fix: Refactor deployment to not modify source file

[MantisClone]

Problem

1. Branch protection settings blocked the deployment workflow from pushing to main
2. The deployment workflow modified tokens/token-list.json on every deploy, creating 2 commits per release (timestamp update + historical snapshot) and triggering unnecessary notifications
3. PRs based on main after deployment failed validation because the timestamp was a real value instead of the placeholder

Proposed Solution

Deployment Workflow Refactor

• Create timestamped copies in dist/ without modifying the source file
• The source tokens/token-list.json always keeps the placeholder timestamp
• Historical snapshots in versions/ retain their original timestamps (not updated on subsequent deploys)
• Reduces commits from 2 to 1 per release (only the historical snapshot)

Branch Protection

• Added github-actions app to bypass PR requirements for the historical snapshot commit
• Added validate as a required status check
• Documented these settings in README

PR Validation

• Removed path filters so validate always runs (required for status checks to work properly)

Changes

• .github/workflows/deploy.yml - Refactored to timestamp copies in dist/, not source
• .github/workflows/pr.yml - Remove path filters
• tokens/token-list.json - Reset timestamp to placeholder
• README.md - Document branch protection settings

🤖 Generated with Claude Code

[coderabbitai]

Walkthrough

Added repository maintenance docs, removed a path filter so PR validation runs on all PRs, and added a post-deploy step that resets and commits the token list timestamp to main as part of the deploy workflow.

Changes

Cohort / File(s)	Change Summary
Documentation README.md	Added "Repository Maintenance" section describing branch protection rules, required review (1 approving), required status check (validate), and GitHub Actions bypass for direct pushes and deployment snapshot commits (+16/-0).
CI — PR validation .github/workflows/pr.yml	Removed path-based pull_request trigger filter so the PR validation workflow runs for all PRs; workflow steps (checkout, setup Node, install, test, validate token list) unchanged (-6 lines).
CI — Deploy .github/workflows/deploy.yml	Added a post-deploy step that resets the tokens/token-list.json timestamp to a placeholder, commits with [skip ci], and pushes to main to ensure future PR validations pass (+12/-0).

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'fix: Refactor deployment to not modify source file' does not accurately reflect the main changes. The actual objectives involve documenting branch protection settings, removing path filters from the PR workflow, and adding a timestamp reset step to the deployment workflow—none of which involve 'refactoring deployment to not modify source file.'	Update the title to reflect the primary changes: 'chore: Document branch protection settings and adjust PR validation workflow' or similar, as the documentation and workflow adjustments are the core objectives.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR adds a "Repository Maintenance" section to the README documenting the special branch protection configuration that allows GitHub Actions to bypass PR requirements and push directly to main during deployments.

• Documents PR requirement (1 approving review) and GitHub Actions bypass for automated deployments
• Explains why this configuration is necessary: deployment workflow pushes timestamp updates and version snapshots to main
• Warns maintainers about potential conflicts with org-wide branch protection automation
• Documentation is accurate and aligns with the actual deploy.yml workflow behavior

Confidence Score: 5/5

• This PR is safe to merge with no risks - it only adds documentation
• The PR adds clear, accurate documentation explaining branch protection settings. No code changes, no security risks, and the documentation correctly describes the deployment workflow behavior verified in deploy.yml
• No files require special attention

Important Files Changed

Filename	Overview
README.md	Added comprehensive documentation about branch protection settings and automated deployment workflow

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PR as Pull Request
    participant Main as Main Branch
    participant Release as GitHub Release
    participant Actions as GitHub Actions
    participant Pages as GitHub Pages

    Dev->>PR: Create PR with token changes
    PR->>Main: Merge (requires 1 approval)
    Dev->>Release: Create GitHub Release
    Release->>Actions: Trigger deploy workflow
    Actions->>Main: Checkout main branch
    Actions->>Actions: Validate token list
    Actions->>Main: Push commit (update timestamp) [bypass PR requirement]
    Actions->>Main: Push commit (create version snapshot) [bypass PR requirement]
    Actions->>Pages: Deploy versioned files

Loading

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/deploy.yml:
- Around line 168-178: The "Reset timestamp to placeholder" workflow step should
be made resilient by running regardless of deploy success (set the step's if to
always() or use post job cleanup semantics) and by avoiding empty commits: after
writing tokens/token-list.json.tmp and moving it into place, check for actual
repo changes (e.g., using git status --porcelain or git diff --quiet) before
running git add/commit/push; only run HUSKY=0 git commit -m "chore: Reset
timestamp to placeholder [skip ci]" and git push origin main when changes exist
to prevent failing on empty commits. Ensure the step still configures git
user.email/name and references the tokens/token-list.json target file exactly.