write permission is conditionally needed by release-drafter

[2bndy5]

The cpp-linter repo has 2 workflows that call into the reusable workflow, .github/workflows/release-drafter.yml:

1. cpp-linter/cpp-linter/.github/workflows/labeler.yml requires

   permissions:
     contents: read
     pull-requests: write

2. cpp-linter/cpp-linter/.github/workflows/release-drafter.yml; requires

   permissions:
     contents: write
     pull-requests: read

While the reusable workflow demands write permission regardless of calling context:

.github/.github/workflows/release-drafter.yml

Lines 15 to 19 in 86b6518

	# write permission is required to create a github release
	contents: write
	# write permission is required for autolabeler
	# otherwise, read permission is required at least
	pull-requests: write

Proposal

The permissions map cannot be dynamically set.

# THIS WILL NOT WORK!
permissions:
  contents: ${{ inputs.mk-labels && 'read' || 'write' }}
  pull-requests: ${{ inputs.mk-draft-release && 'read' || 'write' }}

This means we need 2 separate reusable workflows for each calling context:

• To auto-label PRs
• To draft (or update a drafted) release

Because the reusable workflow is just 1 step, I'm inclined to just copy that 1 step into the calling workflows' yml and modify the permissions as needed.

Or use git-cliff + gh-cli

In the cpp-linter-rs repo, I use a script (written in python) to

1. Bump the version according to inputs.component. In rust this requires altering the Cargo.toml manifest. In python we would only need to calculate the version based on the last tag.
2. Use git-cliff with the new version number to generate release notes (used in the final step 4). This step also regenerates the entire CHANGELOG.md in repo root.
3. Use git to push any metadata file changes. The step is not required where setuptools-scm automatically sets the package version based on git describe --tags (or similar).
4. Use gh-cli (requires a PAT with permissions: {contents: write}) to publish a release, which inherently creates a new tag that triggers build/deploy CI workflows.

Caution

step 4 requires a PAT instead of the generic/default secrets.GITHUB_TOKEN because CI triggers are ignored for events caused by "github-actions[bot]".

This might seem overly complicated, but it provides much better flexibility and does not surrender security to third-party software that we don't control/understand.

[shenxianpeng]

@shenxianpeng I'm giving serious thought about revising the release process here.
The release-drafter project is not as well maintained as it once was (see release-drafter/release-drafter#1455). Given the complexity of the supported config, it is not surprising that maintenance has been lacking attention.

Auto label doesn't work

I think we need to use a separate config just for that auto-label feature (during a PR event).
And, for some reason, the release-drafter action tries to create/update a drafted release during a PR event, before it is merged (?!).

There must be a better way to auto label PR. Personally, I could do it with nushell and gh-cli...

Drafting releases

If releases are only focused on PRs, then commits pushed directly to main will not show up in the release notes 👎🏼.

I understand that release-drafter relies solely on PR/issue labels to categorize release notes. But release notes can be generated in a number of different ways.
I know git-cliff can use both PR labels and conventional-commit titles to categorize changes. Git-cliff can even "guess" the next version tag based on unreleased changes, but I don't often use that feature.

Originally posted by @2bndy5 in cpp-linter/cpp-linter#154 (comment)

[2bndy5]

Or use git-cliff + gh-cli

I'm literally putting this together right now. I'm writing it in a way that should be applicable to any cpp-linter repos (as a reusable workflow)... But I want to test it first in cpp-linter because we already have a pending release.

Tip

The cpp-linter-rs repo is already doing this because there are multiple package ecosystems being used for deployments. See bump-n-release workflow.

[shenxianpeng]

There must be a better way to auto label PR. Personally, I could do it with nushell and gh-cli...

I agree that the label does not work well. maybe we could try to use Continuous AI

If releases are only focused on PRs, then commits pushed directly to main will not show up in the release notes 👎🏼.

That's true, release-drafter has not been updated for a while, hope the new owner can make a difference.
Personally, I prefer using the PR title rather than the commit message, especially for non-English speakers. I often need to revise my PR title before merging, and it's easier to adjust than the commit message. Perhaps Continuous AI could also help generate better PR titles?

I’m not opposed to the cpp-linter/cpp-linter repository adopting new tools, since it serves as the backend for cpp-linter/cpp-linter-action. However, I think it’s important to provide users with a stable interface — for example, by maintaining a consistent release notes format, relying on widely used dependencies and tools — to ensure the image remains stable and reliable.

[2bndy5]

maybe we could try to use Continuous AI

I still don't trust AI; it might be because of my age group or trust issues spawned from childhood. The copilot AI comes up short every time I try it. The more I see people relying AI to do the same old tasks, the more I think this world is doomed.

I prefer using the PR title rather than the commit message

Same.

By using conventional-commits standards only the commit title is useful in generating changes. In this case the body of the commit message is considered not relevant for a brief list of changes.

Lately, I think we've been doing a pretty good job adopting the conventional-commit standard 💯

For older commits that did not use conventional-commit standards, the entire commit message (title + body) is used to assess what kind of change it was. Much like LLMs, commit parsers (often using regex patterns) can do a pretty good job of categorizing commits.

relying on widely used dependencies and tools

This is why we went with release-drafter in the first place, right?

I'm looking for a future-proof set-and-forget approach. AI is still evolving, and we'll likely have to make additional efforts to keep it behaving as expected.

maintaining a consistent release notes format

As long as the solution is flexible, this shouldn't be hard. I also think that forcing users to browse releases on GitHub is not the best choice because

• pagination
• inconsistent formats
• additional useless info like release assets' download links

Having all the release notes gathered into a single CHANGELOG document provides a better experience.

When converting the nRF24 org's release process (which involves updating metadata files before release), I was able to use gh-cli and git-cliff to regenerate and edit all the previous release notes. This made the release notes match what is now available in each project's CHANGELOG.

---

One of my favorite quotes from a class speaker in my "Advanced C++" college class:

As developers, our job is to be lazy. Everything we create ultimately allows to be lazier.

🤣

[shenxianpeng]

it might be because of my age group

I don't think you would be much older than me : ) I was born in 1987.

Having all the release notes gathered into a single CHANGELOG document provides a better experience.

Yes, I agree — having an additional CHANGELOG.md file for the cpp-linter projects makes sense.

As developers, our job is to be lazy. Everything we create ultimately allows to be lazier.

Totally agree — that’s also one of my favorites.

[2bndy5]

Yeah I was born in 1984. Maybe its just deeply seeded trust issues then. In my experience (opinion), I have found that people who prefer writing JS/TS have control issues. I guess we all have our quirks.

[2bndy5]

I'm pretty much finished writing the release-drafter replacement. I'm going to sleep some, review again, and start submitting PRs later.

Here's a taste (generated by git-cliff)

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

1.10.7 - 2025-03-26

🚀 New features and improvements

• Update Python support versions by @shenxianpeng in #134
• Add clang-tools v19 to dev tests by @shenxianpeng in #138
• Replace deprecated classifier with licence expression (PEP 639) by @shenxianpeng in #136

Full commit diff: v1.10.6...v1.10.7

1.10.6 - 2024-12-12

🚀 New features and improvements

• File IO timeout API by @2bndy5 in #133

Full commit diff: v1.10.5...v1.10.6

1.10.5 - 2024-12-07

🚀 New features and improvements

• Prefix every review comment by @2bndy5 in #132

Full commit diff: v1.10.4...v1.10.5

1.10.4 - 2024-10-18

🚀 New features and improvements

• Enhance parsing paginated diffs by @2bndy5 in #125

Full commit diff: v1.10.3...v1.10.4

1.10.3 - 2024-10-05

🚀 New features and improvements

• Capture and output clang version used in feedback by @2bndy5 in #124

Full commit diff: v1.10.2...v1.10.3

1.10.2 - 2024-09-20

🐛 Bug fixes

• Swap file names in paginated changed files's diff by @2bndy5 in #121

Full commit diff: v1.10.1...v1.10.2

1.10.1 - 2024-09-09

🚀 New features and improvements

• Improve creating patch for PR review suggestions by @2bndy5 in #111
• Pass style to clang-tidy by @2bndy5 in #114
• Resort to paginated request(s) to get file changes by @2bndy5 in #116
• Refactor creating PR review comments by @2bndy5 in #117

🐛 Bug fixes

• Fix clang-analyzer diagnostic's bad hyperlinks by @2bndy5 in #119

Full commit diff: v1.10.0...v1.10.1

1.10.0 - 2024-06-07

🚀 New features and improvements

• Allow PR reviews to be passive by @2bndy5 in #107

Full commit diff: v1.9.2...v1.10.0

1.9.2 - 2024-06-01

🐛 Bug fixes

• Fix test affected by #108 by @2bndy5 in #109

Full commit diff: v1.9.1...v1.9.2

1.9.1 - 2024-05-09

🐛 Bug fixes

• prevent dead links (to tidy diagnostics pages) in thread comments & step summaries by @2bndy5 in #106

Full commit diff: v1.9.0...v1.9.1

1.9.0 - 2024-05-06

🚀 New features and improvements

• Swtich to actions/stale by @shenxianpeng in #102
• Abstract api_request() with custom rate-limit headers by @2bndy5 in #104
• Glob ignores by @2bndy5 in #103

Full commit diff: v1.8.1...v1.9.0

1.8.1 - 2024-03-27

🐛 Bug fixes

• Ensure stdout is flushed, not buffered by @2bndy5 in #98

Full commit diff: v1.8.0...v1.8.1

1.8.0 - 2024-03-26

🚀 New features and improvements

• Enable parallelism by @jnooree in #92
• Use io.StringIO instead tempdir/tempfile by @jnooree in #94

🐛 Bug fixes

• Fix autolabeler by adding labeler.yml action by @shenxianpeng in #87
• Conditionally create comment by @2bndy5 in #91

📦 Dependency updates

• update dependabot.yml to bump group updates by @shenxianpeng in #88

Full commit diff: v1.7.4...v1.8.0

New Contributors

• @jnooree made their first contribution in #94

1.7.4 - 2024-03-05

🚀 New features and improvements

• Create codeql.yml to support codeql analysis by @shenxianpeng in #86
• Handle REST API rate limits and pagination by @2bndy5 in #80

Full commit diff: v1.7.3...v1.7.4

1.7.3 - 2024-02-25

🚀 New features and improvements

• Switch to reusable workflows by @shenxianpeng in #79
• Re-enable thread-comments on private repos by @2bndy5 in #81

Full commit diff: v1.7.2...v1.7.3

1.7.2 - 2024-02-18

🚀 New features and improvements

• Apply no-lgtm to PR reviews by @2bndy5 in #78

Full commit diff: v1.7.1...v1.7.2

1.7.1 - 2024-02-13

🐛 Bug fixes

• Account for clang-tidy notes without fixes in PR reviews by @2bndy5 in #76

Full commit diff: v1.7.0...v1.7.1

1.7.0 - 2024-02-12

🚀 New features and improvements

• Make verbosity disabled by default by @2bndy5 in #47
• Complete refactor by @2bndy5 in #49
• Link clang-tidy diagnostic names to clang-tidy docs by @2bndy5 in #52
• PR Review Suggestions by @2bndy5 in #51
• Support release drafter by @shenxianpeng in #54
• Change token to GITHUB_TOKEN for release drafter by @shenxianpeng in #62
• Allow PR review with no suggestions in diff by @2bndy5 in #68

🐛 Bug fixes

• Thread-comments are not exclusive to github-actions bot by @2bndy5 in #53
• Remove duplicated file name in tidy comment by @2bndy5 in #64
• Resolves chore: bump the actions group with 5 updates #65 by @2bndy5 in #66

📦 Dependency updates

• Bump the major versions of some GH actions by @2bndy5 in #69
• Bump codecov-action to v4 by @2bndy5 in #71

Full commit diff: v1.6.5...v1.7.0

1.6.4 - 2023-12-19

🐛 Bug fixes

• Use static method to parse diff without init-ing repo by @2bndy5 in #42

Full commit diff: v1.6.3...v1.6.4

1.6.3 - 2023-12-14

🐛 Bug fixes

• Fix annotations error counter by @HerrCai0907 in #41

Full commit diff: v1.6.2...v1.6.3

New Contributors

• @HerrCai0907 made their first contribution in #41

1.6.2 - 2023-12-04

🚀 New features and improvements

• Add more specific outputs by @2bndy5 in #37

Full commit diff: v1.6.1...v1.6.2

1.6.1 - 2023-11-09

🚀 New features and improvements

• Resolve Bump actions/attest-build-provenance from 1 to 2 #34 by @2bndy5 in #35

🐛 Bug fixes

• Fix format comment by @2bndy5 in #36

Full commit diff: v1.6.0...v1.6.1

1.6.0 - 2023-05-20

🚀 New features and improvements

• Resolves still need to add CI workflows for reusing actions/stale #24 by @2bndy5 in #32

Full commit diff: v1.5.1...v1.6.0

1.5.1 - 2022-12-13

🚀 New features and improvements

• Keep all generated files in a cache folder by @2bndy5 in #29

Full commit diff: v1.5.0...v1.5.1

1.5.0 - 2022-12-11

🚀 New features and improvements

• Switch to diff format from REST API by @2bndy5 in #26

Full commit diff: v1.4.14...v1.5.0

1.4.14 - 2022-11-17

🐛 Bug fixes

• Resolve stale bot is now deprecated #22 by @2bndy5 in #23

Full commit diff: v1.4.13...v1.4.14

1.4.13 - 2022-11-14

🐛 Bug fixes

• Skip file when no new lines added and lines-changed-only is asserted by @shenxianpeng in #21

Full commit diff: v1.4.12...v1.4.13

1.4.12 - 2022-11-08

🚀 New features and improvements

• Adjust annotation display by @shenxianpeng in #20

Full commit diff: v1.4.11...v1.4.12

1.4.8 - 2022-09-16

🐛 Bug fixes

• Addresses Create go.mod #10 by @2bndy5 in #11

Full commit diff: v1.4.7...v1.4.8

1.4.6 - 2022-08-24

Full commit diff: 255e740...v1.4.6

New Contributors

• @2bndy5 made their first contribution
• @shenxianpeng made their first contribution

I noticed some spelling mistakes in the commit titles. So, I'm going to add some conventional-commit and spelling checks for PR titles.

[shenxianpeng]

In China, people born in the 1980s are called the ‘post-80s’ — a big group. Fair enough, we all have our quirks!

Make sure to get some good rest 🙂 With AI moving so fast, I rely on it a lot for writing, docs, and coding, but we still need people to review.