feat: Enhance release workflow with AI changelog generation and docs sync trigger

[frontegg-david]

Summary by CodeRabbit

• New Features

  • AI-assisted generation of changelogs and promotional card content now written into release bodies; automated tagging and release creation included.
  • Conditional docs sync after release when card content and docs credentials are present.

• Chores

  • Finalization flow improved with safer fallbacks and clearer handling when AI or docs credentials are missing.

• Style

  • Docs-sync workflow changed to manual dispatch only (removed automatic PR-triggered runs).

• Documentation

  • Removed the external-storage example and related explanatory content from the docs.

[coderabbitai]

📝 Walkthrough

Walkthrough

Publish-release workflow now computes the prior tag, generates a size-capped filtered diff, requests an AI-generated CHANGELOG and Card MDX (if OpenAI key), writes /tmp/release-body.md, tags & creates a GitHub Release via body_path, and conditionally dispatches docs sync. The trigger-docs-update workflow no longer runs on PR merges.

Changes

Cohort / File(s)	Summary
Release automation ​.github/workflows/publish-release.yml	Adds finalization flow: determine previous tag, produce a ~50KB filtered diff (TS/JSON, exclude lockfiles/tests), call OpenAI (when API key present) to generate CHANGELOG + CARD_MDX, write /tmp/release-body.md (embed Card MDX hidden), create & push git tag, create GitHub Release using body_path, and conditionally trigger docs dispatch when CARD_MDX and DOCS_PAT exist.
Docs trigger workflow ​.github/workflows/trigger-docs-update.yml	Removes the pull_request trigger and automatic PR-merge/version-extraction path; workflow now runs only via workflow_dispatch with existing inputs preserved.
Docs content docs/frontmcp/servers/skills.mdx	Removes the "Advanced: External Storage" documentation block and associated TypeScript example and capability bullets.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Workflow as Publish-Release Workflow
    participant Git as Git (repo & tags)
    participant OpenAI as OpenAI API
    participant GHAPI as GitHub API (Releases / Dispatch)
    participant Docs as Docs Workflow

    Workflow->>Git: fetch tags & determine previous tag
    Workflow->>Git: generate filtered diff (prevTag..HEAD, <50KB)
    alt prevTag found AND OPENAI_API_KEY present
        Workflow->>OpenAI: send diff -> request CHANGELOG + CARD_MDX
        OpenAI-->>Workflow: return CHANGELOG + CARD_MDX
        Workflow->>Workflow: write /tmp/release-body.md (include AI content, hidden Card MDX)
    else
        Workflow->>Workflow: write /tmp/release-body.md without AI content
    end
    Workflow->>Git: create and push git tag
    Workflow->>GHAPI: create GitHub Release using body_path (/tmp/release-body.md)
    alt not prerelease AND DOCS_PAT present AND CARD_MDX exists
        Workflow->>GHAPI: repository_dispatch -> trigger docs workflow
        GHAPI->>Docs: start docs workflow
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• chore: Remove pull_request trigger for closed events in release pipeline #212: Similar changes to release/docs trigger behavior and removal of PR-based docs trigger.
• fix(ci): Reversed version 0.3 due to bug in publishing workflow and fixed it #33: Related CI release/publishing workflow edits (tagging, release creation, docs-triggering).
• fix(ci): Fix publish workflows #27: Overlapping modifications to release/publish workflows including diff/tag selection and docs-sync flow.

Poem

🐇
I hopped through tags and munched the diff,
Asked the cloud to pen the changelog gift,
Hid a card where docs might peep,
Pushed a tag and rolled in a heap,
Hop, publish, now the meadow's complete!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: enhancing release workflow with AI changelog generation and docs sync trigger, which aligns with the primary modifications to publish-release.yml and trigger-docs-update.yml.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-mdx-docs

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/publish-release.yml:
- Around line 386-391: The current sed replacements for DIFF_PLACEHOLDER are
fragile because DIFF_CONTENT (stored in DIFF_ESCAPED) can contain sed-delimiter
characters like / and replacement-special & which break sed and corrupt
/tmp/prompt.json; replace the sed-based in-place substitutions with a safe JSON
construction using jq (or printf + jq) to populate VERSION, PREV_TAG and DIFF
fields from the variables (DIFF_CONTENT or DIFF_ESCAPED) so that special
characters are properly escaped, update the code paths that set DIFF_ESCAPED and
the three sed calls to instead build /tmp/prompt.json via jq writing the three
keys, and ensure the generated JSON is validated before use.

🧹 Nitpick comments (2)

.github/workflows/publish-release.yml (2)

393-412: Missing error handling for OpenAI API call.

The curl request doesn't check for HTTP errors. API failures (rate limits, auth issues, server errors) will silently produce empty changelogs without any diagnostic info.

🛡️ Proposed fix to add error handling

           # Call OpenAI API
-          RESPONSE=$(curl -s -X POST https://api.openai.com/v1/chat/completions \
+          HTTP_CODE=$(curl -s -w "%{http_code}" -o /tmp/openai_response.json -X POST https://api.openai.com/v1/chat/completions \
             -H "Content-Type: application/json" \
             -H "Authorization: Bearer $OPENAI_API_KEY" \
             -d `@/tmp/prompt.json`)
+          
+          RESPONSE=$(cat /tmp/openai_response.json)
+          
+          if [ "$HTTP_CODE" -ne 200 ]; then
+            echo "::warning::OpenAI API returned HTTP $HTTP_CODE"
+            echo "Response: $RESPONSE"
+            echo "has_changelog=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi

           # Extract content
           CONTENT=$(echo "$RESPONSE" | jq -r '.choices[0].message.content // empty')

---

505-513: Add error handling for docs sync dispatch.

If the repository dispatch fails (auth issues, wrong endpoint, etc.), it will fail silently. Consider checking the HTTP response code.

🛡️ Proposed fix to add error checking

           # Trigger docs aggregator workflow
-          curl -X POST \
+          HTTP_CODE=$(curl -s -w "%{http_code}" -o /dev/null -X POST \
             -H "Accept: application/vnd.github+json" \
             -H "Authorization: Bearer $DOCS_REPO_PAT" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/agentfront/docs/dispatches \
-            -d "{\"event_type\":\"frontmcp-release\",\"client_payload\":{\"version\":\"$VERSION\",\"repo\":\"frontmcp\"}}"
+            -d "{\"event_type\":\"frontmcp-release\",\"client_payload\":{\"version\":\"$VERSION\",\"repo\":\"frontmcp\"}}")
+
+          if [ "$HTTP_CODE" -ne 204 ]; then
+            echo "::warning::Docs sync dispatch returned HTTP $HTTP_CODE (expected 204)"
+          fi

           echo "Triggered docs sync for v$VERSION"

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In @.github/workflows/publish-release.yml:
- Around line 339-341: The git diff invocation uses root-only globs ('*.ts'
'*.tsx' '*.js' '*.json') so nested files under libs/ and plugins/ are missed;
update the git diff command in the workflow (the line that starts with git diff
"$PREV_TAG"..HEAD) to use recursive globs ('**/*.ts' '**/*.tsx' '**/*.js'
'**/*.json') while keeping the existing negate patterns
(':!**/package-lock.json' etc.) so the diff captures all nested source files for
the changelog generation.
- Around line 311-326: The script currently finds PREV_TAG across all stable
tags; scope it to the current release line by deriving MAJOR.MINOR from
CURRENT_VERSION and using that to filter tags (e.g., match
'^vMAJOR\.MINOR\.[0-9]+$') when listing and sorting tags for PREV_TAG selection
(use the same fallback logic to look one more back on the scoped list, and if no
scoped tag exists then fall back to the global stable tag search). Update the
PREV_TAG selection logic that uses git tag -l, grep and sort so it builds and
applies the MAJOR.MINOR pattern from CURRENT_VERSION before choosing the
previous tag.
- Around line 498-517: The docs dispatch step should be skipped when Card MDX
wasn't generated; add a guard before the curl call that checks the same
condition used to skip Card MDX generation (e.g., the prepare job output or env
flag like needs.prepare.outputs.card_mdx_generated or an equivalent
SKIP_CARD_MDX/OPENAI_API_KEY check) and only run the HTTP dispatch when Card MDX
exists; update the "Trigger docs sync" step (the block containing VERSION="${{
needs.prepare.outputs.version }}" and the curl POST to
api.github.com/repos/agentfront/docs/dispatches) to bail out early (exit 0) when
that prepare output/flag indicates Card MDX was not produced.

[github-actions]

Performance Test Results

Status: ✅ All tests passed

Summary

Project	Tests	Passed	Warnings	Failed	Leaks
✅ demo-e2e-agents	4	4	0	0	0
✅ demo-e2e-cache	11	11	0	0	0
✅ demo-e2e-codecall	4	4	0	0	0
✅ demo-e2e-config	4	4	0	0	0
✅ demo-e2e-direct	3	3	0	0	0
✅ demo-e2e-elicitation	1	1	0	0	0
✅ demo-e2e-errors	4	4	0	0	0
✅ demo-e2e-hooks	3	3	0	0	0
✅ demo-e2e-multiapp	4	4	0	0	0
✅ demo-e2e-notifications	3	3	0	0	0
✅ demo-e2e-openapi	2	2	0	0	0
✅ demo-e2e-providers	4	4	0	0	0
✅ demo-e2e-public	4	4	0	0	0
✅ demo-e2e-redis	14	14	0	0	0
✅ demo-e2e-remember	4	4	0	0	0
✅ demo-e2e-remote	5	5	0	0	0
✅ demo-e2e-serverless	2	2	0	0	0
✅ demo-e2e-skills	15	15	0	0	0
✅ demo-e2e-standalone	2	2	0	0	0
✅ demo-e2e-transport-recreation	3	3	0	0	0
✅ demo-e2e-ui	4	4	0	0	0

Total: 100 tests across 21 projects

📊 View full report in workflow run

---

Generated at: 2026-02-03T01:15:02.696Z
Commit: 9115fd1d

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/publish-release.yml:
- Around line 438-451: The heredoc writing to /tmp/release-body.md (the cat >
/tmp/release-body.md << EOF ... EOF block) preserves the YAML indentation and
inserts unwanted leading spaces; replace that heredoc with explicit echo/printf
redirections that write each line without leading spaces (e.g., echo/printf
lines for "## Release v$VERSION", "**Release type:** $RELEASE_TYPE", "**Release
line:** $RELEASE_LINE.x", "**Branch:** $BRANCH", the "npm install
`@frontmcp/sdk`@$VERSION" code fence markers and blank lines) so the generated
file has no indentation and Markdown headers/code fences render correctly.

🧹 Nitpick comments (3)

.github/workflows/publish-release.yml (3)

399-402: Add a timeout to the OpenAI API call.

The curl command lacks a timeout, which could cause the workflow to hang indefinitely if the OpenAI API is slow or unresponsive. This is a reliability concern for CI pipelines.

🔧 Proposed fix to add timeouts

           # Call OpenAI API with HTTP status capture
-          HTTP_CODE=$(curl -s -w "%{http_code}" -o /tmp/openai_response.json -X POST https://api.openai.com/v1/chat/completions \
+          HTTP_CODE=$(curl -s --connect-timeout 10 --max-time 60 -w "%{http_code}" -o /tmp/openai_response.json -X POST https://api.openai.com/v1/chat/completions \
             -H "Content-Type: application/json" \
             -H "Authorization: Bearer $OPENAI_API_KEY" \
             -d `@/tmp/prompt.json`)

---

468-474: Consider escaping <!-- in addition to -->.

Line 472 escapes --> to prevent breaking the HTML comment, but if the Card MDX content contains <!--, it would create a nested comment that prematurely closes the wrapper. This is unlikely but could cause subtle issues.

🔧 Proposed fix to escape both comment markers

-            sed 's/-->/--\>/g' /tmp/card-mdx.txt >> /tmp/release-body.md
+            sed -e 's/<!--/\&lt;!--/g' -e 's/-->/--\&gt;/g' /tmp/card-mdx.txt >> /tmp/release-body.md

---

526-531: Add a timeout to the docs sync API call.

For consistency with the OpenAI call recommendation and to prevent workflow hangs, consider adding a timeout to this curl request as well.

🔧 Proposed fix

           # Trigger docs aggregator workflow with HTTP status capture
-          HTTP_CODE=$(curl -s -w "%{http_code}" -o /dev/null -X POST \
+          HTTP_CODE=$(curl -s --connect-timeout 10 --max-time 30 -w "%{http_code}" -o /dev/null -X POST \
             -H "Accept: application/vnd.github+json" \
             -H "Authorization: Bearer $DOCS_REPO_PAT" \
             -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/agentfront/docs/dispatches \
             -d "{\"event_type\":\"frontmcp-release\",\"client_payload\":{\"version\":\"$VERSION\",\"repo\":\"frontmcp\"}}")

[github-actions]

Cherry-pick Created

A cherry-pick PR to main has been automatically created.

Please review and merge if this change should also be in main.

If the cherry-pick is not needed, close the PR.