Surface the released version in the Cut release run UI

[tyom]

What

Two changes to .github/workflows/cut-release.yml so the cut version is visible in the GitHub UI:

1. run-name — the Actions run list now shows Cut release vX.Y.Z instead of Cut release #1, so runs are distinguishable at a glance.
2. Job summary panel — renders at the top of the run page with the canonical resolved tag (always v-prefixed), the source commit, and a direct release link. This is the authoritative version, since run-name echoes the raw dispatch input which may omit the v.

Why

When cutting a release there was no easy way to tell which version a run produced from the Actions list view.

Notes

• Takes effect on the next release — run-name is evaluated at dispatch time, so existing runs keep their titles.

Summary by CodeRabbit

• Chores
  • Improved release workflow visibility by adding descriptive run names and release summary information to streamline the release process.

[coderabbitai]

📝 Walkthrough

Walkthrough

The .github/workflows/cut-release.yml workflow is enhanced with two visibility improvements: a custom run-name that displays the release version instead of a numeric run ID, and a new "Summarise the release" step that writes the tag, short commit hash, and release URL to the job summary.

Changes

Release workflow visibility

Layer / File(s)	Summary
Workflow run naming and release summary .github/workflows/cut-release.yml	The workflow sets run-name to Cut release ${{ inputs.version }} for clarity in the Actions run list. A post-tag step appends the computed release tag, short GITHUB_SHA, and a direct GitHub release link to $GITHUB_STEP_SUMMARY.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• tyom/repo-intel#8: Modifies the same cut-release workflow that this PR extends with visibility improvements.

Poem

🐰 A release, so clear, gets a title at last,
No numbers to cloud what was built in the past.
The summary glows with the tag and the hash,
Making workflows transparent, with visibility and panache!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: surfacing the released version in the GitHub Actions run UI through run-name and job summary enhancements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch surface-release-version

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/cut-release.yml (1)

93-101: ⚡ Quick win

Consider using environment variables for consistency and to address the static analysis warning.

The static analyzer flags line 95 for template injection risk. While the value is validated by the semver regex on lines 48-51 and should be safe, this workflow already uses the defensive env-var pattern on line 44:

env:
  INPUT_VERSION: ${{ inputs.version }} # via env, never inlined into the shell

For consistency and to silence the static analyzer, consider applying the same pattern here.

♻️ Proposed refactor to use environment variables

       - name: Summarise the release
+        env:
+          TAG: ${{ steps.tag.outputs.tag }}
         run: |
-          tag="${{ steps.tag.outputs.tag }}"
+          tag="${TAG}"
           {
             echo "## Released ${tag} :rocket:"
             echo ""
             echo "- **Tag:** \`${tag}\` (from commit \`${GITHUB_SHA:0:7}\` on \`main\`)"
             echo "- **Release:** ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/releases/tag/${tag}"
           } >> "$GITHUB_STEP_SUMMARY"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/cut-release.yml around lines 93 - 101, The release summary
step in the workflow inlines the tag via tag="${{ steps.tag.outputs.tag }}"
which triggers a template-injection warning; change it to pass the tag into the
shell via an env var (e.g. set env: RELEASE_TAG: ${{ steps.tag.outputs.tag }})
and then reference $RELEASE_TAG inside the run block (update the echo lines that
use ${tag} to use $RELEASE_TAG) while leaving GITHUB_SHA and GITHUB_STEP_SUMMARY
references unchanged; this mirrors the defensive pattern used for INPUT_VERSION
and will silence the static analyzer.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/cut-release.yml:
- Around line 93-101: The release summary step in the workflow inlines the tag
via tag="${{ steps.tag.outputs.tag }}" which triggers a template-injection
warning; change it to pass the tag into the shell via an env var (e.g. set env:
RELEASE_TAG: ${{ steps.tag.outputs.tag }}) and then reference $RELEASE_TAG
inside the run block (update the echo lines that use ${tag} to use $RELEASE_TAG)
while leaving GITHUB_SHA and GITHUB_STEP_SUMMARY references unchanged; this
mirrors the defensive pattern used for INPUT_VERSION and will silence the static
analyzer.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 243240ca-6e85-46d4-a976-2bd82546d98f

📥 Commits

Reviewing files that changed from the base of the PR and between 00c33a5 and 58ec998.

📒 Files selected for processing (1)

• .github/workflows/cut-release.yml