ci: automated release setup

[ghaith]

This pull request introduces automated release management for the repository by adding a GitHub Actions workflow and configuring release-plz for versioning and release PRs. The main changes are grouped as follows:

Release automation setup:

• Added .github/workflows/release-plz.yml to automate the creation and updating of release pull requests using the release-plz action. This workflow runs on pushes to master and can be triggered manually, checks out the repository, installs the Rust toolchain, generates a GitHub App token if available, and runs the release-pr command.

Release-plz configuration:

• Added release-plz.toml to configure release-plz, specifying workspace release settings, PR branch prefix and labels, disabling publishing, and customizing git tag naming. It also defines release settings for the rusty, plc_driver, and iec61131std packages, grouping them under "external".

[Copilot]

Pull request overview

This PR sets up automated release management for the repository using release-plz. It introduces a GitHub Actions workflow that triggers on pushes to master and optionally uses a GitHub App token for creating/updating release PRs. A release-plz.toml configuration file is added to define which packages are released, their version grouping, and tag naming conventions.

Changes:

• Added .github/workflows/release-plz.yml to automate release PR creation via the release-plz action.
• Added release-plz.toml to configure workspace-level and per-package release settings for rusty, plc_driver, and iec61131std.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/release-plz.yml	Workflow triggered on master pushes to generate release PRs via release-plz/action@v0.3, with optional GitHub App token support
release-plz.toml	Configures release-plz with workspace defaults and per-package release settings for three packages in a shared version group

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The if condition ${{ secrets.APP_ID != '' && secrets.APP_PRIVATE_KEY != '' }} will not work as expected. In GitHub Actions, secrets are masked in expressions and comparisons like secrets.MY_SECRET != '' always evaluate to false in step-level if conditions when the secret is not set — because unset secrets are empty strings, but the expression context doesn't allow reliable truthiness checks on secrets in if conditions this way. The recommended approach is to check whether the secret is defined using secrets.APP_ID != '' but only works at the job-level if, not step-level. For step-level conditions, use env variables or the hashFiles equivalent pattern, such as setting an environment variable from the secret first.

[Copilot]

The workspace-level git_tag_name = "v{{ version }}" will cause tag naming conflicts when multiple packages in the same version_group are released together. Since rusty, plc_driver, and iec61131std all share the "external" version group (i.e., they always release at the same version), all three will attempt to create a Git tag with the same name (e.g., v0.3.0). The second and third tag creation will fail because the tag already exists. Each package should have its own distinguishable tag name, typically including the package name, such as {{ package }}-v{{ version }}, or one representative package should be designated for tagging. If the intent is to have a single shared tag for all three, only one package's git_tag_name should be set to v{{ version }} and the others should have git_release = false or a distinct tag name.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The Generate GitHub App token step runs unconditionally. If the APP_ID or APP_PRIVATE_KEY secrets are not configured in the repository, this step will fail and block the entire release workflow. The PR description explicitly states the token should be generated "if available," indicating a conditional step was intended. This step should include an if condition to check whether the secrets are set (e.g., if: ${{ secrets.APP_ID != '' }}), and the release-plz step should fall back to the built-in GITHUB_TOKEN when the app token is unavailable.

[Copilot]

The PR description states the workflow "generates a GitHub App token if available," implying a conditional check. However, in the actual workflow, the "Generate GitHub App token" step runs unconditionally with no if: guard. This is a discrepancy between the PR description and the implementation: either the description is wrong, or the step needs an if condition to handle the case where APP_ID / APP_PRIVATE_KEY secrets are absent.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The release-plz action step on line 37 also needs an if condition to match the optional token step. If the App token step is made conditional, the GITHUB_TOKEN env var here should also conditionally switch between steps.app-token.outputs.token and secrets.GITHUB_TOKEN.