fix: separate generate and cleanup actions

[m-jahn]

closes #77

Summary by CodeRabbit

• Chores
  • CI/CD workflows now target the main branch for pushes and PRs, streamlining deploys and tests.
  • Added a monthly scheduled maintenance task to run catalog cleanup.
  • Removed automated cleanup from the catalog generation workflow and consolidated it into the new scheduled task.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: df43682a-8252-4add-b49c-88509eb3f4c7

📥 Commits

Reviewing files that changed from the base of the PR and between 06d99c3 and b44e193.

📒 Files selected for processing (2)

• .github/workflows/cleanup.yml
• .github/workflows/generate.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/cleanup.yml

---

📝 Walkthrough

Walkthrough

Four GitHub Actions workflow files are updated: deploy, generate, and test workflows are narrowed to trigger on main branch only (removing dev). A new standalone cleanup workflow is introduced, scheduled to run monthly with sequential offset-based execution.

Changes

Cohort / File(s)	Summary
Workflow Trigger Updates \.github/workflows/deploy.yml, \.github/workflows/generate.yml, \.github/workflows/test.yml	Branch filters changed from [main, dev] to [main] for push/pull_request triggers; generate job also gated to avoid running when actor is github-actions[bot] except on schedule.
New Scheduled Cleanup Workflow \.github/workflows/cleanup.yml	Adds a monthly cron workflow (0 7 1 * *) that runs pixi run cleanup-catalog using a matrix of OFFSET values (0..90 step 10) with max-parallel: 1; checks out code, sets up Pixi, pulls branch, runs cleanup, commits if changes, and pushes using ad-m/github-push-action@v1.
Removed Inline Cleanup Job \.github/workflows/generate.yml	Removed the previous cleanup-catalog job from the generate workflow; its functionality is migrated to the new scheduled workflow.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Scheduler as "GitHub Scheduler\n(acts on cron)"
    participant Runner as "Actions Runner\n(ubuntu-latest)"
    participant Repo as "Repository\n(working tree)"
    participant Pixi as "Pixi Tool\n(prefix-dev/setup-pixi)"
    participant Pusher as "Push Action\n(ad-m/github-push-action@v1)"

    rect rgba(0,128,0,0.5)
    Scheduler->>Runner: trigger workflow (cron)
    end

    Runner->>Repo: checkout code
    Runner->>Pixi: setup Pixi (with cache)
    Runner->>Repo: git pull --rebase origin ${{ github.ref }}
    loop for each OFFSET (0,10,...,90) sequentially
      Runner->>Pixi: run `pixi run cleanup-catalog` (env: GITHUB_TOKEN, OFFSET)
      Pixi-->>Repo: modify files (optional)
      Runner->>Repo: git commit -m "Add changes" -a (ignore no-changes)
      Runner->>Pusher: push branch using GITHUB_TOKEN
      Pusher-->>Repo: update remote branch
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: separate generate and cleanup actions' clearly summarizes the main change—separating the generate-catalog and cleanup-catalog workflows into independent GitHub Actions.
Linked Issues check	✅ Passed	The PR successfully implements all coding requirements from issue #77: separated generate/cleanup workflows, adjusted trigger schedules (weekly/monthly), and prevented cleanup from running on merged PRs.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #77 requirements—workflow separation, schedule adjustments, and branch trigger modifications. No extraneous changes were introduced.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/cleanup.yml (1)

8-9: Declare explicit repo write permission for this job.

This job pushes commits; adding permissions: contents: write avoids failures when default GITHUB_TOKEN permissions are restricted.

Suggested change

 jobs:
   cleanup-catalog:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/cleanup.yml around lines 8 - 9, The cleanup-catalog job
currently lacks explicit repository write permissions; add a permissions block
under the cleanup-catalog job declaration to grant the workflow write access
(e.g., set permissions: contents: write) so the job can push commits when using
GITHUB_TOKEN; update the job named cleanup-catalog to include this permissions
specification.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/cleanup.yml:
- Around line 37-41: The workflow currently uses the floating ref
ad-m/github-push-action@master in the "Push changes" step; replace that ref with
a specific immutable release tag (for example ad-m/github-push-action@v1 or a
concrete semver like `@v1.2.0`) to pin the action version and remove supply-chain
risk, updating the uses field for the step that has name "Push changes" to the
chosen fixed tag.

In @.github/workflows/generate.yml:
- Line 7: The generate.yml workflow currently triggers on pushes to main and
gets retriggered by the cleanup workflow's bot commits; update the
workflow-level trigger guard to skip runs when the event is a push from the
GitHub Actions bot while still allowing schedule and manual triggers
(workflow_dispatch and schedule). Concretely, add an if-condition that checks
github.event_name and github.actor (e.g., only proceed if github.event_name !=
'push' || github.actor != 'github-actions[bot]') so push events authored by
github-actions[bot] do not start the Generate run, but scheduled and manual
triggers remain unaffected.

---

Nitpick comments:
In @.github/workflows/cleanup.yml:
- Around line 8-9: The cleanup-catalog job currently lacks explicit repository
write permissions; add a permissions block under the cleanup-catalog job
declaration to grant the workflow write access (e.g., set permissions: contents:
write) so the job can push commits when using GITHUB_TOKEN; update the job named
cleanup-catalog to include this permissions specification.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a36a14fc-24ae-4a30-9751-f2e15f0f8bdf

📥 Commits

Reviewing files that changed from the base of the PR and between 7e70d3f and 06d99c3.

📒 Files selected for processing (4)

• .github/workflows/cleanup.yml
• .github/workflows/deploy.yml
• .github/workflows/generate.yml
• .github/workflows/test.yml