Add autodoc CI job and release workflow

[Jesssullivan]

Summary

• Add autodoc job to CI that generates and uploads API docs as an artifact on every push/PR
• Add release.yml workflow triggered on v* tags: builds ReleaseFast, runs tests, generates autodoc, creates source tarball, and publishes a GitHub Release via softprops/action-gh-release@v2
• Uses existing docs build step from Phase 1; no build.zig changes needed

Test plan

• CI autodoc job passes on this PR
• Push a v0.x.y tag after merge to verify release workflow creates a GitHub Release with tarball

[greptile-apps]

Greptile Summary

This PR adds an autodoc CI job (macOS, uploads docs artifact on every push/PR) and a new release.yml workflow (triggered on v* tags) that builds, tests, generates docs, and publishes a GitHub Release with a source tarball. The build.zig change extracts docs_mod so link_libc can be set on it independently.

Confidence Score: 3/5

Not safe to merge as-is — the release docs step will fail on Linux and the autodoc CI job silently swallows failures

Two pre-existing P1 findings (in prior threads) remain unaddressed: docs_mod missing Linux system include paths will cause zig build docs to fail in the release workflow, and softprops/action-gh-release@v2 is unpinned with contents: write. Score pulled below the P1 ceiling of 4 because both issues affect the core release path.

build.zig (missing include paths for docs_mod on Linux) and .github/workflows/release.yml (unpinned action + missing docs artifact in release assets)

Important Files Changed

Filename	Overview
.github/workflows/ci.yml	Adds autodoc job on macos-15; continue-on-error: true masks failures and skips the artifact upload silently
.github/workflows/release.yml	New release workflow on tag push; softprops/action-gh-release@v2 unpinned with contents: write; autodoc output not included in release assets; zig build docs on Linux will fail due to missing include paths in docs_mod
build.zig	Extracts docs_mod to allow link_libc = true, but omits the Linux system include paths that root_module sets — zig build docs will fail on Linux

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([push to main or PR]) --> B[CI build job\nmacos-15 and ubuntu-latest]
    A --> C[CI autodoc job\nmacos-15]
    A --> D[CI secrets-scan\nubuntu-latest]

    C --> E{zig build docs}
    E -->|success| F[upload-artifact: autodoc]
    E -->|failure| G[job fails silently\ncontinue-on-error=true\nartifact skipped]

    H([push v-star tag]) --> I[release workflow\nubuntu-latest]
    I --> J[Install libnotify deps]
    J --> K[zig build ReleaseFast]
    K --> L[zig build test]
    L --> M{zig build docs\nmissing include paths}
    M -->|Linux fails| N[workflow aborts]
    M -->|success| O[git archive tarball]
    O --> P[action-gh-release\ncontents write\nunpinned tag]
    P --> Q([GitHub Release\ntarball only\nno docs asset])

Loading

_{Reviews (4): Last reviewed commit: "Run autodoc on macOS with continue-on-er..." | Re-trigger Greptile}

[greptile-apps]

Third-party action pinned to a mutable tag with contents: write

softprops/action-gh-release@v2 is a semver tag, not a commit SHA. With permissions: contents: write at the workflow level, any future movement or compromise of that tag would run untrusted code with write access to this repository. Pin to the current commit SHA of v2 instead.

Suggested change

	- name: Create GitHub Release
	uses: softprops/action-gh-release@da356b9ba7a48dd4b9c8cb80e72e1dff1e7cfe47 # v2

[greptile-apps]

Autodoc generated but not included in release assets

zig build docs is executed and writes to zig-out/docs/, but that output is never referenced in files: — only the source tarball is uploaded to the GitHub Release. If distributing HTML docs with each release is intentional, the docs directory needs to be packaged and added to files:.

[greptile-apps]

docs_mod missing system include paths — zig build docs will fail on Linux

docs_mod sets link_libc = true but omits the addSystemIncludePath calls that root_module adds for libnotify/glib/gdk-pixbuf. Because ffi.zig → notify.zig → notify_linux.zig contains @cImport({ @cInclude("libnotify/notify.h") }), the compiler must resolve that header during doc generation. Without the include paths, this will produce a "file not found" error in both the CI autodoc job and the release workflow on Linux.

Suggested change

	const docs_mod = b.createModule(.{
	.root_source_file = b.path("src/ffi.zig"),
	.target = target,
	.optimize = optimize,
	});
	docs_mod.link_libc = true;
	const docs_mod = b.createModule(.{
	.root_source_file = b.path("src/ffi.zig"),
	.target = target,
	.optimize = optimize,
	});
	docs_mod.link_libc = true;
	if (resolved_target.result.os.tag == .linux) {
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/include/libnotify" });
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/include/glib-2.0" });
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/include/gdk-pixbuf-2.0" });
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/lib/x86_64-linux-gnu/glib-2.0/include" });
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/lib/aarch64-linux-gnu/glib-2.0/include" });
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/lib64/glib-2.0/include" });
	docs_mod.addSystemIncludePath(.{ .cwd_relative = "/usr/lib/glib-2.0/include" });
	}