v0.3.59 release (redux redux redux)

[bradhe]

• Separate the build step from the release step for docker and WASM builds

Summary by CodeRabbit

• Chores
  • Restructured CI/CD workflows to separate build and publish stages
  • Docker and WASM package builds now execute as dedicated workflow jobs
  • Publishing workflows optimized to consume pre-built artifacts for faster releases

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR refactors the CI/CD pipeline by introducing dedicated build workflows for Docker and npm packages. Rather than building during publish, new workflows generate artifacts that downstream publish workflows consume, enabling reusable, decoupled build processes invoked through the release workflow.

Changes

Cohort / File(s)	Summary
New Build Workflows .github/workflows/build-docker.yml, .github/workflows/build-wasm.yml	Two new reusable workflows that build Docker context and npm packages respectively, uploading results as artifacts. Both accept a plan input and support manual and workflow-call triggering.
Updated Publish Workflows .github/workflows/publish-docker.yml, .github/workflows/publish-npm.yml	Refactored to download and consume pre-built artifacts instead of building in-place. Removes repository checkout and build steps; tightens permissions by removing contents: read.
Release Orchestration .github/workflows/release.yml	Adds custom-build-wasm and custom-build-docker jobs that invoke the new build workflows conditionally, gating them on plan eligibility and threading the plan output to reusable workflows.
Build Configuration dist-workspace.toml	Updates local-artifacts-jobs to include three build jobs: ./build-binaries, ./build-wasm, ./build-docker.

Sequence Diagram

sequenceDiagram
    actor Trigger
    participant Release as release.yml
    participant BuildWasm as build-wasm.yml
    participant BuildDocker as build-docker.yml
    participant Artifacts as Artifact Storage
    participant PublishNpm as publish-npm.yml
    participant PublishDocker as publish-docker.yml

    Trigger->>Release: Manual / Push event
    Release->>Release: Evaluate plan condition
    Release->>BuildWasm: Call workflow<br/>(if plan eligible)
    Release->>BuildDocker: Call workflow<br/>(if plan eligible)
    
    par Build Artifacts
        BuildWasm->>BuildWasm: Checkout + Setup Rust
        BuildWasm->>BuildWasm: Build wasm package
        BuildWasm->>Artifacts: Upload npm-package artifact
        
        BuildDocker->>BuildDocker: Checkout repo
        BuildDocker->>Artifacts: Upload docker-context artifact
    end
    
    Release->>PublishNpm: Wait on build jobs
    Release->>PublishDocker: Wait on build jobs
    
    par Publish from Artifacts
        PublishNpm->>Artifacts: Download npm-package artifact
        PublishNpm->>PublishNpm: npm publish
        
        PublishDocker->>Artifacts: Download docker-context artifact
        PublishDocker->>PublishDocker: docker buildx build --push
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• v0.3.59 release (redux) #260: Modifies npm publish workflow permissions and steps to align with OIDC trusted publishing changes reflected in this PR.
• feat: publish multi-arch Docker image on release #254: Introduced the original Docker publish workflow and Dockerfile; this PR extends it with an artifact-based build stage.

Suggested reviewers

• jo-sm
• giray123
• socksy
• sammuti

Poem

🐰 A wasm and Docker dance so fine,
Artifacts passed down the line,
Build once, publish twice with care,
Our pipelines float through CI air!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'v0.3.59 release (redux redux redux)' is vague and does not clearly convey the main changes (separating build steps from release steps for Docker and WASM). It reads as a version bump with cryptic notation rather than describing the architectural improvement.	Consider a more descriptive title such as 'Separate Docker and WASM builds from release workflow' or 'Refactor release workflow to decouple builds from publishing' that clearly indicates the architectural change being introduced.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/build-docker.yml (1)

10-13: Consider making plan input optional or documenting its unused status.

The plan input is declared as required: true but is not used anywhere in this workflow. While this maintains consistency with other build workflows (like build-wasm.yml) and allows uniform invocation from release.yml, it may cause confusion. Consider either:

• Making it optional: required: false
• Adding a comment explaining it's for interface consistency with other build jobs

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-docker.yml around lines 10 - 13, The workflow
declares an inputs.plan parameter as required: true but it isn't used; update
the inputs.plan declaration (inputs.plan) to either make it optional by changing
required: true to required: false, or add a clear inline comment next to the
inputs.plan entry explaining that it is intentionally kept for interface
consistency with other build workflows (e.g., build-wasm.yml) and for uniform
invocation from release.yml so callers understand why it exists.

.github/workflows/release.yml (1)

249-253: The if condition is correct but growing unwieldy.

The extended condition properly gates the host job on all build stages completing successfully or being skipped. While functionally correct, this single-line condition is becoming difficult to read and maintain.

Consider extracting to a reusable expression or restructuring as a matrix/needs check in a future refactor, though this is not blocking for this PR.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 249 - 253, The long if condition
on the host job (checking needs.plan, needs.build-global-artifacts,
needs.build-local-artifacts, needs.custom-build-binaries,
needs.custom-build-wasm, needs.custom-build-docker) is correct but hard to read
— extract it into a reusable YAML anchor or single named string and reference
that anchor/name from the host job's if to improve readability and
maintainability; create an anchor like &builds_ok_if with the full expression
and replace the inline if with *builds_ok_if (or put the expression into a
single variable/constant and reference that variable) so the condition logic
remains identical but is easier to manage.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/build-wasm.yml:
- Around line 23-26: Update the GitHub Actions step that references
actions-rust-lang/setup-rust-toolchain by bumping its version from v1.11.0 to
v1.15.4; keep the existing with: target: wasm32-unknown-unknown configuration
and leave the jetli/wasm-pack-action@v0.4.0 step unchanged so the workflow
benefits from the newer Rust toolchain action fixes.

---

Nitpick comments:
In @.github/workflows/build-docker.yml:
- Around line 10-13: The workflow declares an inputs.plan parameter as required:
true but it isn't used; update the inputs.plan declaration (inputs.plan) to
either make it optional by changing required: true to required: false, or add a
clear inline comment next to the inputs.plan entry explaining that it is
intentionally kept for interface consistency with other build workflows (e.g.,
build-wasm.yml) and for uniform invocation from release.yml so callers
understand why it exists.

In @.github/workflows/release.yml:
- Around line 249-253: The long if condition on the host job (checking
needs.plan, needs.build-global-artifacts, needs.build-local-artifacts,
needs.custom-build-binaries, needs.custom-build-wasm, needs.custom-build-docker)
is correct but hard to read — extract it into a reusable YAML anchor or single
named string and reference that anchor/name from the host job's if to improve
readability and maintainability; create an anchor like &builds_ok_if with the
full expression and replace the inline if with *builds_ok_if (or put the
expression into a single variable/constant and reference that variable) so the
condition logic remains identical but is easier to manage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c4b81031-ca7a-4de7-9714-8915ceb7a009

📥 Commits

Reviewing files that changed from the base of the PR and between 567e803 and 2f2f39b.

📒 Files selected for processing (6)

• .github/workflows/build-docker.yml
• .github/workflows/build-wasm.yml
• .github/workflows/publish-docker.yml
• .github/workflows/publish-npm.yml
• .github/workflows/release.yml
• dist-workspace.toml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

What is the latest version of jetli/wasm-pack-action GitHub Action?

💡 Result:

The latest version of the jetli/wasm-pack-action GitHub Action is v0.4.0.

Citations:

• 1: https://github.com/jetli/wasm-pack-action/releases
• 2: https://github.com/jetli/wasm-pack-action
• 3: https://github.com/marketplace/actions/wasm-pack-action

---

🌐 Web query:

What is the latest version of actions-rust-lang/setup-rust-toolchain GitHub Action?

💡 Result:

The latest version of the actions-rust-lang/setup-rust-toolchain GitHub Action is v1.15.4, released on March 14, 2026.

Citations:

• 1: https://github.com/actions-rust-lang/setup-rust-toolchain
• 2: https://github.com/actions-rust-lang/setup-rust-toolchain/releases
• 3: https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md

---

Update actions-rust-lang/setup-rust-toolchain to v1.15.4.

The workflow uses actions-rust-lang/setup-rust-toolchain@v1.11.0, which is outdated. The latest version is v1.15.4 (released March 14, 2026). Meanwhile, jetli/wasm-pack-action@v0.4.0 is already at the latest version. Update the Rust toolchain action to benefit from recent bug fixes and improvements.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-wasm.yml around lines 23 - 26, Update the GitHub
Actions step that references actions-rust-lang/setup-rust-toolchain by bumping
its version from v1.11.0 to v1.15.4; keep the existing with: target:
wasm32-unknown-unknown configuration and leave the jetli/wasm-pack-action@v0.4.0
step unchanged so the workflow benefits from the newer Rust toolchain action
fixes.