v6.1.4: Move release flow into GitHub

[tyl3r-ch]

Summary by CodeRabbit

• New Features

  • Manual release via GitHub Actions with a required version input, CI gating on main before publish, and resume-safe behavior when re-running the same version.
  • Frontend version injected at build time into the app.

• Documentation

  • Updated release and RELEASING docs with GitHub App setup and new manual workflow instructions.
  • Changelog entry for the new release flow.

• Chores

  • Removed legacy local tagging script; workflow uses the injected build version.

[coderabbitai]

📝 Walkthrough

Walkthrough

Release workflow changed from tag-triggered to manual workflow_dispatch with version input, adds CI completion verification against main SHA, uses a GitHub App token for authenticated git/GitHub operations, conditionally bumps/tags/publishes based on requested version, and injects app version into the frontend build at compile time.

Changes

Cohort / File(s)	Summary
Release Workflow Automation .github/workflows/release.yml	Replaced tag-based triggers with workflow_dispatch requiring inputs.version; added RELEASE_VERSION/RELEASE_TAG; added CI gate running scripts/verify-main-ci.js; switched to GitHub App token for checkout/push/tag/release; conditional bump/commit/tag/push and conditional npm publish when package already exists.
Release Documentation CHANGELOG.md, RELEASING.md	Added [6.1.4] - 2026-04-11 entry and updated release instructions to document manual dispatch flow, GitHub App setup, CI gate, resume behavior, and updated publish/verification order.
Verification Script scripts/verify-main-ci.js	New executable Node script that queries GitHub Actions API to wait for a specified workflow run for a given repo/workflow/sha, with retries/delay and success/failure handling.
Frontend Version Injection src/lib/constants.ts, vite-env.d.ts, vite.config.ts	Replaced hard-coded VERSION with build-time __APP_VERSION__; added ambient declare const __APP_VERSION__: string; updated Vite config to read package.json version and define __APP_VERSION__.
Cleanup: local tag script & npm script package.json, scripts/tag-main-release.sh	Removed tag:main-release npm script and deleted scripts/tag-main-release.sh (local tagging workflow replaced by GitHub Actions).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Maintainer
  participant GitHubActions as "GitHub Actions\n(release workflow)"
  participant VerifyScript as "verify-main-ci.js\n(GitHub API)"
  participant GitHub as "GitHub API / Repo"
  participant Registry as "npm Registry"

  Maintainer->>GitHubActions: trigger workflow_dispatch(version)
  GitHubActions->>GitHub: create GitHub App token / checkout main (ref: main)
  GitHubActions->>VerifyScript: run verify-main-ci --repo --workflow --sha
  VerifyScript->>GitHub: poll workflow runs for head_sha
  GitHub-->>VerifyScript: return run status
  VerifyScript-->>GitHubActions: success / failure
  alt verified success
    GitHubActions->>GitHub: optionally bump package.json, commit, create annotated tag, push (using app token)
    GitHubActions->>Registry: check if `@roastcodes/ttdash`@RELEASE_VERSION exists
    alt not exists
      GitHubActions->>Registry: npm publish
      Registry-->>GitHubActions: publish result
    end
    GitHubActions->>GitHub: create GitHub Release for RELEASE_TAG
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• v6.1.3: Isolate release verification #5 — Touches the release workflow and scripts/tag-main-release.sh; this PR removes that script and replaces its flow.
• v6.1.1: Bump release version #3 — Also modifies src/lib/constants.ts/version handling; related to switching version management to build-time injection.
• v6.1.2: Harden release verification #4 — Overlaps on release verification logic and workflow adjustments tied to CI gating.

Poem

🐰
A button pressed, a workflow wakes,
CI guards the main it makes,
Tokens hop to push the tag,
Versions bloom without the snag—
I nibble carrots, releases bake.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective of the changeset—migrating the release process from tag-based triggering to a GitHub Actions workflow_dispatch mechanism.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release-workflow-dispatch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 86-97: The CI gate's polling window is too short (currently
--retries 30 and --retry-delay-ms 10000 -> ~5 minutes); update the workflow step
named "Verify main CI succeeded" to increase the polling window by raising
either --retries (e.g., to 180) or --retry-delay-ms (e.g., to 30000) passed to
scripts/verify-main-ci.js so the verifier polls for a longer period before
failing; keep the flags (--repo, --workflow ci.yml, --branch main, --sha
"${MAIN_SHA}") unchanged and only adjust the --retries / --retry-delay-ms
values.
- Around line 47-70: The inline Node step can't see the shell-only
CURRENT_VERSION variable because it's not exported; export CURRENT_VERSION (and
ensure RELEASE_VERSION is exported) before running the heredoc Node block so
process.env.CURRENT_VERSION and process.env.RELEASE_VERSION are defined; update
the script that sets CURRENT_VERSION (the line that computes CURRENT_VERSION and
the node <<'NODE' block which uses semverPattern, parse and compare) to export
the variable to the environment (or pass it explicitly into the node process) so
the parse/compare logic sees the correct values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b5b6d56-79f9-4720-b6a1-f38a349dec03

📥 Commits

Reviewing files that changed from the base of the PR and between 6c2534b and a97e73a.

📒 Files selected for processing (9)

• .github/workflows/release.yml
• CHANGELOG.md
• RELEASING.md
• package.json
• scripts/tag-main-release.sh
• scripts/verify-main-ci.js
• src/lib/constants.ts
• vite-env.d.ts
• vite.config.ts

💤 Files with no reviewable changes (2)

• package.json
• scripts/tag-main-release.sh

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 173-175: The publish step "Publish package to npm" is missing the
NODE_AUTH_TOKEN required by the .npmrc created by actions/setup-node; update
that step (the step with name "Publish package to npm" and run: npm publish) to
set the environment variable NODE_AUTH_TOKEN from a repository secret (e.g., set
env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}) so npm publish can authenticate
successfully.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eb418c93-853f-4912-9558-ca56a9269c47

📥 Commits

Reviewing files that changed from the base of the PR and between a97e73a and 519e09f.

📒 Files selected for processing (1)

• .github/workflows/release.yml