fix(release): 修复发布说明 PR 链接缺失

[GeWuYou]

• 修复 release notes 生成 job 缺少 PR 读取权限的问题

• 更新 semantic-release 主题恢复点与验证记录

• 补充当前修复分支到 ai-plan 启动映射

Summary by CodeRabbit

• 修复

  • 修复了发布说明中拉取请求链接的显示问题，GitHub Releases 现在能正确呈现关联的 PR 链接。

• 文档

  • 更新了发布/版本计划与追踪文档，记录了为确保发布说明完整性所做的权限与验证调整。

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 72e0b0f4-00f6-496f-ac7d-c6ba040e882c

📥 Commits

Reviewing files that changed from the base of the PR and between 53870c1 and 478072a.

📒 Files selected for processing (3)

• .github/workflows/auto-tag.yml
• ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
• ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md

📜 Recent review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Code Quality & Security
• GitHub Check: Build and Test
• GitHub Check: Analyze (C#)

🧰 Additional context used

🪛 LanguageTool

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md

[uncategorized] ~20-~20: The official name of this software platform is spelled with a capital “H”.
Context: ...s/auto-tag.yml的git-cliff-action改用${{ github.token }} 读取 PR 元数据，PAT_TOKEN` 只保留...

(GITHUB)

---

[uncategorized] ~23-~23: The official name of this software platform is spelled with a capital “H”.
Context: ...ase job 增加 pull-requests: read - 保持 .github/cliff.toml 的 by @userin#PR`` 模板不变，只补...

(GITHUB)

---

[uncategorized] ~40-~40: The official name of this software platform is spelled with a capital “H”.
Context: ...auto-tag.yml中 job 级permissions只约束${{ github.token }}，不约束 ${{ secrets.PAT_TOKEN }}...

(GITHUB)

---

[uncategorized] ~41-~41: The official name of this software platform is spelled with a capital “H”.
Context: ....PAT_TOKEN }}；生成 release notes 时必须使用 ${{ github.token }}才能让pull-requests: read` 声明真...

(GITHUB)

---

[uncategorized] ~56-~56: The official name of this software platform is spelled with a capital “H”.
Context: ...auto-tag.yml 的git-cliff-action改用${{ github.token }}`，避免未来 GitHub Release 正文缺失 PR 链...

(GITHUB)

---

[grammar] ~76-~76: Ensure spelling is correct
Context: ...net build GFramework.sln -c Release 通过，0 warning / 0 error- 更早阶段的 dry-run / tag /抽象项目验证已归档到 ai-plan/pu...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md

[uncategorized] ~16-~16: The official name of this software platform is spelled with a capital “H”.
Context: ... publish.yml 已对 git-cliff-action 使用 ${{ github.token }}，job 级 pull-requests: read 能...

(GITHUB)

---

[uncategorized] ~17-~17: The official name of this software platform is spelled with a capital “H”.
Context: ...TOKEN，让 git-cliff-action改用带 job 权限的 ${{ github.token }}`，避免 PR 元数据读取能力取决于 PAT 创建时的额外 s...

(GITHUB)

🔇 Additional comments (4)

.github/workflows/auto-tag.yml (2)

18-20: 权限边界修复到位。

preview/release 两个 job 都补齐了 pull-requests: read，与 release notes 读取 PR 元数据的需求一致，且未扩大不必要写权限。

Also applies to: 110-113

---

73-76: git-cliff-action 的 token 切换正确。

Line 75 与 Line 162 改为 ${{ github.token }} 后，job 级 permissions 才能对该步骤生效；这个调整精准命中本次缺陷根因。

Also applies to: 160-163

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md (1)

16-24: SEMREL-RP-007 跟踪闭环清晰。

本次更新把“触发原因 → 权限/Token 分工 → 已完成项 → 验证项 → 下一步”串成了完整链路，后续排障与交接可读性很好。

Also applies to: 38-42, 55-57, 71-76, 82-83

ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md (1)

5-31: 新增追踪记录质量高。

SEMREL-RP-007 条目把问题根因、修复范围和验证证据写全了，能直接支撑后续复盘与回填发布说明操作。

---

📝 Walkthrough

Walkthrough

为生成 release notes 时读取 PR 元数据，新增并补齐了工作流作业的 pull-requests: read 权限；同时将 git-cliff-action 在 auto-tag 的相关步骤改为使用 ${{ github.token }} 并更新了相关规划与跟踪文档以记录该恢复点（SEMREL-RP-007）。

Changes

工作流权限修复

Layer / File(s)	Summary
Permissions 调整 ​.github/workflows/auto-tag.yml, ​.github/workflows/publish.yml	在 auto-tag.yml 的 preview 与 release jobs 以及 publish.yml 的 create-release job 的 permissions 中添加 pull-requests: read。
Token 环境变量 ​.github/workflows/auto-tag.yml	将生成 release notes 的步骤中 GITHUB_TOKEN 环境变量由 secrets.PAT_TOKEN 切换为 ${{ github.token }}（使作业级 permissions 生效以读取 PR 元数据）。
规划文档更新 ai-plan/public/README.md	在 Worktree To Active Topic Map 中新增分支映射：fix/release-notes-pr-links → 优先 topic semantic-release-versioning（worktree hint GFramework）。
跟踪与任务记录 ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md, ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md	引入恢复点 SEMREL-RP-007 条目，记录权限问题、已完成的验证项（包括 toml 解析、license-header 检查、dotnet build），并列出下一步操作。

Sequence Diagram(s)

（条件不满足，已省略）

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ci(release): 修复 semantic-release 预览鉴权 #294 — 修改了 auto-tag.yml 的权限与 token 用法，和本次对 preview/release job 的补齐存在直接交集。
• feat(ci): add cliff-based release summaries #312 — 与本次改动同属 release-note/gith-cliff 支撑变更，涉及相同工作流文件。
• Feat/semantic release versioning #293 — 早期引入 git-cliff 集成及相关工作流改动，与本次权限修复在上下游存在联系。

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	标题明确总结了主要变更：修复发布说明中缺失的 PR 链接问题，与 PR 目标和文件变更内容完全对应。
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/release-notes-pr-links

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR fixes missing pull-request links in GitHub Release notes by granting pull-requests: read to the relevant workflow jobs and switching the git-cliff-action token from PAT_TOKEN to github.token (whose scope is constrained by the job-level permission block). The accompanying ai-plan documents advance the recovery-point marker from RP-006 to RP-007 and record validation results.

Confidence Score: 5/5

Safe to merge — minimal-scope permission additions with no functional regressions.

The fix is surgical: only pull-requests: read is added to the relevant jobs and git-cliff-action is pointed at github.token so the permission scope actually applies. semantic-release retains PAT_TOKEN for tag push and dry-run, which is required for triggering downstream workflows. No logic changes, no new secrets, no broader permission grants than needed.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/auto-tag.yml	Adds pull-requests: read to both preview and release jobs; switches git-cliff-action from PAT_TOKEN to github.token so the job-level permission block takes effect. semantic-release correctly retains PAT_TOKEN.
.github/workflows/publish.yml	Adds pull-requests: read to the create-release job; git-cliff-action was already using github.token, so this permission addition is all that was needed.
ai-plan/public/README.md	Adds fix/release-notes-pr-links branch mapping to the semantic-release-versioning active topic index.
ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md	Advances recovery point to SEMREL-RP-007, documents the permission-fix rationale, and records RP-007 validation steps.
ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md	Prepends SEMREL-RP-007 trace entry under the existing ## 2026-05-04 heading; no duplicate heading introduced in this commit.

Sequence Diagram

sequenceDiagram
    participant SR as semantic-release
    participant GCA as git-cliff-action
    participant GH as GitHub API

    rect rgb(220,240,255)
        Note over SR,GH: auto-tag.yml / publish.yml jobs (after fix)
        SR->>GH: push / dry-run (PAT_TOKEN — unrestricted)
        GCA->>GH: GET /repos/.../pulls?commit_sha=... (github.token + pull-requests:read)
        GH-->>GCA: pr_number resolved
        GCA-->>GCA: render "by @user in #PR" in release notes
    end

Loading

_{Reviews (2): Last reviewed commit: "fix(release): 修复 git-cliff PR 元数据令牌" | Re-trigger Greptile}

[github-actions]

Summary

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Other ❓	Flaky 🍂	Duration ⏱️
2264	2264	0	0	0	0	1ms

Test Results

2264 passed

Details

2264 tests
37.2s
nunit
CI - Build & Test build-and-test #1052
fix(release): 修复发布说明 PR 链接缺失 #322

Insights

Average Tests per Run	Total Flaky Tests	Total Failed	Slowest Test (p95)
2264	0	0	3.7s

build-and-test: Run #1052

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
2264	2264	0	0	0	0	0	37.2s

🎉 All tests passed!

Slowest Tests

Test 📝	Results 📊	Duration (avg) ⏱️	Duration (p95) ⏱️
CreateStream_Should_ResolveCqrsRuntime_OnlyOnce_When_AccessedConcurrently	1	3.7s	3.7s
Does_Not_Report_When_FieldInjectedModel_Is_Registered	1	2.2s	2.2s
Generates_Scene_Behavior_Boilerplate	1	1.9s	1.9s
CleanupDuringAcquire_Should_NotCauseRaceCondition	1	1.1s	1.1s
Append_ShouldNotBlock	1	1.0s	1.0s
Context_Caching_Should_Improve_Performance	1	782ms	782ms
PendingCount_ShouldReflectQueuedEntries	1	501ms	501ms
Cleanup_Should_NotRemoveActiveLocks	1	406ms	406ms
Cleanup_Should_RemoveUnusedLocks	1	402ms	402ms
Generates_Precise_Assembly_Type_Lookups_For_Inaccessible_External_Generic_Definitions_With_Visible_Type_Arguments	1	313ms	313ms

_{🎉 No failed tests in this run. | 🍂 No flaky tests in this run.}

Github Test Reporter by CTRF 💚

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ REPOSITORY	gitleaks	yes		no	no	4.49s
✅ REPOSITORY	trufflehog	yes		no	no	4.27s

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md`:
- Around line 3-30: Remove the duplicate second-level date header "##
2026-05-04" that appears immediately before "### PR review notes
类型映射修复（SEMREL-RP-006）" so there is only one "## 2026-05-04" section; delete that
extra heading line and keep SEMREL-RP-006 and SEMREL-RP-007 as sibling
subsections under the single date header to resolve the MD024 markdownlint
warning.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: de158bb1-37e5-4c6b-82ab-668e34287388

📥 Commits

Reviewing files that changed from the base of the PR and between 64c5ecb and 53870c1.

📒 Files selected for processing (5)

• .github/workflows/auto-tag.yml
• .github/workflows/publish.yml
• ai-plan/public/README.md
• ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md
• ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md

📜 Review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Code Quality & Security
• GitHub Check: Build and Test
• GitHub Check: Analyze (C#)
• GitHub Check: submit-nuget

🧰 Additional context used

📓 Path-based instructions (2)

**/{README,readme,ReadMe}.md

📄 CodeRabbit inference engine (AGENTS.md)

Use canonical filename README.md; do not introduce new ReadMe.md or other filename variants

Files:

• ai-plan/public/README.md

ai-plan/public/README.md

📄 CodeRabbit inference engine (AGENTS.md)

ai-plan/public/README.md: ai-plan/public/README.md MUST list only active topics; do not add ai-plan/public/archive/** content to default boot index
When worktree-to-topic mapping changes, or when topic becomes active/inactive, contributors MUST update ai-plan/public/README.md in same change

Files:

• ai-plan/public/README.md

🪛 LanguageTool

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md

[uncategorized] ~21-~21: The official name of this software platform is spelled with a capital “H”.
Context: ...ase job 增加 pull-requests: read - 保持 .github/cliff.toml 的 by @userin#PR`` 模板不变，只补...

(GITHUB)

🪛 markdownlint-cli2 (0.22.1)

ai-plan/public/semantic-release-versioning/traces/semantic-release-versioning-trace.md

[warning] 28-28: Multiple headings with the same content

(MD024, no-duplicate-heading)

🔇 Additional comments (4)

.github/workflows/publish.yml (1)

243-246: 权限修复正确，LGTM。

create-release job 中 git-cliff 使用 GITHUB_TOKEN: ${{ github.token }}，job 级别的 pull-requests: read 直接作用于该内置令牌，修复逻辑完整有效。

ai-plan/public/README.md (1)

68-70: LGTM。

新增映射条目格式与现有条目一致，semantic-release-versioning 已在 Active Topics 中声明，符合编码规范要求。

ai-plan/public/semantic-release-versioning/todos/semantic-release-versioning-tracking.md (1)

16-78: LGTM，跟踪记录与本次变更完全对齐。

SEMREL-RP-007 恢复点、已知风险、已完成项及验证结论均已更新，与两个 workflow 文件的改动一致。静态分析工具对第 21 行的 GitHub 大小写提示为误报（该处 .github/cliff.toml 是文件路径，不是平台名称）。

.github/workflows/auto-tag.yml (1)

18-20: pull-requests: read 对 PAT_TOKEN 无效，需在创建 PAT 时确认其权限范围。

Job 级别的 permissions 块仅控制 github.token（即 secrets.GITHUB_TOKEN）的访问范围，不影响以 secret 形式传入的 PAT。在 preview 和 release job 中，GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} 是通过环境变量传入的 PAT，workflow 中的 pull-requests: read 权限声明对其无任何约束。

git-cliff 的 PR 元数据读取能力完全取决于 PAT_TOKEN 创建时的配置 scope：

• Classic PAT（repo scope）：已包含 PR 读取权限，git-cliff 可正常获取 PR 链接渲染数据
• Fine-grained PAT：需在 token 创建时单独授予 pull-requests: read 权限；仅修改 workflow 文件无效

建议确认当前使用的 PAT_TOKEN 类型及其权限范围，以确保 git-cliff 能够正确渲染发布说明中的 PR 链接。

[github-actions]

Summary

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Other ❓	Flaky 🍂	Duration ⏱️
2264	2264	0	0	0	0	36.3s    ↓914ms

Test Results

2264 passed

Details

2264 tests
36.3s ↓914ms
nunit
CI - Build & Test build-and-test #1053
fix(release): 修复发布说明 PR 链接缺失 #322

Insights

Average Tests per Run	Total Flaky Tests	Total Failed	Slowest Test (p95)
2264	0	0	3.7s

build-and-test: Run #1053

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
2264	2264	0	0	0	0	0	36.3s

🎉 All tests passed!

Slowest Tests

Test 📝	Results 📊	Duration (avg) ⏱️	Duration (p95) ⏱️
CreateStream_Should_ResolveCqrsRuntime_OnlyOnce_When_AccessedConcurrently	2	3.7s	3.7s
Does_Not_Report_When_FieldInjectedModel_Is_Registered	2	2.1s	2.2s
Generates_Scene_Behavior_Boilerplate	2	1.9s	1.9s
CleanupDuringAcquire_Should_NotCauseRaceCondition	2	1.1s	1.1s
Append_ShouldNotBlock	2	1.0s	1.0s
Context_Caching_Should_Improve_Performance	2	782ms	782ms
PendingCount_ShouldReflectQueuedEntries	2	501ms	501ms
Cleanup_Should_NotRemoveActiveLocks	2	405ms	406ms
Cleanup_Should_RemoveUnusedLocks	2	402ms	402ms
Generates_Precise_Assembly_Type_Lookups_For_Inaccessible_External_Generic_Definitions_With_Visible_Type_Arguments	2	306ms	313ms

_{± Comparison with run #1052 at 3ecc43e | 🎉 No failed tests detected across all runs. | 🍂 No flaky tests detected across all runs. | ⏱️ Measured over 2 runs.}

Github Test Reporter by CTRF 💚