ci: format release please generated files

[hiqiancheng]

Summary

• Detect the Release Please PR branch from the action output.
• Checkout the release PR branch, sync generated release versions including Cargo.lock, run Prettier on generated release files, and push fixes back only when needed.
• Add CI policy tests so the release workflow keeps the auto-format and lockfile-sync steps.

Related issue or RFC

Related to #410.

AI assistance disclosure

• Tool(s) used: Codex.
• Scope of assistance: investigated the repeated Release Please formatting and lockfile drift, edited the release workflow, added CI policy coverage, and ran local verification.
• Human review or rewrite performed: maintainer review still required before merge.
• Architecture or boundary impact: release automation only; no runtime or schema boundary changes.

Testing evidence

• pnpm.cmd --filter @touchai/desktop test:unit tests/ci/release-workflow-environments.test.ts passed.
• pnpm.cmd --filter @touchai/desktop test:unit tests/ci/release-codeowners-policy.test.ts passed.
• pnpm.cmd --filter @touchai/desktop test:typecheck passed before later targeted release-policy updates.
• pnpm.cmd run format:check passed.
• Commit hooks ran pnpm check:rust and pnpm type:check; both completed, with existing try_lock_mutex Rust warnings.
• pnpm test:pr was not run locally because this PR only changes release workflow policy and the targeted CI policy/type/format checks cover the changed surface; full CI is running on the PR.
• pnpm test:e2e was not run locally because this change does not touch desktop runtime, UI, or E2E paths.

TDD: yes. The release workflow policy test was added first and observed failing before the workflow implementation was added.

Risk notes

• AgentService, runtime, MCP, or schema impact: none.
• database baseline or migration impact: none.
• release or packaging impact: Release Please PR branches will receive an extra commit when generated files do not match repository Prettier style or when Cargo.lock needs the released package version synced.

Screenshots or recordings

Not applicable; CI workflow-only change.

Checklist

• The PR title follows Conventional Commits and is valid for squash merge.
• This PR is either ready for review or explicitly marked as a Draft PR.
• I did not use [WIP] or similar title prefixes.
• If AI materially assisted this PR, I disclosed the tools and scope and I personally reviewed every affected change.
• I can explain the why, what, and how of this change without relying on an AI tool.
• If this touches AgentService, runtime, MCP, or schema boundaries, there is an accepted RFC.
• If this changes architecture or adds a new cross-boundary abstraction, there is an accepted RFC.
• I ran pnpm test:pr for this code PR, or this is a docs-only change.
• If I changed Rust behavior or tests, I reviewed pnpm test:coverage:rust or relied on CI coverage evidence.
• If I changed desktop startup/window/search/popup/settings/E2E paths, I ran pnpm test:e2e locally or documented why CI is the first valid proof.
• I added tests or explained why tests are not appropriate.
• I updated docs when behavior changed.

[coderabbitai]

📝 Walkthrough

Walkthrough

The release-please workflow now extracts the release PR head branch, checks it out with RELEASE_PLEASE_TOKEN, sets up pnpm/Node 22 and syncs versions, runs Prettier on generated files, and—if files changed—commits and pushes the formatting changes back to the release PR; tests assert these steps and that apps/desktop/src-tauri/Cargo.lock is treated as a generated file excluded from CODEOWNERS.

Changes

Release automation formatting workflow

Layer / File(s)	Summary
Extract and checkout release PR branch .github/workflows/release-please.yml	Node script extracts the release PR head branch from steps.release.outputs.prs and the workflow conditionally checks out that branch using secrets.RELEASE_PLEASE_TOKEN with persisted credentials disabled.
Setup pnpm/Node and sync release version .github/workflows/release-please.yml	When a release PR was created, the workflow sets up pnpm and Node 22, runs pnpm install --frozen-lockfile, and executes apps/desktop/scripts/ci/set-release-version.mjs to sync lockfile/package version.
Run Prettier on generated files .github/workflows/release-please.yml	Runs pnpm exec prettier --write (respecting .prettierignore) on .release-please-manifest.json and apps/desktop/src-tauri/tauri.conf.json when prs_created == 'true'.
Commit and push formatted outputs .github/workflows/release-please.yml	If formatting produced changes, configure bot git identity, stage .release-please-manifest.json, apps/desktop/src-tauri/Cargo.lock, and apps/desktop/src-tauri/tauri.conf.json, commit with a formatting message, rewrite origin to include RELEASE_PLEASE_TOKEN, and push HEAD to the release PR branch.
Workflow and CODEOWNERS tests apps/desktop/tests/ci/release-workflow-environments.test.ts, apps/desktop/tests/ci/release-codeowners-policy.test.ts	Adds a test asserting the workflow includes PR-branch extraction, Prettier formatting with ignore-path and a conditional push gated by steps.release.outputs.prs_created == 'true', and expands generated file list to include apps/desktop/src-tauri/Cargo.lock for CODEOWNERS exclusion.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• TouchAI-org/TouchAI#436: Also modifies .github/workflows/release-please.yml to adjust release-please authentication and workflow behavior.

Poem

🐰
I parsed the PR branch with a hop and a cheer,
Danced through pnpm and Prettier to make files clear,
Committed a tidy hop back to the PR,
Cargo.lock waved, codeowners nod from afar,
Tests hum a tune — the pipeline is near.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci: format release please generated files' follows Conventional Commits standards with a 'ci' prefix, is concise, and directly matches the main changes in the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description is comprehensive and follows the template structure with all required sections completed.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/release-please-auto-format

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release-please.yml:
- Around line 83-88: The Prettier invocation in the "Format Release Please
generated files" step currently ignores the repository's .prettierignore; update
the run command that calls pnpm exec prettier (the invocation in that step) to
include the same ignore path used by repo tooling (add --ignore-path
.prettierignore) so CI respects the repo formatting contract when writing
.release-please-manifest.json and apps/desktop/src-tauri/tauri.conf.json.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 3ce46228-379f-4c0f-a4b7-1b14ad6a20ca

📥 Commits

Reviewing files that changed from the base of the PR and between 0f5fab2 and d8f6869.

📒 Files selected for processing (2)

• .github/workflows/release-please.yml
• apps/desktop/tests/ci/release-workflow-environments.test.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL (rust)
• GitHub Check: Desktop E2E Smoke (Windows)

🧰 Additional context used

🪛 zizmor (1.25.2)

.github/workflows/release-please.yml

[error] 73-73: runtime artifacts potentially vulnerable to a cache poisoning attack (cache-poisoning): this step

(cache-poisoning)