fix: use force-tag-creation instead of manual tag creation hack

[Aureliolo]

Summary

• Add "force-tag-creation": true to Release Please config — RP creates the git tag atomically with the draft release
• Remove the 45-line manual "Create git tag for draft release" bash step from release.yml
• Update CLAUDE.md to reflect the simplified pipeline

Problem

Every release triggered a bogus "release 0.2.0" PR from Release Please. Root cause: we created tags manually via the GitHub API (bypassing RP), so RP couldn't track its own releases and fell back to computing versions from scratch.

Solution

Release Please has a built-in force-tag-creation option specifically for draft: true setups. It creates the tag using the same PAT token, which also triggers downstream workflows. This is the official solution documented in the Release Please repo.

Test plan

• After merge, next release PR merges cleanly without bogus 0.2.0 PR appearing
• Tag is created by Release Please (check tag creator in GitHub)
• Docker + CLI workflows trigger from the tag push
• finalize-release publishes the draft after both succeed

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where Release Please was generating bogus "release 0.2.0" PRs due to manual git tag creation bypassing its internal tracking. The solution involves configuring Release Please to create tags atomically with draft releases using its built-in "force-tag-creation" option, thereby simplifying the release workflow and ensuring proper version tracking.

Highlights

• Release Please Configuration: Enabled "force-tag-creation" in the Release Please configuration to allow Release Please to handle tag creation directly.
• Release Workflow Simplification: Eliminated the manual 45-line bash script previously used for creating git tags in release.yml, streamlining the release pipeline.
• Documentation Update: Updated CLAUDE.md to reflect the changes in the release process, specifically mentioning the use of force-tag-creation.

Changelog

• .github/release-please-config.json
  • Added the "force-tag-creation" property and set it to true.
• CLAUDE.md
  • Updated the description of the release workflow to mention "force-tag-creation: true" and the simplified process.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/release.yml

Activity

• No specific activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c46afb31-11e4-4400-9d12-386acb07457c

📥 Commits

Reviewing files that changed from the base of the PR and between feed9c6 and f53d8b0.

📒 Files selected for processing (1)

• CLAUDE.md

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (python)

🧰 Additional context used

🧠 Learnings (6)

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Applies to .github/workflows/docker.yml : CI Docker: build → scan → push to GHCR + cosign sign + SLSA L3 provenance via attest-build-provenance (images only pushed after Trivy/Grype scans pass).

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Applies to .github/workflows/**/*.yml : Path filtering: dorny/paths-filter detects Python/dashboard/docker changes; jobs only run when their domain is affected. CLI has its own workflow (cli.yml).

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Pre-commit hooks: trailing-whitespace, end-of-file-fixer, check-yaml, check-toml, check-json, check-merge-conflict, check-added-large-files, no-commit-to-branch (main), ruff check+format, gitleaks, hadolint (Dockerfile linting).

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T19:03:01.705Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T19:03:01.705Z
Learning: Pre-commit hooks run: trailing-whitespace, end-of-file-fixer, check-yaml, check-toml, check-json, check-merge-conflict, check-added-large-files, no-commit-to-branch (main), ruff check+format, gitleaks, hadolint.

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Dependabot: auto-updates Docker image digests and versions daily.

Applied to files:

• CLAUDE.md

📚 Learning: 2026-03-15T11:48:14.867Z

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T11:48:14.867Z
Learning: Pre-push hooks: mypy type-check + pytest unit tests + golangci-lint + go vet + go test (CLI, conditional on cli/**/*.go) (fast gate before push, skipped in pre-commit.ci — dedicated CI jobs already run these).

Applied to files:

• CLAUDE.md

🪛 LanguageTool

CLAUDE.md

[uncategorized] ~277-~277: The official name of this software platform is spelled with a capital “H”.
Context: ...kflows (GITHUB_TOKEN cannot). Config in .github/release-please-config.json (`"draft": ...

(GITHUB)

---

[uncategorized] ~277-~277: The official name of this software platform is spelled with a capital “H”.
Context: ...rue, "force-tag-creation": true) and .github/.release-please-manifest.json`. After c...

(GITHUB)

🔇 Additional comments (1)

CLAUDE.md (1)

277-278: LGTM! Documentation accurately reflects the new Release Please configuration.

The Release workflow description correctly documents the delegation of tag creation to Release Please via force-tag-creation: true, eliminating the manual tag creation step. The explanation clearly outlines the flow: merge release PR → Release Please creates tag → draft release created → downstream workflows triggered by tag push → finalize-release publishes the draft.

The mention of RELEASE_PLEASE_TOKEN for triggering downstream workflows and the configuration file references are accurate and helpful.

Note: The static analysis hint about capitalizing .github/ is a false positive—these are actual file paths which conventionally use lowercase.

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Release automation updated to rely on the release tool's forced tag creation, removing manual tag creation steps from CI.
  • Release documentation updated to reflect the new forced tagging configuration and adjusted release instructions.

Walkthrough

Delegates tag creation to Release Please by enabling force-tag-creation in the repo config and removing the manual git-tag creation steps from the release workflow; documentation updated to reflect the new configuration.

Changes

Cohort / File(s)	Summary
Release configuration \.github/release-please-config.json	Added "force-tag-creation": true to enable Release Please to create tags forcibly.
Release workflow \.github/workflows/release.yml	Removed manual API-based git tag creation steps and comments indicate tag pushes are now handled by Release Please using RELEASE_PLEASE_TOKEN.
Documentation CLAUDE.md	Updated release instructions and manifest notes to reference force-tag-creation: true and the adjusted tagging flow.

Sequence Diagram(s)

sequenceDiagram
    participant Actions as GitHub Actions (release.yml)
    participant RP as Release Please
    participant GitHub as GitHub API / Repo
    participant Downstream as Downstream Workflows

    Actions->>RP: trigger release process
    RP->>GitHub: create tag (force-tag-creation, push using token)
    GitHub-->>RP: 201 / success
    GitHub->>Downstream: push event (tag created)
    Downstream-->>Actions: downstream workflows run

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix: create git tag explicitly for draft releases #432: Alters tag-creation logic in the release workflow; directly related as it also touches manual vs. automated tag creation.
• fix: use draft releases to support immutable release policy #429: Adjusts Release Please configuration and release workflow behavior around tagging (strongly related to config change).
• Aureliolo/synthorg#XXX: (placeholder for another closely related PR touching release/tag workflow)

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: replacing manual tag creation with Release Please's force-tag-creation option, which is the core problem being solved.
Description check	✅ Passed	The description is directly related to the changeset, providing clear context about the problem (bogus release PRs), the solution (force-tag-creation), and a test plan for verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/release-please-force-tag

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix/release-please-force-tag

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request simplifies the release process by leveraging the force-tag-creation option in Release Please, removing the need for a manual tag creation hack. This is a great improvement that makes the release pipeline more robust and aligned with the tool's best practices. The configuration change is correct, and the documentation in CLAUDE.md has been updated accordingly. I've added one minor suggestion to improve the wording in the documentation for better clarity.

[gemini-code-assist]

For improved readability and to avoid redundancy, consider rephrasing this part of the sentence. The force-tag-creation: true setting is already mentioned in the configuration details at the end of the line. Using 'and a' instead of '+' is also clearer and more formal for documentation.

Suggested change

- **Release**: `.github/workflows/release.yml` — Release Please (Google) auto-creates a release PR on every push to main. Merging the release PR creates a git tag (`vX.Y.Z`) via `force-tag-creation: true` + **draft** GitHub Release with changelog. Tag push triggers Docker and CLI workflows to attach assets to the draft. Uses `RELEASE_PLEASE_TOKEN` secret (PAT/GitHub App token) so tag creation triggers downstream workflows (GITHUB_TOKEN cannot). Config in `.github/release-please-config.json` (`"draft": true`, `"force-tag-creation": true`) and `.github/.release-please-manifest.json`. After creating/updating a release PR, auto-updates the BSL Change Date in LICENSE to 3 years ahead.

- **Release**: `.github/workflows/release.yml` — Release Please (Google) auto-creates a release PR on every push to main. Merging the release PR creates a git tag (`vX.Y.Z`) and a **draft** GitHub Release with changelog. Tag push triggers Docker and CLI workflows to attach assets to the draft. Uses `RELEASE_PLEASE_TOKEN` secret (PAT/GitHub App token) so tag creation triggers downstream workflows (GITHUB_TOKEN cannot). Config in `.github/release-please-config.json` (`"draft": true`, `"force-tag-creation": true`) and `.github/.release-please-manifest.json`. After creating/updating a release PR, auto-updates the BSL Change Date in LICENSE to 3 years ahead.

[Aureliolo]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.