feat: add rainix-rs-autopublish reusable workflow

[thedavidmeister]

Generic autopublish-on-push-to-main for pure-Rust crates. Parametrized only by crate name (inputs.crate). Consumers wire it in via a thin caller with secrets: inherit.

First consumer: rain.erc. rain.math.float keeps its own due to the NPM half.

Summary by CodeRabbit

• Chores
  • Added automated publishing workflow that detects changes in crate contents and automatically publishes updates to the package registry, including version management, repository tagging, and release documentation.

[coderabbitai]

Warning

Review limit reached

@thedavidmeister, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 33 minutes and 39 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a907b4db-4b55-4fae-9c98-8326c914e8a0

📥 Commits

Reviewing files that changed from the base of the PR and between 7fab69d and 90372ab.

📒 Files selected for processing (1)

• .github/workflows/rainix-autopublish.yaml

📝 Walkthrough

Walkthrough

A new GitHub Actions reusable workflow for Rust crates automatically publishes to crates.io when packaged content changes. It validates with cargo test, compares deterministic hashes from the local build and crates.io latest version, and conditionally bumps patch version, tags the repository, and creates a GitHub Release on content mismatch.

Changes

Rust Crate Auto-Publishing Workflow

Layer / File(s)	Summary
Workflow trigger and job baseline .github/workflows/rainix-rs-autopublish.yaml	Reusable workflow triggered via workflow_call accepts crate name input and requires publishing SSH key, git identity email/name, and crates.io token secrets. Establishes release job with content write and repository write permissions on ubuntu-latest runner.
Publish pipeline steps .github/workflows/rainix-rs-autopublish.yaml	Checks out code using publishing SSH key, installs Nix, restores/saves Nix store cache, runs cargo test, configures git identity, computes old hash from crates.io latest version and new hash from local cargo package, conditionally bumps patch version, tags repository with crate-<version>, pushes commits and tags, publishes to crates.io, and creates GitHub Release when hashes differ.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A workflow hops through Nix and Rust so fine,
Computing hashes to detect each change in time,
When content shifts, it bumps the version high,
Tags and publishes—let new releases fly! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding a new reusable GitHub Actions workflow for automated Rust crate publishing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-05-23-rs-autopublish

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/rainix-rs-autopublish.yaml:
- Around line 69-71: The tag naming currently uses only env.CARGO_VERSION which
will collide across crates; update the tagging to include a crate identifier
(e.g., use an existing env like CARGO_CRATE or CRATE_NAME or derive from Cargo
metadata) so the tag becomes crateName-${{ env.CARGO_VERSION }} and update the
corresponding release/push steps to use that same combined tag variable (ensure
the git tag, git push origin HEAD and git push origin --tags / release creation
all reference the new composite tag variable).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3ecf95aa-8b54-4e8f-a0fc-1ab24f341c02

📥 Commits

Reviewing files that changed from the base of the PR and between d444279 and 7fab69d.

📒 Files selected for processing (1)

• .github/workflows/rainix-rs-autopublish.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Hash comparison will always show changes due to path format mismatch.

cargo package --list outputs relative paths like Cargo.toml, src/lib.rs, while tar -tzf outputs prefixed paths like crate-name-0.1.0/Cargo.toml. These will never match, causing changed to always be true and triggering a publish on every run.

Additionally, this compares only file lists, not file contents—content-only changes won't be detected once the path issue is fixed.

🐛 Proposed fix: strip the prefix from tar output

           if [ "$OLD_VERSION" = "none" ]; then
             OLD="none"
           else
             curl -fsSL "https://crates.io/api/v1/crates/${{ inputs.crate }}/$OLD_VERSION/download" -o /tmp/old.crate
-            OLD=$(tar -tzf /tmp/old.crate 2>/dev/null | LC_ALL=C sort | sha256sum | cut -d' ' -f1)
+            OLD=$(tar -tzf /tmp/old.crate 2>/dev/null | sed 's|^[^/]*/||' | LC_ALL=C sort | sha256sum | cut -d' ' -f1)
           fi

To also detect content changes, consider hashing the tarball content itself or extracting and hashing file contents rather than just the file list.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	NEW=$(nix develop github:rainlanguage/rainix#rust-shell -c cargo package -p ${{ inputs.crate }} --allow-dirty --quiet --list | LC_ALL=C sort | sha256sum | cut -d' ' -f1)
	OLD_VERSION=$(curl -fsSL "https://crates.io/api/v1/crates/${{ inputs.crate }}" | python3 -c "import sys, json; print(json.load(sys.stdin)['crate']['max_version'])" 2>/dev/null || echo "none")
	if [ "$OLD_VERSION" = "none" ]; then
	OLD="none"
	else
	curl -fsSL "https://crates.io/api/v1/crates/${{ inputs.crate }}/$OLD_VERSION/download" -o /tmp/old.crate
	OLD=$(tar -tzf /tmp/old.crate 2>/dev/null | LC_ALL=C sort | sha256sum | cut -d' ' -f1)
	if [ "$OLD_VERSION" = "none" ]; then
	OLD="none"
	else
	curl -fsSL "https://crates.io/api/v1/crates/${{ inputs.crate }}/$OLD_VERSION/download" -o /tmp/old.crate
	OLD=$(tar -tzf /tmp/old.crate 2>/dev/null | sed 's|^[^/]*/||' | LC_ALL=C sort | sha256sum | cut -d' ' -f1)

[github-actions]

@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment:

S/M/L PR Classification Guidelines:

This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed.

Small (S)

Characteristics:

• Simple bug fixes, typos, or minor refactoring
• Single-purpose changes affecting 1-2 files
• Documentation updates
• Configuration tweaks
• Changes that require minimal context to review

Review Effort: Would have taken 5-10 minutes

Examples:

• Fix typo in variable name
• Update README with new instructions
• Adjust configuration values
• Simple one-line bug fixes
• Import statement cleanup

Medium (M)

Characteristics:

• Feature additions or enhancements
• Refactoring that touches multiple files but maintains existing behavior
• Breaking changes with backward compatibility
• Changes requiring some domain knowledge to review

Review Effort: Would have taken 15-30 minutes

Examples:

• Add new feature or component
• Refactor common utility functions
• Update dependencies with minor breaking changes
• Add new component with tests
• Performance optimizations
• More complex bug fixes

Large (L)

Characteristics:

• Major feature implementations
• Breaking changes or API redesigns
• Complex refactoring across multiple modules
• New architectural patterns or significant design changes
• Changes requiring deep context and multiple review rounds

Review Effort: Would have taken 45+ minutes

Examples:

• Complete new feature with frontend/backend changes
• Protocol upgrades or breaking changes
• Major architectural refactoring
• Framework or technology upgrades

Additional Factors to Consider

When deciding between sizes, also consider:

• Test coverage impact: More comprehensive test changes lean toward larger classification
• Risk level: Changes to critical systems bump up a size category
• Team familiarity: Novel patterns or technologies increase complexity

Notes:

• the assessment must be for the totality of the PR, that means comparing the base branch to the last commit of the PR
• the assessment output must be exactly one of: S, M or L (single-line comment) in format of: SIZE={S/M/L}
• do not include any additional text, only the size classification
• your assessment comment must not include tips or additional sections
• do NOT tag me or anyone else on your comment

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

SIZE=M