chore: add auto-release workflows for .github repo

[ThirteenLLB]

Summary

• Add auto-release-on-pr.yml workflow: creates tag when PR with auto-release label merges from release/v* branch
• Add auto-release.yml workflow: creates GitHub Release when tag is pushed (using existing auto-release action)
• Update CHANGELOG.md

This enables Type A (single public repo) release automation for the .github repository itself.

Test plan

验证步骤：

1. 创建 release/v1.0.0 分支，更新 CHANGELOG 中的 [Unreleased] 为 [1.0.0]
2. 创建 PR 到 main，添加 auto-release 标签
3. 合并 PR，确认 tag 自动创建
4. 确认 GitHub Release 自动生成

前置检查：

• org level 已配置 AUTOMATION_APP_ID (Variable)
• org level 已配置 AUTOMATION_APP_PRIVATE_KEY (Secret)
• GitHub App 对此仓库有访问权限

🤖 Generated with Claude Code

Summary by CodeRabbit

• 新功能
  • 自动化发布：合并带标记的发布分支时自动创建版本标签；推送版本标签时在 GitHub 上自动生成发布。
  • 支持发布阶段的飞书通知，及时告知团队发布状态。
• 工程化改进
  • 增加并完善发布流程与脚本，包含版本校验与重复标签检测，提升发布可靠性。
  • 提升仓库解析兼容性，支持更多格式的仓库名称。

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

新增两个 GitHub Actions 工作流：在合并带 auto-release 标签且源分支以 release/ 开头的 PR 时创建版本标签；在匹配 v* 的标签推送时基于标签创建 GitHub Release（可通知 Feishu）。同时更新 CHANGELOG 并放宽脚本中仓库名的正则匹配。

Changes

Cohort / File(s)	Summary
自动发布工作流 ​.github/workflows/auto-release-on-pr.yml, ​.github/workflows/auto-release.yml	新增两个工作流：auto-release-on-pr.yml 在合并 PR（需合并、带 auto-release 标签、分支以 release/ 开头）时提取并校验版本、创建并推送注释标签；auto-release.yml 在 v* 标签推送时调用 auto-release action 创建 GitHub Release 并支持 Feishu 通知。
变更记录 CHANGELOG.md	新增 Unreleased 条目，列出新增工作流、辅助脚本与 Feishu 通知等条目。
脚本调整 scripts/parse-repos.py	放宽仓库名正则以允许点（.），由 ^([a-zA-Z0-9_-]+)\s*=\s*(.+)$ 改为 ^([a-zA-Z0-9_.-]+)\s*=\s*(.+)$。

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor 开发者
    participant GitHub
    participant Workflow_PR as "auto-release-on-pr\n工作流"
    participant Git操作
    participant Workflow_Tag as "auto-release\n工作流"
    participant AutoReleaseAction as "Auto Release\nAction"
    participant Feishu

    开发者->>GitHub: 合并带 `auto-release` 标签的 PR（源分支 release/*）
    GitHub->>Workflow_PR: 触发（PR 已关闭且已合并）
    Workflow_PR->>Workflow_PR: 提取版本、校验语义版本、检查远端标签
    Workflow_PR->>Git操作: 创建注释标签并推送到 origin
    Git操作-->>GitHub: 标签已推送
    GitHub->>Workflow_Tag: 检测到 `v*` 标签推送并触发工作流
    Workflow_Tag->>AutoReleaseAction: 调用 auto-release action（传入 token、prerelease、feishu-webhook）
    AutoReleaseAction->>GitHub: 创建 GitHub Release（基于标签）
    AutoReleaseAction->>Feishu: 发送发布通知到 Feishu webhook
    Feishu-->>开发者: 发送发布通知

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• feat: add centralized multi-version release automation #27: 与本 PR 都修改 scripts/parse-repos.py 的仓库名正则/验证，代码层面高度相关。
• ci: add auto-release composite action #26: 该 PR 引入或修改的 auto-release composite action 与本 PR 在工作流调用与输入（如 Feishu webhook）上存在直接关联。

Suggested reviewers

• yuanyuanxin
• chenjunnn

Poem

🐰 合并轻敲树梢声，标签跃出夜微明；
版本验证细又真，推送 Release 闪银星。
自动跑道风中舞，飞书一讯告春晴。 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Title check	✅ Passed	Pull request title accurately describes the main change: adding auto-release workflows for the .github repository.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/add-auto-release-workflows

Tip

🧪 Unit Test Generation v2 is now available!

We have significantly improved our unit test generation capabilities.

To enable: Add this to your .coderabbit.yaml configuration:

reviews:
  finishing_touches:
    unit_tests:
      enabled: true

Try it out by using the @coderabbitai generate unit tests command on your code files or under ✨ Finishing Touches on the walkthrough!

Have feedback? Share your thoughts on our Discord thread!

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/auto-release-on-pr.yml:
- Around line 25-44: The tag existence check in the "Extract version and create
tag" step uses git rev-parse which only inspects local refs (and
actions/checkout defaults prevent tags being fetched), so the check is
ineffective; update that step to query the remote instead (for example by
replacing the git rev-parse check with a remote query such as using git
ls-remote --tags --exit-code against origin for the VERSION or alternatively
enable fetching tags in the Checkout step) so the workflow reliably detects
existing remote tags before attempting to push.

In @.github/workflows/auto-release.yml:
- Around line 20-21: Replace the floating ref to the composite action by pinning
the uses declaration to a full commit SHA: locate the line using "uses:
wuji-technology/.github/actions/auto-release@main" and change it to "uses:
wuji-technology/.github/actions/auto-release@<full-commit-sha>"; update the SHA
to the exact commit you’ve vetted (not a branch or tag), commit that change, and
document the chosen SHA in the PR so reviewers can verify the pinned revision.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/auto-release-on-pr.yml:
- Around line 25-50: The workflow currently tags whatever was checked out (the
PR merge ref) which may not match main; update the Checkout and tagging steps to
use the PR's merge commit SHA: use github.event.pull_request.merge_commit_sha as
the ref when checking out (replace the current actions/checkout usage of the PR
ref/branch), and when creating the tag ensure you tag that exact SHA (use
VERSION and the merge_commit_sha as the target for git tag and git push) so the
annotated tag is created on the real merge commit rather than the transient
refs/pull/*/merge ref.

🧹 Nitpick comments (2)

.github/workflows/auto-release.yml (1)

17-18: 将 actions/checkout 固定到完整 SHA 以增强供应链安全

使用版本标签（如 @v4）存在供应链风险，版本标签可能被移动或重新标记。GitHub 官方推荐将第三方 action 固定到完整的提交 SHA（40 个字符），并通过注释记录版本号便于维护和更新。注意到当前工作流中的自定义 action 已正确固定到 SHA，建议对 actions/checkout 采用同样的做法保持一致性。

🔧 建议修改

      - name: Checkout repository
-       uses: actions/checkout@v4
+       uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

.github/workflows/auto-release-on-pr.yml (1)

18-28: 建议将第三方 Action 固定到完整 SHA 以降低供应链风险

actions/create-github-app-token@v2 与 actions/checkout@v4 目前使用版本标签，建议固定到完整提交 SHA，并在注释里标明版本号。

🔧 建议修改

      - name: Generate GitHub App token
        id: app-token
-       uses: actions/create-github-app-token@v2
+       uses: actions/create-github-app-token@064492a9a1762067169d50c792a7dc02bc3d1254 # v2
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
          private-key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }}

      - name: Checkout
-       uses: actions/checkout@v4
+       uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
        with:
          token: ${{ steps.app-token.outputs.token }}

[JiangCiT-T]

@ThirteenLLB 确认无误

[chenjunnn]

PR title 中的 Type A 指代不明