes="$("$PARSE" changelog-notes ...)" setup and expected_notes string) but
includes both headers and verifies the parser does not match the shorter prefix
(v0.2.1) to v0.2.10.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1ac32433-6718-4a5d-9f7d-c0a0c6ca1c24

📥 Commits

Reviewing files that changed from the base of the PR and between e63b18e and 309e491.

📒 Files selected for processing (8)

• .github/workflows/release-please.yaml
• .github/workflows/reusable-release-please.yaml
• .github/workflows/scripts/parse-release.sh
• .github/workflows/scripts/parse-release.test.sh
• .github/workflows/test-release-scripts.yml
• .release-please-manifest.json
• pkg/js/.prettierignore
• release-please-config.json

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.