ci: add create-tag workflow to streamline release process

[M0NsTeRRR]

Description

I added a new create-tag workflow that can only be run on the main branch and streamlines the release process. It can be triggered via the web UI, automatically detects the appropriate tag, bumps the package.json version, commit it and creates a new tag. Afterward, the Seerr release workflow is triggered automatically.

To make it work, I set up a private key in the repository settings (deploy key + secret variable) because of this GitHub limitation.

I also removed the "skip ci" check from the other workflows, as GitHub Actions already supports this feature natively (reference).

• Fixes Auto bump package.json version on release #2428

How Has This Been Tested?

Create tag workflow run : https://github.com/M0NsTeRRR/seerr/actions/runs/22122957497
Seerr release workflow run : https://github.com/M0NsTeRRR/seerr/actions/runs/22122967642

Screenshots / Logs (if applicable)

Checklist:

• I have read and followed the contribution guidelines.
• Disclosed any use of AI (see our policy)
• I have updated the documentation accordingly.
• All new and existing tests passed.
• Successful build pnpm build
• Translation keys pnpm i18n:extract
• Database migration (if required)

Summary by CodeRabbit

• Chores
  • Refined CI triggers so builds and notifications run more consistently across branches and commit messages.
• New Features
  • Added an automated version-tagging workflow to compute, commit, and push release tags to streamline releases.

[coderabbitai]

📝 Walkthrough

Walkthrough

Removes skip-ci conditions from existing CI workflow and adds a new "Create tag" GitHub Actions workflow that computes the next tag via git-cliff, updates package.json, commits the change, and creates & pushes a git tag on main branch pushes.

Changes

Cohort / File(s)	Summary
CI Workflow Update ​.github/workflows/ci.yml	Removed skip-ci commit-message checks from build and Discord notification job conditions so jobs run without relying on commit message flags.
New Release Automation ​.github/workflows/create-tag.yml	Adds "Create tag" workflow with two jobs: determine-tag-version (runs git-cliff to compute TAG_VERSION) and create-tag (uses TAG_VERSION to bump package.json, commit changes, create and push the git tag).

Sequence Diagram(s)

sequenceDiagram
    participant Repo as Repository (push to main)
    participant Actions as GitHub Actions
    participant Cliff as git-cliff
    participant Runner as Job Runner (create-tag)
    participant Git as Git remote (origin)

    Repo->>Actions: push to main (or workflow_dispatch)
    Actions->>Cliff: run git-cliff to determine TAG_VERSION
    Cliff-->>Actions: outputs TAG_VERSION
    Actions->>Runner: start create-tag job with TAG_VERSION
    Runner->>Runner: bump package.json (no git hooks, no tag)
    Runner->>Git: commit changes and push
    Runner->>Git: create and push git tag (TAG_VERSION)
    Git-->>Repo: tag and commits available on origin

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 a rabbit in the CI garden
I sniffed the commits and found a clue,
git-cliff whispered a version new,
I nudged package.json, then gave a tug,
Pushed a tag upstream — hop, release snug! 🥕✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a create-tag workflow to streamline the release process.
Linked Issues check	✅ Passed	The PR successfully implements automatic version bumping in package.json as required by issue #2428 through the new create-tag workflow.
Out of Scope Changes check	✅ Passed	All changes are directly related to the objective: the create-tag workflow implements the auto-bump feature, and the ci.yml modifications support this workflow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/create-tag.yml (2)

84-87: Consider verifying the tag doesn't already exist before creating.

If someone manually created a tag or re-runs the workflow, the tag creation will fail. Adding a pre-check improves the error message and workflow reliability.

♻️ Optional defensive check

       - name: Create git tag
         run: |
+          if git rev-parse "${TAG_VERSION}" >/dev/null 2>&1; then
+            echo "::error::Tag ${TAG_VERSION} already exists"
+            exit 1
+          fi
           git tag "${TAG_VERSION}"
           git push origin "${TAG_VERSION}"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/create-tag.yml around lines 84 - 87, Add a pre-check
before creating the git tag to verify TAG_VERSION doesn't already exist locally
or on origin; in the "Create git tag" step check for existence of ${TAG_VERSION}
(e.g., via git rev-parse or git ls-remote for origin) and only run git tag
${TAG_VERSION} / git push origin ${TAG_VERSION} when the tag is absent,
otherwise emit a clear message and fail or skip gracefully so re-runs or
manually-created tags don't cause an unhelpful error.

---

78-82: Scope git add to specific files and quote shell variables.

Using git add . could unintentionally stage files not related to the version bump. Additionally, quoting TAG_VERSION prevents potential issues with malformed version strings.

♻️ Proposed refinement

       - name: Commit updated files
         run: |
-          git add .
+          git add package.json
           git commit -m 'chore: prepare for release'
           git push
 
       - name: Create git tag
         run: |
-          git tag ${TAG_VERSION}
-          git push origin ${TAG_VERSION}
+          git tag "${TAG_VERSION}"
+          git push origin "${TAG_VERSION}"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/create-tag.yml around lines 78 - 82, Replace the unscoped
staging and unquoted variable usage: avoid using "git add ." and instead
explicitly add only the files changed by the release (e.g., the version file(s)
your workflow updates such as package.json, package-lock.json, CHANGELOG.md or
VERSION) by replacing "git add ." with "git add <specific-file(s)>"; also quote
the TAG_VERSION variable wherever it is used (use "$TAG_VERSION") in commands
like git commit messages or git push refs to guard against spaces or special
characters. Ensure the commit command remains explicit (e.g., git commit -m
"chore: prepare for release $TAG_VERSION") and any push or tag creation uses
"$TAG_VERSION".

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/create-tag.yml:
- Around line 36-41: The "Get tag version" step captures git-cliff output into
the variable tag_version but does not validate it; add a check after computing
tag_version in that step to ensure it is non-empty and exit with a clear error
if empty (so the workflow stops before calling npm version). Specifically, in
the step that sets tag_version (the step with id git-cliff and variable
tag_version), test tag_version and if it's empty print a descriptive message to
the job log and exit non‑zero (and avoid writing an empty tag_version to
GITHUB_OUTPUT); this prevents subsequent steps (like the npm version invocation)
from running with an empty TAG_VERSION.

---

Nitpick comments:
In @.github/workflows/create-tag.yml:
- Around line 84-87: Add a pre-check before creating the git tag to verify
TAG_VERSION doesn't already exist locally or on origin; in the "Create git tag"
step check for existence of ${TAG_VERSION} (e.g., via git rev-parse or git
ls-remote for origin) and only run git tag ${TAG_VERSION} / git push origin
${TAG_VERSION} when the tag is absent, otherwise emit a clear message and fail
or skip gracefully so re-runs or manually-created tags don't cause an unhelpful
error.
- Around line 78-82: Replace the unscoped staging and unquoted variable usage:
avoid using "git add ." and instead explicitly add only the files changed by the
release (e.g., the version file(s) your workflow updates such as package.json,
package-lock.json, CHANGELOG.md or VERSION) by replacing "git add ." with "git
add <specific-file(s)>"; also quote the TAG_VERSION variable wherever it is used
(use "$TAG_VERSION") in commands like git commit messages or git push refs to
guard against spaces or special characters. Ensure the commit command remains
explicit (e.g., git commit -m "chore: prepare for release $TAG_VERSION") and any
push or tag creation uses "$TAG_VERSION".

[sudo-kraken]

Looks good to me. Will be a good addition to our workflows.

[fallenbagel]

Accidentally pressed copilot again. Lgtm!

[Copilot]

Pull request overview

This PR adds automation for the release process by introducing a new create-tag workflow that runs on the main branch. The workflow automatically determines the next version using git-cliff, updates package.json, commits the change, and creates a tag that triggers the existing release workflow. Additionally, manual [skip ci] checks have been removed from CI workflows since GitHub Actions now natively supports this feature.

Changes:

• Added new create-tag.yml workflow that automates version bumping and tag creation
• Removed redundant manual [skip ci] checks from CI workflows (now handled natively by GitHub)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
.github/workflows/create-tag.yml	New workflow to automate release tagging process using git-cliff for version detection, npm for package.json updates, and git commands for committing and tagging
.github/workflows/ci.yml	Removed manual [skip ci] condition checks as GitHub Actions now supports this natively

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[fallenbagel]

There are two reviews by copilot that I believe might be worth checking out

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/create-tag.yml:
- Around line 36-41: The step that runs git-cliff (step name "Get tag version",
id "git-cliff") can produce an empty tag_version which is then exported; update
the step to validate tag_version after running git-cliff and before writing to
GITHUB_OUTPUT by checking if tag_version is non-empty, logging an error and
exiting non-zero (or setting a safe default) when it is empty, and only echoing
"tag_version=${tag_version}" to "$GITHUB_OUTPUT" when the value is present.