ci: add Release Please for automated versioning and GitHub Releases

[Aureliolo]

Summary

• Add Release Please (Google) workflow for fully automated versioning and GitHub Releases
• On every push to main, Release Please creates/updates a release PR with changelog from conventional commits
• Merging the release PR creates a git tag (vX.Y.Z) + GitHub Release, which triggers the Docker workflow to build version-tagged images
• Version bump type is inferred automatically: feat: = minor, fix: = patch, feat!: / BREAKING CHANGE = major
• Commitizen kept locally for commit-msg validation only — version bumping is now Release Please's job

Files added/changed

File	Purpose
.github/workflows/release.yml	Release Please workflow (SHA-pinned v4.4.0)
.github/release-please-config.json	Python release type, changelog sections, commitizen version sync
.github/.release-please-manifest.json	Tracks current version (0.1.0)
pyproject.toml	Added x-release-please-version marker to commitizen section
CLAUDE.md	Documented release pipeline in CI section

Release flow

1. PRs merge to main as usual
2. Release Please auto-creates/updates a release PR with accumulated changelog
3. Merge the release PR when ready to release
4. Tag created → GitHub Release → Docker workflow builds version-tagged images

Test plan

• CI passes (lint, type-check, tests)
• Release Please workflow runs on push to main (creates release PR)
• Changelog sections map correctly to conventional commit types
• x-release-please-version marker in pyproject.toml is picked up
• Merging release PR creates tag + GitHub Release (verify after first real release)

Review coverage

• Auto-skipped agent review (no substantive code changes — CI workflow + config only)
• Pre-commit hooks passed (check-yaml, check-toml, check-json, gitleaks, commitizen)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/googleapis/release-please-action	16a9c90856f42705d54a6fda1823352bdc62cf38	Unknown	Unknown

Scanned Files

• .github/workflows/release.yml

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a26a5119-a151-4261-ab43-f65cb48009f5

📥 Commits

Reviewing files that changed from the base of the PR and between da3875f and fa20f85.

📒 Files selected for processing (5)

• .github/release-please-config.json
• .github/workflows/release.yml
• CLAUDE.md
• pyproject.toml
• src/ai_company/__init__.py

---

📝 Walkthrough

Summary by CodeRabbit

• Chores

  • Added automated release management: version bumping, changelog generation, release PR creation, and GitHub Releases on merges to main via a new release workflow.

• Documentation

  • Updated deployment/CI docs describing the new release flow and required configuration/secrets.

Walkthrough

Adds GitHub release-please automation: a manifest and release-please config for the root Python package, a GitHub Actions workflow to run release-please on pushes to main, and small project metadata/comments updated for release-please markers; documentation updated to describe the flow. (50 words)

Changes

Cohort / File(s)	Summary
Release automation config ​.github/.release-please-manifest.json, ​.github/release-please-config.json, ​.github/workflows/release.yml	New release-please manifest, release configuration for the root Python package (changelog mapping, bump rules, extra-file entries), and a GitHub Actions workflow to invoke release-please on pushes to main using a release token.
Project metadata & docs CLAUDE.md, pyproject.toml, src/ai_company/__init__.py	Documentation describing the Release Please flow added/updated; pyproject and package init annotated with x-release-please-version markers and a Commitizen setting removed.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub (push)
    participant Action as GitHub Actions (Release workflow)
    participant RP as release-please action
    participant Repo as Repository (creates PR & tags)
    participant Downstream as Downstream workflows

    Dev->>GH: Push to main
    GH->>Action: Trigger Release workflow
    Action->>RP: Run release-please with config & manifest
    RP->>Repo: Open Release PR (changelog + version bump)
    Dev->>Repo: Merge Release PR
    Repo->>Repo: Create git tag vX.Y.Z and GitHub Release
    Repo->>Downstream: Tag push triggers downstream workflows (e.g., Docker build)

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ci: add Release Please for automated versioning and GitHub Releases #278 — Introduces the same release-please manifest, config, workflow, and x-release-please markers in project metadata.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding Release Please for automated versioning and GitHub Releases, which aligns with all the configuration files and workflow changes in the changeset.
Description check	✅ Passed	The description is directly related to the changeset, providing detailed context on Release Please setup, affected files, the release flow, and test plan coverage for the CI automation changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci/release-please

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch ci/release-please

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's continuous integration and delivery pipeline by introducing an automated release management system. By integrating Google's Release Please, the project now benefits from streamlined versioning, automatic changelog generation, and consistent GitHub Releases, which in turn trigger subsequent build processes like Docker image creation. This change aims to reduce manual overhead and ensure a more reliable and predictable release cycle.

Highlights

• Automated Versioning and Releases: Integrated Release Please for fully automated versioning and GitHub Releases, streamlining the release process.
• Release Pull Request Workflow: On every push to the main branch, Release Please now creates or updates a release pull request, generating a changelog from conventional commits.
• Automated Tagging and Docker Builds: Merging the release pull request automatically creates a git tag (vX.Y.Z) and a GitHub Release, which then triggers the Docker workflow to build version-tagged images.
• Version Bump Inference: The type of version bump (major, minor, patch) is automatically inferred from conventional commit messages (e.g., 'feat:' for minor, 'fix:' for patch, 'feat!:' or 'BREAKING CHANGE' for major).
• Commitizen Role Update: Commitizen is now retained locally for commit-message validation only, with version bumping responsibilities transferred to Release Please.

Changelog

• .github/.release-please-manifest.json
  • Initialized the manifest with the current project version "0.1.0".
• .github/release-please-config.json
  • Configured Release Please for Python projects, defining the package name and release type.
  • Mapped conventional commit types to specific changelog sections (e.g., Features, Bug Fixes, Maintenance).
  • Specified pyproject.toml as an extra file for Release Please to manage.
• CLAUDE.md
  • Added documentation detailing the new automated release pipeline within the CI section.
• pyproject.toml
  • Annotated the version field with an x-release-please-version comment, marking it for management by Release Please.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/release.yml

Activity

• CI passed for linting, type-checking, and tests.
• Pre-commit hooks (check-yaml, check-toml, check-json, gitleaks, commitizen) passed successfully.
• Agent review was auto-skipped as changes were limited to CI workflow and configuration files.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces Release Please for automated versioning and release management, which is a great step for automating the release process. The configuration files for Release Please have been added and the project documentation updated accordingly.

However, there is a critical issue: the GitHub workflow file .github/workflows/release.yml, which contains the core logic for this change, is mentioned in both the pull request description and CLAUDE.md but is not included in the changes. Without this file, it's impossible to fully review the implementation. Please add the missing workflow file to the pull request.

I have also included a couple of suggestions on the provided configuration files to improve robustness and clarity.

_{Note: Security Review has been skipped due to the limited scope of the PR.}

[gemini-code-assist]

While using the generic updater with the x-release-please-version comment is a valid feature, it can be brittle. Since it's a line-based updater, it is sensitive to formatting changes in pyproject.toml. For better robustness, I recommend using the toml updater type, which targets the version field structurally using a jsonpath. This makes the configuration more resilient to future file modifications.

      "extra-files": [
        {
          "type": "toml",
          "path": "pyproject.toml",
          "jsonpath": "$.tool.commitizen.version"
        }
      ]

[gemini-code-assist]

With release-please now managing versioning and tagging, some keys in the [tool.commitizen] section have become redundant. Specifically, version_files (line 198) and tag_format (line 199) are for the cz bump command, which is no longer the primary versioning mechanism. Removing these keys would improve configuration clarity and make it explicit that commitizen is only used for validating commit messages.

[greptile-apps]

Greptile Summary

This PR introduces a Release Please workflow for fully automated versioning and GitHub Releases, replacing Commitizen's bump-on-demand model. On every push to main, Release Please creates or updates a release PR that accumulates a changelog from conventional commits; merging that PR creates a vX.Y.Z tag and GitHub Release, which in turn triggers the existing Docker workflow to build version-tagged images.

Key design decisions are sound:

• The GitHub Action is SHA-pinned (16a9c90856f42705d54a6fda1823352bdc62cf38 = v4.4.0) — good supply-chain hygiene.
• Top-level permissions: {} with explicit job-level contents: write + pull-requests: write follows least-privilege.
• RELEASE_PLEASE_TOKEN (PAT/App token) is correctly used instead of GITHUB_TOKEN so the tag push fires the Docker workflow.
• Both pyproject.toml and src/ai_company/__init__.py are registered in extra-files with x-release-please-version markers, keeping the [tool.hatch.version] source, ai_company.__version__, and [tool.commitizen].version (read by docker.yml) all in sync after every release.
• Removing version_files from the commitizen config is intentional — commitizen is now validation-only.

Changes:

• .github/workflows/release.yml — new Release Please workflow (SHA-pinned, scoped permissions)
• .github/release-please-config.json — Python release type, changelog sections, extra-files for both version-bearing files
• .github/.release-please-manifest.json — initialises root package at 0.1.0
• pyproject.toml — adds x-release-please-version marker to commitizen version, removes now-redundant version_files
• src/ai_company/__init__.py — adds x-release-please-version inline comment
• CLAUDE.md — documents the full release pipeline

Confidence Score: 4/5

• Safe to merge — CI/config-only change with no runtime code impact; minor open question on changelog verbosity (tracked in a prior thread).
• The implementation is correct and well-structured: action SHA-pinned, permissions properly scoped, both version files covered by extra-files with the right markers, and the trigger chain (tag → Docker) will work as intended. One point is held back because the changelog-section verbosity issue from the previous review thread remains unresolved (ci/test/docs/chore sections still appear without "hidden": true), which will produce noisy GitHub Release notes going forward.
• .github/release-please-config.json — the changelog-sections configuration (noted in a prior review thread) is the only outstanding concern.

Important Files Changed

Filename	Overview
.github/workflows/release.yml	New Release Please workflow; action SHA-pinned to v4.4.0, top-level permissions deny-all with job-level least-privilege scoping, correctly uses RELEASE_PLEASE_TOKEN so downstream tag-triggered workflows fire.
.github/release-please-config.json	Python release type with extra-files covering both pyproject.toml and init.py via x-release-please-version markers; pre-major bump settings are conservative and intentional. Changelog sections (ci, test, docs, chore) remain visible without "hidden": true — noted in a previous review thread.
pyproject.toml	Adds x-release-please-version marker to commitizen version field; removes version_files (intentional, commitizen now validation-only); docker.yml reads tool.commitizen.version which Release Please will keep updated.
src/ai_company/init.py	Adds x-release-please-version marker so Release Please's generic updater keeps version in sync; hatch reads this file as the authoritative package version source.

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub (main)
    participant RP as Release Please Action
    participant GHPR as Release PR
    participant Tag as Git Tag (vX.Y.Z)
    participant Docker as Docker Workflow

    Dev->>GH: Push conventional commits to main
    GH->>RP: Trigger release.yml (on: push to main)
    RP->>RP: Parse commits since last release
    RP->>GHPR: Create/update release PR<br/>(bumps pyproject.toml, __init__.py,<br/>manifest, CHANGELOG)

    Dev->>GHPR: Merge release PR when ready
    GHPR->>GH: Push to main
    GH->>RP: Trigger release.yml again
    RP->>Tag: Create vX.Y.Z tag + GitHub Release
    Tag->>Docker: Trigger docker.yml (on: push tags v*)
    Docker->>Docker: Read version from tool.commitizen.version<br/>in pyproject.toml
    Docker->>Docker: Build, scan (Trivy + Grype), sign with cosign
    Docker->>Docker: Push version-tagged images to GHCR

Loading

_{Last reviewed commit: fa20f85}

[greptile-apps]

Noisy changelog from non-user-facing commit types

ci, test, docs, and chore types are listed without "hidden": true, which means every ci:, test:, docs:, and chore: commit will appear as its own section in every GitHub Release changelog. These commit types don't trigger a version bump on their own, but they will accumulate into the changelog alongside feat and fix entries, making it harder to identify user-facing changes at a glance.

The Release Please convention is to mark low-signal types as hidden:

Suggested change

	"changelog-sections": [
	{ "type": "feat", "section": "Features" },
	{ "type": "fix", "section": "Bug Fixes" },
	{ "type": "perf", "section": "Performance" },
	{ "type": "refactor", "section": "Refactoring" },
	{ "type": "docs", "section": "Documentation" },
	{ "type": "test", "section": "Tests" },
	{ "type": "ci", "section": "CI/CD" },
	{ "type": "chore", "section": "Maintenance" }
	],
	"changelog-sections": [
	{ "type": "feat", "section": "Features" },
	{ "type": "fix", "section": "Bug Fixes" },
	{ "type": "perf", "section": "Performance" },
	{ "type": "refactor", "section": "Refactoring", "hidden": true },
	{ "type": "docs", "section": "Documentation", "hidden": true },
	{ "type": "test", "section": "Tests", "hidden": true },
	{ "type": "ci", "section": "CI/CD", "hidden": true },
	{ "type": "chore", "section": "Maintenance", "hidden": true }
	],

Prompt To Fix With AI

This is a comment left during a code review.
Path: .github/release-please-config.json
Line: 9-18

Comment:
**Noisy changelog from non-user-facing commit types**

`ci`, `test`, `docs`, and `chore` types are listed without `"hidden": true`, which means every `ci:`, `test:`, `docs:`, and `chore:` commit will appear as its own section in every GitHub Release changelog. These commit types don't trigger a version bump on their own, but they will accumulate into the changelog alongside `feat` and `fix` entries, making it harder to identify user-facing changes at a glance.

The Release Please convention is to mark low-signal types as hidden:

```suggestion
      "changelog-sections": [
        { "type": "feat", "section": "Features" },
        { "type": "fix", "section": "Bug Fixes" },
        { "type": "perf", "section": "Performance" },
        { "type": "refactor", "section": "Refactoring", "hidden": true },
        { "type": "docs", "section": "Documentation", "hidden": true },
        { "type": "test", "section": "Tests", "hidden": true },
        { "type": "ci", "section": "CI/CD", "hidden": true },
        { "type": "chore", "section": "Maintenance", "hidden": true }
      ],
```

How can I resolve this? If you propose a fix, please make it concise.

[Copilot]

Pull request overview

Adds Release Please automation to manage semantic version bumps, release PRs, tags, and GitHub Releases, integrating with the existing Docker workflow’s tag-based image publishing.

Changes:

• Added a Release Please GitHub Actions workflow pinned to a specific action SHA.
• Introduced Release Please config + manifest files to control release type and version tracking.
• Annotated pyproject.toml to allow Release Please to update the commitizen version field; documented the release flow in CLAUDE.md.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/release.yml	New workflow to run Release Please on pushes to main.
.github/release-please-config.json	Configures python release type, changelog sections, and extra file updates.
.github/.release-please-manifest.json	Tracks the current released version for Release Please.
pyproject.toml	Adds x-release-please-version marker to enable automated version updates in TOML.
CLAUDE.md	Documents the new release pipeline behavior in CI docs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The project’s published package version is configured via Hatch ([tool.hatch.version] path = "src/ai_company/__init__.py"), but Release Please is currently set up to update only tool.commitizen.version in pyproject.toml. If Release Please doesn’t also bump src/ai_company/__init__.py::__version__, the built package and runtime-reported version will drift from the Git tag / Docker tag. Consider configuring Release Please to update the Hatch version file as well (e.g., add src/ai_company/__init__.py as an extra-file/version file), or switch the Docker/version source of truth to the Hatch file and have Release Please update that.

Suggested change

	version = "0.1.0" # x-release-please-version
	version = "0.1.0"

[Copilot]

extra-files currently includes only pyproject.toml, but this repo’s actual package version is driven by Hatch from src/ai_company/__init__.py ([tool.hatch.version].path). If Release Please doesn’t update that file too, releases will produce tags/GitHub releases without updating the installed package/runtime __version__. Consider adding src/ai_company/__init__.py to the files Release Please bumps (via extra-files or the appropriate python version-file configuration) so the tag, Docker tags, and package version stay consistent.

Suggested change

	"path": "pyproject.toml"
	"path": "pyproject.toml"
	},
	{
	"type": "python",
	"path": "src/ai_company/__init__.py"

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/release-please-config.json:
- Around line 19-24: Release Please won't update the package version in your
Hatch-configured source file, so add the actual Hatch version source file to the
extra-files list in .github/release-please-config.json: include a generic entry
with "type": "generic" and "path": "src/ai_company/__init__.py" (the file that
contains the dynamic version at line 33) so the releaser updates both
pyproject.toml and the package __init__.py version string during releases.

In @.github/workflows/release.yml:
- Around line 17-20: The release workflow is using
googleapis/release-please-action which defaults to GITHUB_TOKEN (won't trigger
downstream workflows); update the action invocation to pass a non-default token
by adding a "token: ${{ secrets.RELEASE_PLEASE_TOKEN }}" entry under the "with:"
block (alongside config-file and manifest-file), ensure a repository secret
named RELEASE_PLEASE_TOKEN exists containing a PAT or GitHub App token with repo
permissions, and verify the downstream Docker workflow is configured to run on
release/tag events so the PAT can trigger it.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9490e521-f80d-49e3-adeb-a2cc5207d299

📥 Commits

Reviewing files that changed from the base of the PR and between aba48af and da3875f.

📒 Files selected for processing (5)

• .github/.release-please-manifest.json
• .github/release-please-config.json
• .github/workflows/release.yml
• CLAUDE.md
• pyproject.toml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Agent
• GitHub Check: Greptile Review

🧰 Additional context used

📓 Path-based instructions (1)

pyproject.toml

📄 CodeRabbit inference engine (CLAUDE.md)

pyproject.toml: Use asyncio_mode = 'auto' for async tests — no manual @pytest.mark.asyncio needed
Test timeout: 30 seconds per test
All versions in pyproject.toml must be pinned with == (not ranges or loose constraints)
Dependency groups: test (pytest + plugins), dev (includes test + ruff, mypy, pre-commit, commitizen)

Files:

• pyproject.toml

🧠 Learnings (5)

📓 Common learnings

Learnt from: CR
Repo: Aureliolo/ai-company PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-10T21:27:30.981Z
Learning: Use `/aurelio-review-pr` to handle external reviewer feedback after PR exists

📚 Learning: 2026-03-10T21:27:30.981Z

Learnt from: CR
Repo: Aureliolo/ai-company PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-10T21:27:30.981Z
Learning: Docker image scans: Trivy (CRITICAL = hard fail, HIGH = warn-only) + Grype (critical cutoff). CVE triage via `.trivyignore.yaml` and `.grype.yaml`. Images only pushed after scans pass.

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-10T21:27:30.980Z

Learnt from: CR
Repo: Aureliolo/ai-company PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-10T21:27:30.980Z
Learning: Pre-commit hooks enforce: trailing-whitespace, end-of-file-fixer, check-yaml, check-toml, check-json, check-merge-conflict, check-added-large-files, no-commit-to-branch (main), ruff check+format, gitleaks

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-10T21:27:30.981Z

Learnt from: CR
Repo: Aureliolo/ai-company PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-10T21:27:30.981Z
Learning: CI Docker build tags with version from `pyproject.toml` (`[tool.commitizen].version`), semver, and SHA

Applied to files:

• pyproject.toml

📚 Learning: 2026-03-10T21:27:30.980Z

Learnt from: CR
Repo: Aureliolo/ai-company PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-10T21:27:30.980Z
Learning: Git commits must use format `<type>: <description>` with types: feat, fix, refactor, docs, test, chore, perf, ci — enforced by commitizen

Applied to files:

• pyproject.toml

🪛 LanguageTool

CLAUDE.md

[uncategorized] ~168-~168: The official name of this software platform is spelled with a capital “H”.
Context: ... build version-tagged images. Config in .github/release-please-config.json and `.githu...

(GITHUB)

---

[uncategorized] ~168-~168: The official name of this software platform is spelled with a capital “H”.
Context: ....github/release-please-config.jsonand.github/.release-please-manifest.json`. ## Dep...

(GITHUB)