ci(release): add job to bump next version after release

[feloy]

After a release tag is pushed, a new bump-next-version job computes the next semantic version via svu, updates pkg/version/version.go with a -next suffix, and opens a PR targeting main.

Workflow-level permissions moved to per-job for least privilege.

Closes #123

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new bump-next-version job to .github/workflows/release.yml that runs after release, computes the next version with svu, updates pkg/version/version.go to a ...-next value, creates a branch, pushes it, and opens a PR against main; also scopes repository write permissions to the release job.

Changes

Cohort / File(s)	Summary
Release workflow .github/workflows/release.yml	Moved repository-level permissions: contents: write into the release job. Added bump-next-version job that checks out main, sets up Go, installs svu, computes svu next, formats it (strip leading v, append -next), edits pkg/version/version.go via sed, creates a branch, commits, pushes, and opens a PR using gh pr create. The job requires contents: write and pull-requests: write.
Version source pkg/version/version.go	Target file updated by CI job (the workflow performs an inline sed replacement to update the Version var).

Sequence Diagram(s)

sequenceDiagram
  participant Workflow as GitHub Actions (bump-next-version)
  participant Git as Git CLI
  participant SVU as svu
  participant FS as repo (pkg/version/version.go)
  participant GH as GitHub API (gh)
  Workflow->>Git: checkout main
  Workflow->>SVU: run svu next
  SVU-->>Workflow: NEXT_VERSION
  Workflow->>FS: sed replace Version -> NEXT_VERSION-next
  Workflow->>Git: git checkout -b bump/version-NEXT
  Workflow->>Git: git add & commit & push
  Workflow->>GH: gh pr create (target: main, token: KORTEX_BOT_TOKEN)
  GH-->>Workflow: PR created

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ci(release): add goreleaser config and GitHub Actions workflow #113: Related to release/version handling; injects Version at build time while this PR updates pkg/version/version.go and adds the bump-next-version job.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is related to the changeset, explaining the new bump-next-version job, the permission changes, and referencing the closed issue.
Linked Issues check	✅ Passed	The PR implements the core requirements from issue #123: it adds a job that computes the next semantic version using svu, updates pkg/version/version.go with the -next suffix, and creates a PR targeting main.
Out of Scope Changes check	✅ Passed	All changes are directly related to the linked issue #123. The refactoring of workflow-level permissions to per-job permissions is a necessary security improvement for the new job implementation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately and concisely describes the main change: adding a new job to bump the next version after release in the CI workflow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 79-93: In the "Create PR" step where BRANCH is created and
pkg/version/version.go is added/committed, guard the commit so the job skips
committing when the sed replacement made no changes: after git add
pkg/version/version.go (in the Create PR block) run a check like inspecting git
status/porcelain or using git diff --cached --quiet and only run git commit -m
"chore: bump version to ${{ steps.version.outputs.next_version }}" if there are
staged changes; if no changes exist, skip the commit/PR creation to avoid
failing the workflow when the file is already current.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e1c4d24d-417c-497a-a71e-70af327ba532

📥 Commits

Reviewing files that changed from the base of the PR and between f16396f and 8c5362c.

📒 Files selected for processing (1)

• .github/workflows/release.yml

[benoitf]

I think it should be KORTEX_BOT_TOKEN