chore: add automatic release workflow

[PascalRepond]

No description provided.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Adds semantic-release-based release automation, a new Release GitHub Actions workflow, and updates the Docker publish workflow to trigger and push images on GitHub release events; also adds semantic-release configuration and Poe tasks to pyproject.toml.

Changes

Cohort / File(s)	Change Summary
GitHub Actions — Docker publish \.github/workflows/docker-publish\.yml	Switched trigger from tag pushes to release published events; made Docker login and build/push steps conditional on release event; use enable={{is_default_branch}} for latest tag metadata.
GitHub Actions — Release workflow \.github/workflows/release\.yml	Added new Release workflow with workflow_dispatch input prerelease; checks out code, sets up Python 3.12, installs uv, runs uv sync --dev --frozen, runs semantic-release (with optional --prerelease), detects whether a release/tag was created, conditionally runs semantic-release publish, and configures git auth.
Project configuration pyproject\.toml	Added python-semantic-release dev dependency; added Poe tasks (changelog, version, release); removed legacy build-system/setuptools find config; added [tool.semantic_release] config (version file mapping, tag format, branch rules, changelog settings, commit parser options, prerelease behavior).
CI workflow dependency sync \.github/workflows/ci\.yml	Changed dependency install command from uv sync to uv sync --frozen to pin resolved dependencies during CI.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer (trigger)
  participant GH as GitHub Actions
  participant Repo as Repository
  participant SR as semantic-release
  participant Docker as Docker registry
  rect rgb(230,245,255)
    Note over Dev,GH: Release flow (Release workflow)
  end
  Dev->>GH: workflow_dispatch (prerelease?)
  GH->>Repo: checkout
  GH->>GH: setup Python 3.12\ninstall uv\nuv sync --dev --frozen
  GH->>SR: run semantic-release [--prerelease?]
  SR->>Repo: create tag / update version / changelog
  alt tag created
    GH->>GH: set output released=true
    GH->>SR: semantic-release publish
  else no tag
    GH->>GH: set output released=false
  end

  rect rgb(245,255,230)
    Note over Repo,Docker: Docker publish flow (docker-publish.yml)
  end
  Note over Repo,GH: release published event -> triggers docker-publish
  GH->>GH: conditional docker/login-action (if release event)
  GH->>GH: build image
  GH->>Docker: push image (only when event=release)
  GH->>GH: tag metadata (latest enabled via is_default_branch)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess whether it relates to the changeset.	Add a brief description explaining the purpose of the automatic release workflow, what problems it solves, and any setup or usage instructions.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: add automatic release workflow' directly describes the main change—adding a new automated release workflow using semantic-release across multiple configuration files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3d7b77f and 3eb990e.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/ci.yml
• .github/workflows/docker-publish.yml
• .github/workflows/release.yml
• pyproject.toml

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

pyproject.toml (1)

73-84: LGTM! Consider enhancing the release task documentation.

The release management tasks are well-structured. The release task with --no-push --no-tag --no-commit flags is useful for local testing, though the help text could be more explicit that this is a local-only operation and won't actually create a release.

Optional: Enhanced help text

 [tool.poe.tasks.release]
 cmd = "semantic-release version --no-push --no-tag --no-commit"
-help = "Generate changelog and bump version (dry-run for testing)"
+help = "Generate changelog and bump version locally (does not push, tag, or commit - for local testing only)"

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b0747a and 3d7b77f.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/docker-publish.yml
• .github/workflows/release.yml
• pyproject.toml

🔇 Additional comments (6)

.github/workflows/docker-publish.yml (3)

24-30: LGTM!

The conditional login on release events is correct and follows best practices by only authenticating when needed.

---

32-48: LGTM!

The metadata extraction and conditional push logic are correctly implemented. The semver tagging patterns align well with semantic-release, and gating the push behind the release event check ensures images are only published for actual releases.

---

4-7: Reconsider the push trigger if releases are the only deployment target.

The push trigger on line 4 has no branch or path filters, causing the workflow to run on every push. While the conditional on line 46 prevents pushing to the registry for non-release events, the workflow still builds the Docker image for every commit, consuming CI resources.

If you only intend to build and push on releases, remove the push trigger entirely. If you want to validate builds on all commits without pushing, keep it—but consider adding branch or path filters to avoid unnecessary builds.

.github/workflows/release.yml (2)

22-40: LGTM!

The setup steps are correctly configured:

• Full git history fetch is required for semantic-release
• Python version matches project requirements
• UV caching will improve workflow performance

---

42-45: LGTM!

The git configuration correctly matches the commit_author specified in pyproject.toml (line 168), ensuring consistency in automated commits.

pyproject.toml (1)

34-34: Version 10.5.3 is the latest stable release. No action needed. This version was released on December 14, 2025, and contains the v10 security hardening that addressed the GitHub Actions command-injection vulnerability. No unpatched critical vulnerabilities exist.

[PascalRepond]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.