[docs] Updated changelog workflow docs

[pushpitkamboj]

Checklist

• I have read the OpenWISP Contributing Guidelines.
• I have manually tested the changes proposed in this pull request.
• I have written new test cases for new code and/or updated existing tests for changes to existing code.
• I have updated the documentation.

Reference to Existing Issue

Closes #653

Description of Changes

• Updated the changelog bot documentation to explain the required two-workflow setup for enabling it in other OpenWISP repositories.

• The docs now include separate trigger and runner workflow examples for handling approved noteworthy PRs and invoking the reusable changelog workflow.

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

This PR correctly addresses issue #653 by updating the changelog bot documentation to explain the two-workflow setup (trigger + runner) required for enabling the bot in other OpenWISP repositories.

The documentation changes look good:

• Clear separation of trigger and runner workflow responsibilities
• Appropriate permissions are set for each workflow
• Follows the existing documentation patterns in the file

Files Reviewed (1 file)

• docs/developer/reusable-github-utils.rst - Documentation update for changelog bot setup

---

_{Reviewed by kimi-k2.5-0127 · 90,146 tokens}

[coderabbitai]

📝 Walkthrough

Walkthrough

This change updates the developer documentation to explain the two-workflow integration pattern required for the Changelog Bot. The documentation describes a trigger workflow that monitors pull request reviews, applies gatekeeping based on maintainer approval and PR title prefixes ([feature], [fix], [change]), and passes the PR number to a runner workflow via an artifact. The runner workflow then validates the artifact and invokes the reusable changelog workflow with appropriate permissions for repository access and PR operations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

• [ci:fix] Resolved issues with changelog bot for fork PRs #632: Implements the actual trigger and runner workflow files that execute the two-workflow Changelog Bot pattern described in this documentation.
• [fix] Add PR approved checks in bot-changelog workflow #622: Adds approval-gating logic to the changelog workflow, which the documentation describes as a key part of the trigger workflow validation.
• [feature] Added changelog entry bot using Gemini AI #584: Implements the reusable changelog workflow that the documented runner workflow invokes.

Suggested labels

github_actions, helper-bots

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description includes most required sections: completed checklist items, reference to issue #653, and a clear description of documentation changes made.
Linked Issues check	✅ Passed	The PR successfully addresses issue #653 by updating the changelog bot documentation to explain the required two-workflow setup with trigger and runner workflow examples.
Out of Scope Changes check	✅ Passed	All changes are scoped to documentation updates for the changelog bot two-workflow setup as required by issue #653; no out-of-scope modifications detected.
Bug Fixes	✅ Passed	This PR is a documentation-only change explaining the two-workflow changelog bot setup; it does not fix a bug in core user-facing functionality, so the conditional bug-fix check does not apply.
Title check	✅ Passed	The title '[docs] Updated changelog workflow docs' uses the required [docs] prefix and accurately summarizes the main change: documentation updates for the changelog workflow.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/developer/reusable-github-utils.rst`:
- Around line 586-588: The docs show passing with.pr_number but the reusable
workflow interface in reusable-bot-changelog.yml doesn't declare that input;
update the workflow_call block in reusable-bot-changelog.yml to declare an input
named pr_number (e.g., type: string, required or with an appropriate default) so
the calling workflow can forward ${{ needs.fetch-metadata.outputs.pr_number }};
ensure the input name matches exactly ("pr_number") and any places using secrets
remain intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 60b3e043-ba8c-4bc5-b45a-d199b145aa57

📥 Commits

Reviewing files that changed from the base of the PR and between 00bdd53 and 3a6c602.

📒 Files selected for processing (1)

• docs/developer/reusable-github-utils.rst

📜 Review details

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/actions/bot-changelog-generator/generate_changelog.py:356-364
Timestamp: 2026-03-05T09:59:22.581Z
Learning: In `.github/actions/bot-changelog-generator/generate_changelog.py`, the `validate_changelog_output` function's purpose is to act as an output safety filter — ensuring no sensitive information or arbitrary LLM-generated text gets posted as a PR comment. It checks that the output starts with a valid tag ([feature]/[fix]/[change]) and contains a correctly structured PR reference pattern. It is NOT intended to strictly validate that the referenced PR number/URL matches the current PR.

📚 Learning: 2026-03-05T14:23:55.528Z

Learnt from: nemesifier
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:22-24
Timestamp: 2026-03-05T14:23:55.528Z
Learning: In `.github/workflows/reusable-bot-changelog.yml`, the maintainer (nemesifier) has explicitly decided that `github.event.review.author_association == 'COLLABORATOR'` should be allowed (alongside `OWNER` and `MEMBER`) to trigger the changelog bot workflow. The rationale is that the workflow is non-destructive and only posts a PR comment — it cannot make code changes. Do not flag `COLLABORATOR` as a security issue for this workflow.

Applied to files:

• docs/developer/reusable-github-utils.rst

📚 Learning: 2026-03-05T09:38:10.320Z

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/workflows/reusable-bot-changelog.yml:49-49
Timestamp: 2026-03-05T09:38:10.320Z
Learning: In openwisp-utils, PR title prefixes are strictly limited to `[feature]`, `[fix]`, and `[change]` (exact bracketed tags, no scoping/sub-types). The regex `^\[(feature|fix|change)\]` in `.github/workflows/reusable-bot-changelog.yml` is intentional and correct — scoped variants like `[feature/bots]` are not valid and should not be matched.

Applied to files:

• docs/developer/reusable-github-utils.rst

📚 Learning: 2026-03-05T09:59:22.581Z

Learnt from: pushpitkamboj
Repo: openwisp/openwisp-utils PR: 584
File: .github/actions/bot-changelog-generator/generate_changelog.py:356-364
Timestamp: 2026-03-05T09:59:22.581Z
Learning: In `.github/actions/bot-changelog-generator/generate_changelog.py`, the `validate_changelog_output` function's purpose is to act as an output safety filter — ensuring no sensitive information or arbitrary LLM-generated text gets posted as a PR comment. It checks that the output starts with a valid tag ([feature]/[fix]/[change]) and contains a correctly structured PR reference pattern. It is NOT intended to strictly validate that the referenced PR number/URL matches the current PR.

Applied to files:

• docs/developer/reusable-github-utils.rst

📚 Learning: 2026-03-24T16:40:15.783Z

Learnt from: stktyagi
Repo: openwisp/openwisp-utils PR: 631
File: .github/workflows/bot-ci-failure.yml:71-74
Timestamp: 2026-03-24T16:40:15.783Z
Learning: In openwisp/openwisp-utils reusable-bot-ci-failure.yml, the auto-retry step uses a custom GitHub App token (generated from APP_ID and PRIVATE_KEY secrets) passed to the gh CLI via the GH_TOKEN environment variable. This token is NOT subject to the workflow's `permissions` block (which only restricts GITHUB_TOKEN). Therefore, having `actions: read` in the reusable workflow's permissions block does NOT break the auto-retry `gh api -X POST` call — it authenticates with the App's own permissions. Do not flag this as a permissions issue.

Applied to files:

• docs/developer/reusable-github-utils.rst

🔇 Additional comments (1)

docs/developer/reusable-github-utils.rst (1)

526-527: No action needed—the artifact action versions are correct.

actions/upload-artifact@v7 (latest: v7.0.1) and actions/download-artifact@v8 (latest: v8.0.1) are the current latest major versions as of April 2026 and are listed in official GitHub Marketplace examples. Users copying this snippet will not encounter version resolution failures.

			> Likely an incorrect or invalid review comment.

[coveralls]

coverage: 97.529%. remained the same — pushpitkamboj:docs/changelog_bot_update into openwisp:master

[nemesifier]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved and changes approved.