fix(release): harden release-please diagnostics

[yacosta738]

This pull request introduces improvements to the release automation workflow and documentation, emphasizing stricter governance and reliability. The main changes ensure that release automation changes follow a pull request process, enhance workflow diagnostics reliability, and update related tests and documentation in both English and Spanish.

Governance and process improvements:

• Added governance rules to both English and Spanish release documentation (clients/web/apps/docs/src/content/docs/guides/release.md, clients/web/apps/docs/src/content/docs/es/guides/release.md) requiring that changes to release automation must go through a pull request, reserving direct pushes to main for emergencies only, and outlining the procedure for fixing broken release infrastructure. [1] [2]
• Updated the release workflow documentation to reinforce the governance note about making changes via pull requests and restricting direct pushes. (.github/workflows/README.md)

Workflow reliability:

• Modified the release-please.yml workflow to explicitly check out repository metadata before summarizing the workflow outcome, preventing diagnostics from failing due to missing manifest files. (.github/workflows/release-please.yml)

Test updates:

• Updated release contract tests to check for the new "Checkout release metadata" step and the presence of the governance rule in both English and Spanish documentation. (scripts/release-contract.test.mjs) [1] [2]

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: d57f9b2a-e252-4f97-a940-7ac00407e9a9

📥 Commits

Reviewing files that changed from the base of the PR and between 1eb0390 and 4bcb1be.

📒 Files selected for processing (1)

• scripts/release-contract.test.mjs

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: sonar
• GitHub Check: pr-checks
• GitHub Check: submit-gradle
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (1)

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• scripts/release-contract.test.mjs

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Follow `.github/pull_request_template.md` and keep PR descriptions concrete with problem, change, non-goals, risk, and rollback information

🔇 Additional comments (2)

scripts/release-contract.test.mjs (2)

74-74: LGTM – enforces the new checkout step contract.

The assertion correctly validates that the 📥 Checkout release metadata step exists in the release-please workflow, preventing silent removal.

---

130-136: LGTM – EN/ES governance parity now enforced.

Both language variants are validated, preventing accidental removal of the pull-request governance rule. The previous review feedback is addressed.

Minor: file ends without a trailing newline (POSIX convention), but this is purely cosmetic.

---

📝 Walkthrough

Summary by CodeRabbit

• Chores

  • Improved release workflow reliability by ensuring release metadata is available before generating summaries, preventing failures from missing manifests.
  • Added enforcement that release automation changes must go through pull requests; direct pushes to main are restricted to documented emergencies.

• Documentation

  • Updated release guides with governance rules, emergency recovery steps, and remediation best practices.

• Tests

  • Strengthened checks to validate the metadata checkout and PR-style phrasing in release docs.

Walkthrough

Added an explicit checkout step after the release-please action so repository metadata (e.g., .release-please-manifest.json) is available before the summary step. Added English and Spanish governance guidance requiring release-automation changes via pull request and allowing direct main pushes only for documented emergencies.

Changes

Cohort / File(s)	Summary
Release Workflow .github/workflows/release-please.yml, .github/workflows/README.md	Inserted a “📥 Checkout release metadata” step using actions/checkout@v6.0.2 (fetch-depth: 1) that runs always after release-please; documented the rationale in the workflow README and added a governance note.
Release Governance Documentation clients/web/apps/docs/src/content/docs/guides/release.md, clients/web/apps/docs/src/content/docs/es/guides/release.md	Added “Governance rule / Regla de gobernanza” sections requiring changes to release automation land via pull request, reserving direct main pushes for documented emergency recovery and specifying remediation via short-lived branches + PRs.
Contract Tests scripts/release-contract.test.mjs	Extended test assertions to require the new checkout step label (Checkout release metadata) in the workflow and to check that English/Spanish release guides include pull-request phrasing.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore: add release-please automation #236: Modifies the same release-please workflow and is directly related to the added checkout step and updated docs/tests.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix(release): harden release-please diagnostics' follows Conventional Commit style with 'fix' prefix, clear scope, and accurately describes the main change of improving release workflow diagnostics reliability.
Description check	✅ Passed	The PR description provides comprehensive coverage of changes, governance improvements, workflow reliability updates, and test modifications with clear documentation of all affected files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/release-please-summary-pr-flow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

✅ Contributor Report

User: @yacosta738
Status: Passed (12/13 metrics passed)

Metric	Description	Value	Threshold	Status
PR Merge Rate	PRs merged vs closed	89%	>= 30%	✅
Repo Quality	Repos with ≥100 stars	0	>= 0	✅
Positive Reactions	Positive reactions received	10	>= 1	✅
Negative Reactions	Negative reactions received	0	<= 5	✅
Account Age	GitHub account age	3083 days	>= 30 days	✅
Activity Consistency	Regular activity over time	108%	>= 0%	✅
Issue Engagement	Issues with community engagement	0	>= 0	✅
Code Reviews	Code reviews given to others	527	>= 0	✅
Merger Diversity	Unique maintainers who merged PRs	2	>= 0	✅
Repo History Merge Rate	Merge rate in this repo	91%	>= 0%	✅
Repo History Min PRs	Previous PRs in this repo	205	>= 0	✅
Profile Completeness	Profile richness (bio, followers)	90	>= 0	✅
Suspicious Patterns	Spam-like activity detection	1	N/A	❌

---

_{Contributor Report evaluates based on public GitHub activity. Analysis period: 2025-04-07 to 2026-04-07}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/release-contract.test.mjs`:
- Around line 130-133: Add an assertion that verifies the Spanish docs (docsEs)
contain the governance wording equivalent to the English check (docsEn).
Specifically, in the test that already asserts docsEn for "through a pull
request", add an assert.match on docsEs for the Spanish governance phrase (use
the correct localized wording present in docsEs) so that the governance rule
parity is enforced; update the same test block that references
docsEn/docsEs/changelog.

🪄 Autofix (Beta)

✅ Autofix completed

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9a88d429-e084-4fe6-b8ef-66e328cd0079

📥 Commits

Reviewing files that changed from the base of the PR and between 6c9ea27 and 1eb0390.

📒 Files selected for processing (5)

• .github/workflows/README.md
• .github/workflows/release-please.yml
• clients/web/apps/docs/src/content/docs/es/guides/release.md
• clients/web/apps/docs/src/content/docs/guides/release.md
• scripts/release-contract.test.mjs

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: pr-checks
• GitHub Check: sonar
• GitHub Check: Cloudflare Pages

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{md,mdx}

⚙️ CodeRabbit configuration file

**/*.{md,mdx}: Verify technical accuracy and that docs stay aligned with code changes.
For user-facing docs, check EN/ES parity or explicitly note pending translation gaps.

Files:

• clients/web/apps/docs/src/content/docs/es/guides/release.md
• clients/web/apps/docs/src/content/docs/guides/release.md

**/*

⚙️ CodeRabbit configuration file

**/*: Security first, performance second.
Validate input boundaries, auth/authz implications, and secret management.
Look for behavioral regressions, missing tests, and contract breaks across modules.

Files:

• clients/web/apps/docs/src/content/docs/es/guides/release.md
• clients/web/apps/docs/src/content/docs/guides/release.md
• scripts/release-contract.test.mjs

🧠 Learnings (2)

📓 Common learnings

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Follow `.github/pull_request_template.md` and keep PR descriptions concrete with problem, change, non-goals, risk, and rollback information

📚 Learning: 2026-02-17T12:31:17.076Z

Learnt from: CR
Repo: dallay/corvus PR: 0
File: clients/agent-runtime/AGENTS.md:0-0
Timestamp: 2026-02-17T12:31:17.076Z
Learning: Applies to clients/agent-runtime/.github/**/*.{yml,yaml} : For workflow/template-only changes, ensure YAML/template syntax validity

Applied to files:

• .github/workflows/README.md

🔇 Additional comments (5)

clients/web/apps/docs/src/content/docs/guides/release.md (1)

74-79: LGTM — governance rules are clear and well-aligned with workflow changes.

The three-point governance rule correctly documents the PR-based workflow, emergency-only direct push policy, and short-lived branch repair pattern. Contract tests in release-contract.test.mjs verify this wording.

clients/web/apps/docs/src/content/docs/es/guides/release.md (1)

74-79: LGTM — Spanish translation maintains parity with English governance rules.

Translation is semantically accurate and uses appropriate terminology ("rama corta" for short-lived branch, "protección de rama" for branch protection).

.github/workflows/release-please.yml (1)

32-37: LGTM — checkout step correctly ensures manifest availability for diagnostics.

SHA-pinned action, shallow clone, and always() condition are appropriate here. The step runs even on release-please failure, which is exactly what's needed for reliable diagnostics output.

.github/workflows/README.md (1)

251-259: LGTM — README documentation accurately reflects workflow changes and governance policy.

The new checkout step documentation and governance note are consistent with the actual workflow implementation and the release runbook.

scripts/release-contract.test.mjs (1)

74-74: LGTM — contract test correctly verifies the new checkout step exists.

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

Fixes Applied Successfully

Fixed 1 file(s) based on 1 unresolved review comment.

Files modified:

• scripts/release-contract.test.mjs

Commit: 4bcb1bed6f6ff67b5f4c0e62de92ab615ce5d46c

The changes have been pushed to the fix/release-please-summary-pr-flow branch.

Time taken: 3m 41s

[cloudflare-workers-and-pages]

Deploying corvus with    Cloudflare Pages

Latest commit:	4bcb1be
Status:	✅  Deploy successful!
Preview URL:	https://54b13248.corvus-42x.pages.dev
Branch Preview URL:	https://fix-release-please-summary-p.corvus-42x.pages.dev

View logs

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud