add version bump workflow.

[eeisegn]

Summary by CodeRabbit

• Chores
  • Added an automated "Version Bump" workflow to manage release tags with configurable bump type (major/minor/patch/none), a dry-run mode that prints the proposed tag, and an option to apply the tag only when explicitly triggered.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e8adaea1-9372-4e58-a8bd-a79b44ac3b91

📥 Commits

Reviewing files that changed from the base of the PR and between e54d64c and f658731.

📒 Files selected for processing (1)

• .github/workflows/version-bump.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/version-bump.yml

---

📝 Walkthrough

Walkthrough

Adds a new GitHub Actions workflow .github/workflows/version-bump.yml that computes a semantic version tag in dry-run mode and optionally applies the tag when manually triggered with run_for_real=true.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/version-bump.yml	Adds a Version Bump workflow with workflow_dispatch inputs run_for_real and default_bump. Checks out the repo, runs anothrNick/github-tag-action@v1 in dry-run to propose a tag, prints the result, and conditionally performs the actual tag push when run_for_real is true using secrets.SC_GH_TAG_TOKEN.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant GitHub as GitHub Actions Runner
    participant Repo as Repository
    participant TagAction as github-tag-action

    User->>GitHub: workflow_dispatch (run_for_real, default_bump)
    GitHub->>Repo: checkout (fetch-depth: 0)
    GitHub->>TagAction: run (DRY_RUN=true, DEFAULT_BUMP)
    TagAction->>GitHub: proposed_tag, proposed_increment
    GitHub->>User: print proposed_tag
    alt run_for_real == true
        GitHub->>TagAction: run (DRY_RUN=false, WITH_V=true)
        TagAction->>Repo: create & push tag (uses SC_GH_TAG_TOKEN)
        TagAction->>GitHub: success/failure
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 I nibbled code beneath the moonlight bright,
Dry-run whispers told me which tag's right,
A final hop when someone says "go",
I push the tag and dance in snow.
Pipelines hum — a rabbit's delight.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'add version bump workflow' directly and specifically describes the main change: introducing a new GitHub Actions workflow for automated version bumping.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch add-version-bump-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 3
• Undeclared components: 0
• Declared components: 3
• Detected files: 190
• Detected files undeclared: 0
• Detected files declared: 190
• Licenses detected: 2
• Licenses detected with copyleft: 1
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/version-bump.yml (1)

42-49: Apply step logic is correct; consider adding branch protection.

The conditional execution and tag configuration are properly set up. However, the workflow can be triggered from any branch, which could accidentally create release tags from non-main branches.

💡 Optional: Restrict to main branch

If you want to prevent accidental tagging from feature branches, you could add a condition:

       - name: Run Tagging
-        if: ${{ inputs.run_for_real }}
+        if: ${{ inputs.run_for_real && github.ref == 'refs/heads/main' }}
         id: taggerApply

Or add an early job-level check:

jobs:
  Tagging:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/version-bump.yml around lines 42 - 49, The Run Tagging
step (id: taggerApply) currently runs when inputs.run_for_real is true but can
be triggered from any branch; update its conditional to also require the main
branch (e.g., combine if: ${{ inputs.run_for_real }} with a check for github.ref
== 'refs/heads/main') or add a job-level if on the Tagging job to only run when
github.ref == 'refs/heads/main' so that the anothrNick/github-tag-action@v1
tagging action (env: GITHUB_TOKEN, DEFAULT_BUMP, WITH_V) cannot create release
tags from non-main branches.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/version-bump.yml:
- Around line 25-29: The checkout step is passing SC_GH_TAG_TOKEN via env
instead of the input expected by actions/checkout (uses: actions/checkout@v4);
update the checkout step to remove the env: GITHUB_TOKEN entry and pass the
secret as the action input with: token: ${{ secrets.SC_GH_TAG_TOKEN }} (keep
fetch-depth: '0' under with) so the checkout uses the correct token.

---

Nitpick comments:
In @.github/workflows/version-bump.yml:
- Around line 42-49: The Run Tagging step (id: taggerApply) currently runs when
inputs.run_for_real is true but can be triggered from any branch; update its
conditional to also require the main branch (e.g., combine if: ${{
inputs.run_for_real }} with a check for github.ref == 'refs/heads/main') or add
a job-level if on the Tagging job to only run when github.ref ==
'refs/heads/main' so that the anothrNick/github-tag-action@v1 tagging action
(env: GITHUB_TOKEN, DEFAULT_BUMP, WITH_V) cannot create release tags from
non-main branches.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1b4780b5-d360-4376-ad4c-ba934d29bd4e

📥 Commits

Reviewing files that changed from the base of the PR and between 3ee9dbd and e54d64c.

📒 Files selected for processing (1)

• .github/workflows/version-bump.yml

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 3
• Undeclared components: 0
• Declared components: 3
• Detected files: 190
• Detected files undeclared: 0
• Detected files declared: 190
• Licenses detected: 2
• Licenses detected with copyleft: 1
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary