ci: add communique to enhance release notes

[jdx]

Summary

• Add communique tool to mise.toml
• Add enhance-release job to release workflow that runs after release creation to generate AI-enhanced release notes

Test plan

• Verify next release triggers the enhance-release job
• Confirm ANTHROPIC_API_KEY secret is configured in repo settings

🤖 Generated with Claude Code

---

Note

Medium Risk
Adds a new post-release GitHub Actions job that uses an external AI API and an elevated token to modify GitHub release notes; failures or misconfigured secrets can break the release workflow and token scope matters.

Overview
After the release job completes, the workflow now runs a new enhance-release job that computes the tag from package.json and calls communique generate ... --github-release to update the GitHub release notes.

The PR also adds communique to mise.toml so the tool is available in CI, and wires in ANTHROPIC_API_KEY plus a dedicated RELEASE_PLZ_GITHUB_TOKEN for the release-note update step.

^{Written by Cursor Bugbot for commit d2335f6. This will update automatically on new commits. Configure here.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates the communique tool into the project to automatically generate AI-enhanced release notes. This enhancement aims to improve the clarity and informativeness of release notes, making them more useful for users and contributors.

Highlights

• Communique Integration: Added the communique tool to the mise.toml file to enhance release notes generation.
• Release Workflow Enhancement: Introduced an enhance-release job to the release workflow, which uses AI to improve release notes after a release is created.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/release.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds the communique tool to the mise.toml configuration to support AI-enhanced release notes. My feedback focuses on improving the stability and reproducibility of the CI/CD environment by recommending pinning the new tool to a specific version instead of using latest.

[gemini-code-assist]

To ensure build reproducibility and prevent unexpected failures in the CI pipeline, it's a best practice to pin tool versions instead of using latest. A future release of communique with breaking changes could cause the release workflow to fail. Please pin this to a specific version (e.g., communique = '1.2.3').

References

1. Dependencies in CI/CD environments should be pinned to specific versions to ensure build reproducibility and stability. Using floating versions like 'latest' can lead to unexpected build failures when a new version with breaking changes is released.

[greptile-apps]

Greptile Summary

This PR adds a post-release enhance-release job to the release workflow that calls communique generate to overwrite the auto-generated GitHub release notes with AI-enhanced copy, and registers the communique tool in mise.toml so it is available in CI.

Key points:

• The new job correctly chains off the existing release job via needs: [release] and will be skipped on non-release PR events, consistent with GitHub Actions propagation semantics.
• Two secrets must be pre-configured: ANTHROPIC_API_KEY (Anthropic API access) and RELEASE_PLZ_GITHUB_TOKEN (a PAT with permission to edit GitHub releases).
• The tag used by communique is derived from package.json at checkout time; adding a git fetch --tags + tag-existence check would make this more defensive.
• Adding the same if: guard from the release job to enhance-release would improve clarity in the Actions UI, though the current behavior is functionally correct.
• communique = 'latest' follows the existing pattern in mise.toml (git-cliff, gh) but means the tool version is not pinned across CI runs.

Confidence Score: 4/5

• Safe to merge once both required secrets are configured; the workflow logic is sound and failures are non-blocking to the primary release path.
• The change is small and well-scoped. The enhance-release job runs after the release is already published, so a failure here does not break the release itself. The tag-derivation and missing if guard are minor hardening opportunities rather than blocking bugs.
• .github/workflows/release.yml — verify secrets are configured and consider the tag-existence guard before merging.

Important Files Changed

Filename	Overview
.github/workflows/release.yml	Adds the enhance-release job that depends on release and calls communique generate with ANTHROPIC_API_KEY and a dedicated PAT. Missing trailing newline (pre-existing). The job correctly inherits the skip behavior of its parent via needs semantics.
mise.toml	Adds communique = 'latest' to the tools section, consistent with the existing pattern for git-cliff and gh.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant Release as release job
    participant Enhance as enhance-release job
    participant GHRelease as GitHub Releases API
    participant Anthropic as Anthropic API

    GH->>Release: PR merged with 'release' label
    Release->>GH: git tag + git push (v4.x.x, v4)
    Release->>GHRelease: gh release create --generate-notes
    GHRelease-->>Release: Release created with auto-notes
    Release-->>GH: success

    GH->>Enhance: needs: [release] satisfied
    Enhance->>Enhance: TAG_NAME = v$(jq .version package.json)
    Enhance->>Anthropic: communique generate TAG_NAME (ANTHROPIC_API_KEY)
    Anthropic-->>Enhance: AI-enhanced release notes
    Enhance->>GHRelease: --github-release (RELEASE_PLZ_GITHUB_TOKEN)
    GHRelease-->>Enhance: Release notes updated

Loading

_{Reviews (1): Last reviewed commit: "ci: use RELEASE_PLZ_GITHUB_TOKEN for com..." | Re-trigger Greptile}

[greptile-apps]

Consider mirroring the parent job's if condition

The release job only runs when a release-labelled PR is merged. While GitHub Actions correctly propagates the "skipped" status from release to enhance-release via needs, adding an explicit if guard makes the intent self-documenting and prevents the job from appearing as a skipped entry in the Actions UI for every non-release PR close event.

Suggested change

	enhance-release:
	needs: [release]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0
	- uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2
	- name: Enhance release notes with communique
	run: |
	TAG_NAME="v$(jq -r .version package.json)"
	communique generate "$TAG_NAME" --github-release
	env:
	ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
	GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_GITHUB_TOKEN }}
	enhance-release:
	needs: [release]
	if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'release')
	runs-on: ubuntu-latest

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[greptile-apps]

Tag derivation races with package.json on the checked-out ref

jq -r .version package.json reads the version from the default checkout ref (the PR's merge commit), which is correct since the release job bumps package.json and pushes it before this job runs. However, if postversion.sh pushes additional commits after tagging, there is a window where HEAD on the branch may be ahead of the tag. Using the tag published by the release job directly (e.g. via the GitHub API or by reading it from the git log) would be more robust:

Suggested change

	TAG_NAME="v$(jq -r .version package.json)"
	communique generate "$TAG_NAME" --github-release
	TAG_NAME="v$(jq -r .version package.json)"
	git fetch --tags
	# Verify the computed tag actually exists before proceeding
	git rev-parse "$TAG_NAME" >/dev/null
	communique generate "$TAG_NAME" --github-release