ci: use shared release workflow from ShipSoft/.github

[olantwin]

Summary

• Replace the inline release publishing workflow with a single uses: call to the org-level reusable workflow at ShipSoft/.github/.github/workflows/release.yml@main.
• Behaviour is unchanged: a v* tag push regenerates release notes via git-cliff and publishes the GitHub Release.
• scripts/release.sh and cliff.toml are unchanged — the local release flow stays per-repo.

Depends on ShipSoft/.github#4 — merge that first, otherwise the @main reference won't resolve.

Test plan

• Wait until feat: add release reusable workflow .github#4 is merged.
• Merge this PR.
• Run scripts/release.sh 0.2.1 locally, then git push --follow-tags origin main.
• Confirm a GitHub Release is published at https://github.com/ShipSoft/Geometry/releases with cliff-generated notes matching the v0.2.0 shape.

Summary by CodeRabbit

• Chores
  • Updated internal release process automation to use a shared workflow configuration. No changes to end-user functionality.

[coderabbitai]

📝 Walkthrough

Walkthrough

The release job in .github/workflows/release.yml is simplified by replacing its inline steps (checkout, git-cliff release-notes generation, GitHub Release creation) with a single reusable workflow call to ShipSoft/.github/.github/workflows/release.yml@main, adding permissions: contents: write on that call. The tag-push trigger is unchanged.

Changes

Release Workflow Delegation

Layer / File(s)	Summary
Release job rewired to reusable workflow .github/workflows/release.yml	Inline release steps removed (22 lines); replaced with uses: ShipSoft/.github/.github/workflows/release.yml@main and permissions: contents: write on the reusable workflow call.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• ShipSoft/Geometry#34: Introduced the original inline release job (git-cliff + GitHub Release steps) in .github/workflows/release.yml that this PR replaces with the reusable workflow call.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: replacing an inline release workflow with a shared reusable workflow from ShipSoft/.github, which is the primary refactoring focus of this PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/use-shared-release

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[olantwin]

@coderabbitai rate limit

[coderabbitai]

Your plan includes PR reviews subject to rate limits. More reviews will be available in 37 minutes and 5 seconds.

[matclim]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

13-13: 💤 Low value

Consider pinning to a commit SHA for stronger supply-chain security.

The zizmor tool flags the @main branch reference as unpinned. However, I note that .github/workflows/build-test.yml also uses @main for ShipSoft/.github reusable workflows, so this follows an established repository pattern.

For internal org workflows, the risk is lower than for third-party actions. If your team intentionally tracks main to pick up shared workflow improvements automatically, this is reasonable. Otherwise, pinning to a specific commit SHA (e.g., @<sha>) would provide stronger reproducibility and supply-chain guarantees.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml at line 13, The reusable workflow reference
for ShipSoft/.github/.github/workflows/release.yml is currently pinned to `@main`,
which is unpinned and poses a supply-chain security risk. Replace the `@main`
branch reference with a specific commit SHA (e.g., @<commit-sha>) to ensure
reproducibility and stronger security guarantees. This same pattern should also
be applied to the ShipSoft/.github reference in .github/workflows/build-test.yml
for consistency.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/release.yml:
- Line 13: The reusable workflow reference for
ShipSoft/.github/.github/workflows/release.yml is currently pinned to `@main`,
which is unpinned and poses a supply-chain security risk. Replace the `@main`
branch reference with a specific commit SHA (e.g., @<commit-sha>) to ensure
reproducibility and stronger security guarantees. This same pattern should also
be applied to the ShipSoft/.github reference in .github/workflows/build-test.yml
for consistency.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e9002ca9-96bb-4047-9da7-2d20c13baa12

📥 Commits

Reviewing files that changed from the base of the PR and between 857759d and 5f8068f.

📒 Files selected for processing (1)

• .github/workflows/release.yml