Promote PR bump preview to a reusable workflow in setup-cz

[bearomorphism]

Description

Following the rollout of the PR bump preview pattern across three repos (#1510), the workflow is currently duplicated in three places:

• commitizen-tools/commitizen/.github/workflows/pr-bump-preview.yml
• commitizen-tools/commitizen-action/.github/workflows/pr-bump-preview.yml
• commitizen-tools/setup-cz/examples/pr-bump-preview.yaml (copy-paste source for end users)

The recent security fix (same-repo guard + persist-credentials: false) had to be applied to all three copies independently. Future maintenance — new actions/checkout versions, comment-action upgrades, additional flags — will incur the same per-repo cost.

Possible Solution

Promote the example into a reusable workflow hosted in commitizen-tools/setup-cz.

Files

1. New setup-cz/.github/workflows/pr-bump-preview.yml with on: workflow_call and inputs:
   • cz-version (default latest) → forwarded to setup-cz
   • extra-requirements (default empty) → forwarded to setup-cz
   • ref (optional) → checkout ref override
2. examples/pr-bump-preview-wrapper.yaml shrinks to a thin wrapper showing uses: commitizen-tools/setup-cz/.github/workflows/pr-bump-preview.yml@v1.

Consumer wrapper (~8 lines)

on:
  pull_request_target:
    types: [opened, reopened, synchronize, ready_for_review]
permissions: { contents: read, pull-requests: write }
jobs:
  preview:
    uses: commitizen-tools/setup-cz/.github/workflows/pr-bump-preview.yml@v1

Migration

After this lands and a setup-cz release is cut:

• This repo: replace the 80-line workflow with the 8-line wrapper.
• commitizen-tools/commitizen-action: same.

Why a reusable workflow (not a composite action)?

A composite action would still need every consumer to write the pull_request_target trigger, the same-repo guard, the checkout, and the comment-posting step. Those are the exact bits we want to deduplicate. Reusable workflows encapsulate the whole job.

Why now wasn't the right time

Doing this in the original three PRs was rejected to avoid cross-repo merge coordination and to gather data on what inputs actually matter. Once the workflow has run on a few real PRs, we'll know whether working-directory, cz-version overrides, etc. are actually needed before committing them to a public reusable-workflow contract.

Additional context

Mirrors commitizen-tools/setup-cz#20 so this work item is also tracked here for visibility alongside the original feature request.

Acceptance:

• Reusable workflow at setup-cz/.github/workflows/pr-bump-preview.yml
• Trimmed example at examples/pr-bump-preview-wrapper.yaml
• Tag a setup-cz release containing the new workflow
• Follow-up PR here swapping the workflow for the wrapper
• Follow-up PR in commitizen-tools/commitizen-action swapping the workflow for the wrapper

Related issues

• Implements deduplication of work delivered in feat(ci): add PR bump preview workflow #1957 (this repo), feat: rework PR bump preview workflow commitizen-action#102, feat(examples): add PR bump preview example setup-cz#19
• Original feature request: Generate expected bump version comment when receiving a new pull request #1510
• Cross-org tracker: Promote PR bump preview example to a reusable workflow setup-cz#20