ci: fix semantic release skipped due to head conflict

[JoJoJoJoJoJoJo]

User description

• fix semantic release skipped as another workflow pushes to main

---

PR Type

Other

---

Description

• Convert LLM.txt generation from standalone to reusable workflow

• Add LLM.txt update as dependency in semantic release

• Remove manual triggers from LLM.txt workflow

• Ensure proper workflow sequencing for releases

---

Diagram Walkthrough

flowchart LR
  A["Semantic Release Workflow"] --> B["Update LLM.txt Job"]
  A --> C["Test Job"]
  B --> D["Release Job"]
  C --> D
  E["LLM.txt Workflow"] --> F["Reusable Workflow Call"]

Loading

File Walkthrough

Relevant files

Configuration changes

generate-llm-txt.yml Convert to reusable workflow call                                                .github/workflows/generate-llm-txt.yml Convert from standalone workflow to reusable workflow Remove all trigger events (push, release, workflow_dispatch) Replace with single workflow_call trigger +1/-14    semantic-release.yml Add LLM.txt dependency to release workflow                              .github/workflows/semantic-release.yml Add update-llm-txt job that calls LLM.txt workflow Make release job depend on both test and update-llm-txt Reorder workflow_dispatch trigger position Add secrets inheritance for called workflow +9/-4

---

Summary by CodeRabbit

• Chores
  • Release workflow can now be triggered manually.
  • Release now depends on a pre-step that updates LLM.txt.
  • Converted a supporting workflow into a reusable one; it no longer runs automatically and is invoked by other workflows.
  • Enhanced checkout settings for full history and safer credential handling during releases.
  • No user-facing behavior changes outside the release process.

[coderabbitai]

Walkthrough

The generate-llm-txt workflow is converted into a reusable workflow triggered via workflow_call. The semantic-release workflow now supports manual triggers, adds a job that calls the reusable generate-llm-txt workflow with inherited secrets, and updates the release job to depend on it. The checkout step gains fetch-depth and credential settings.

Changes

Cohort / File(s)	Summary of changes
Reusable workflow conversion .github/workflows/generate-llm-txt.yml	Replaces prior triggers (release, push to main with path filters, workflow_dispatch) with on: workflow_call, keeping jobs/steps intact.
Semantic release workflow updates .github/workflows/semantic-release.yml	Adds workflow_dispatch; introduces update-llm-txt job that uses ./.github/workflows/generate-llm-txt.yml with secrets: inherit; sets release job to needs: [test, update-llm-txt]; modifies Checkout step with fetch-depth: 0 and persist-credentials: false.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant GH as GitHub Actions
    participant SR as Workflow: semantic-release.yml
    participant T as Job: test
    participant U as Job: update-llm-txt (reusable)
    participant G as Reusable: generate-llm-txt.yml
    participant R as Job: release

    Dev->>GH: push to main or manual workflow_dispatch
    GH->>SR: Start semantic-release workflow
    SR->>T: Run tests
    Note over T: Existing test execution
    T-->>SR: Success/Failure

    alt Tests succeed
        SR->>U: Start update-llm-txt
        U->>G: workflow_call (secrets: inherit)
        G-->>U: Generate LLM.txt completed
        U-->>SR: Success
        SR->>R: Run release (needs: test, update-llm-txt)
        R-->>SR: Release result
    else Tests fail
        SR-->>GH: Stop (release/update-llm-txt not executed)
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(ci): only trigger release for mcpm update #262 — Also modifies .github/workflows/semantic-release.yml trigger configuration (adds path-based push filters), indicating related workflow trigger changes.

Suggested labels

Review effort 2/5

Suggested reviewers

• niechen
• GabrielDrapor
• calmini

Poem

A rabbit taps the workflow drum,
Calls a friend to LLM hum.
Reusable burrow, neatly spun,
Release now waits till chores are done.
With a hop and a push (or hand),
Carrots compiled—ship the band! 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "ci: fix semantic release skipped due to head conflict" is concise and directly reflects the PR's stated purpose of preventing semantic-release from being skipped when another workflow pushes to main. The changes (making generate-llm-txt reusable and adding an update-llm-txt job plus workflow_dispatch in semantic-release) align with that intent. It uses a clear "ci:" prefix and is specific enough for teammates scanning the repository history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jonathan/fix-ci-semantic-update-conflict

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Secrets inheritance: Using 'secrets: inherit' exposes all repository/organization secrets to the called workflow. Ensure the called workflow is fully trusted and only requires these secrets; consider scoping to explicit secrets or reducing permissions where possible.

⚡ Recommended focus areas for review Release head sync After the 'update-llm-txt' job updates 'main', the 'release' job may still check out the original SHA. Verify the release job fetches and checks out the updated branch head before running semantic-release to avoid running on an outdated commit (e.g., set checkout ref to the branch or perform a fetch/pull). update-llm-txt: name: Update LLM.txt uses: ./.github/workflows/generate-llm-txt.yml secrets: inherit test: uses: ./.github/workflows/test.yml release: name: Release needs: [test, update-llm-txt] Secrets scope The reusable workflow is invoked with 'secrets: inherit'. Confirm the called workflow only needs these secrets and consider passing only the required ones to adhere to least-privilege. secrets: inherit

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Checkout branch head before release Since the release now waits for a job that may push commits, ensure you check out the latest branch head. Otherwise semantic-release can skip due to not being on the current HEAD. Fetch full history and target the main branch explicitly. .github/workflows/semantic-release.yml [36-37] -- name: Checkout +- name: Checkout latest main uses: actions/checkout@v4 + with: + ref: main + fetch-depth: 0 Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies that the release job may run on an outdated commit because the preceding update-llm-txt job could push a new commit, and provides a crucial fix by checking out the latest main branch head with full history.	High
More

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/generate-llm-txt.yml (1)

21-26: Fix detached HEAD push: ensure checkout tracks the branch and push to an explicit ref

As written, checkout defaults to a detached HEAD and git push without an upstream will fail or behave inconsistently. Check out the branch ref and push explicitly to it.

Apply:

       uses: actions/checkout@v4
       with:
         token: ${{ steps.generate_token.outputs.token }}
         fetch-depth: 0
+        ref: ${{ github.ref }}
@@
-        git push
+        git push origin HEAD:${{ github.ref_name }}

Also applies to: 50-57

.github/workflows/semantic-release.yml (1)

35-41: Checkout the branch ref so release sees the llm.txt commit pushed by the prerequisite job

Without checking out the branch ref, the workspace may be on the event SHA (stale) and semantic-release can skip due to a head change.

       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           persist-credentials: false
+          ref: ${{ github.ref }}

🧹 Nitpick comments (6)

.github/workflows/generate-llm-txt.yml (3)

58-59: Remove unused GITHUB_TOKEN env (credentials already persisted by checkout)

actions/checkout with token persists credentials; the GITHUB_TOKEN env here is redundant.

-      env:
-        GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
+      # No env needed; checkout already configured auth for push.

---

1-6: Add concurrency to avoid overlapping llm.txt updates on the same branch

Prevents races if multiple runs target the same ref.

 name: Generate LLM.txt
 
 on:
   workflow_call:
 
+concurrency:
+  group: generate-llm-txt-${{ github.ref }}
+  cancel-in-progress: false

---

56-56: Commit author identity: use the App’s bot identity for clearer provenance

Set a consistent bot identity to match the app token.

-        git config --local user.email "action@github.com"
-        git config --local user.name "GitHub Action"
+        git config --local user.email "github-actions[bot]@users.noreply.github.com"
+        git config --local user.name "github-actions[bot]"

.github/workflows/semantic-release.yml (3)

42-48: Token providers differ across jobs; consider standardizing

You use actions/create-github-app-token@v1 in the generator and tibdex/github-app-token@v2 here. Both work, but standardizing simplifies maintenance.

---

1-11: Optional: add workflow-level concurrency to avoid parallel release runs on main

Helps prevent interleaved runs if multiple pushes land in quick succession.

 name: Semantic Release
 
 on:
   push:
     branches:
       - main
     paths:
       - 'src/mcpm/**'
       - 'pyproject.toml'
   workflow_dispatch:
 
+concurrency:
+  group: semantic-release-${{ github.ref }}
+  cancel-in-progress: true

---

1-11: Note: “[skip ci]” isn’t universally honored by GitHub Actions

If other workflows still trigger on the LLM.txt push, add paths-ignore: ['llm.txt'] to their triggers instead of relying on commit message keywords.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 83bff07 and 8007bc5.

📒 Files selected for processing (2)

• .github/workflows/generate-llm-txt.yml (1 hunks)
• .github/workflows/semantic-release.yml (1 hunks)

🔇 Additional comments (2)

.github/workflows/semantic-release.yml (2)

18-23: Good reuse: calling the generator via workflow_call with inherited secrets

This cleanly centralizes LLM.txt generation and orders it before release. LGTM.

---

12-17: Permissions look correct for releases and PyPI OIDC

contents, issues, pull-requests, and id-token are set appropriately. No changes needed.

[mcpm-semantic-release]

🎉 This PR is included in version 2.8.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀