feat: release automation configs

[SoulPancake]

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fbb697a2-ee1a-4ea7-abe6-c8f754361cba

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/release-automation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

In general, to fix this issue you should explicitly declare a permissions block in the workflow (either at the root or per-job) that grants only the minimal scopes required for the job. This prevents the workflow from inheriting broader default GITHUB_TOKEN permissions from the repository or organization.

For this specific file, the safest and most compatible approach—without changing existing functionality—is to add a root-level permissions block that grants read-only access to repository contents, which is a common minimal baseline and aligns with the suggested “minimal starting point” in the warning. Because this workflow simply delegates to a reusable workflow via uses: openfga/sdk-generator/.github/workflows/release-please.yml@main and we cannot see its internals, we should not try to guess additional write scopes; if that reusable workflow needs more, it can (and should) request them itself. The change should be added near the top of .github/workflows/release-please.yml, for example immediately after the name: release-please line, so that it applies to all jobs defined in this workflow (including the release job).

No additional imports or methods are needed; only YAML configuration changes are required.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 38.04%. Comparing base (cc3a5f2) to head (1952b87).

❌ Your project status has failed because the head coverage (38.04%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #312      +/-   ##
============================================
- Coverage     38.05%   38.04%   -0.02%     
+ Complexity     1259     1258       -1     
============================================
  Files           198      198              
  Lines          7646     7646              
  Branches        885      885              
============================================
- Hits           2910     2909       -1     
  Misses         4598     4598              
- Partials        138      139       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.