workflows: call discover.yaml as a reusable workflow

[JuneStepp]

It seems really annoying to have to deal with inputs not being available in discover.yaml when called from this repo. Calling it similar to how end users would should fix that and be a good example for users.

[coderabbitai]

Warning

Review limit reached

@JuneStepp, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 50 minutes and 34 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0b92b8d2-d22a-4d5c-9643-4fa92f82dea8

📥 Commits

Reviewing files that changed from the base of the PR and between 0b9347d and 367eec2.

📒 Files selected for processing (2)

• .github/workflows/discover.yaml
• .github/workflows/run_discover.yaml

📝 Walkthrough

Walkthrough

discover.yaml is converted into a reusable-only workflow by removing its push/pull_request triggers and cleaning up input forwarding expressions. A new run_discover.yaml wrapper is introduced to hold those triggers and call discover.yaml as a reusable workflow.

Changes

Reusable workflow extraction

Layer / File(s)	Summary
Make discover.yaml reusable-only .github/workflows/discover.yaml	Removes on.push and on.pull_request triggers, drops the atelier.toml fallback from RULES, and removes the || false coercion from the push input passed to build.yaml.
Add run_discover.yaml caller workflow .github/workflows/run_discover.yaml	New workflow with push (master) and pull_request triggers, explicit contents/checks/id-token permissions, and a single Atelier job calling discover.yaml with NIKS3_TOKEN forwarded.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐇 A workflow once triggered by every push and pull,
Now waits to be called — a reusable tool!
A wrapper arrives with permissions in tow,
Forwarding secrets so the builds can flow.
Cleaner the YAML, the rabbit hops free! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'workflows: call discover.yaml as a reusable workflow' clearly and specifically describes the main change in the PR.
Description check	✅ Passed	The description explains the motivation for the change (dealing with inputs not being available) and the solution (calling discover.yaml as a reusable workflow), which directly relates to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/run_discover.yaml:
- Line 1: The workflow definition is missing an explicit name field, which makes
it anonymous and harder to track in run history and required-check targeting.
Add a name field at the very top of the workflow file, before the `on:` trigger
definition. The name should be descriptive and reflect the purpose of the
workflow, such as "Discover" or another appropriate identifier.
- Around line 6-11: The workflow-level permissions block currently includes the
elevated `checks: write` and `id-token: write` scopes, which apply globally to
all jobs and introduce unnecessary permission escalation. To fix this, reduce
the workflow-level permissions block to only include `contents: read`, then add
a separate permissions section under the specific job (jobs.Atelier) that
includes all three permissions: `contents: read`, `checks: write`, and
`id-token: write`. This ensures that only the Atelier job gets the elevated
scopes it needs, while other jobs won't inherit write permissions by default.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 14ff1197-a869-45b1-b800-eb7bda808a9f

📥 Commits

Reviewing files that changed from the base of the PR and between 3081f9e and 0b9347d.

📒 Files selected for processing (2)

• .github/workflows/discover.yaml
• .github/workflows/run_discover.yaml

[stepbrobd]

ooooh smart! thank you!