feat: soften autopublish secrets requirements

[thedavidmeister]

Makes PUBLISH_PRIVATE_KEY, CI_GIT_EMAIL, CI_GIT_USER optional in rainix-autopublish so consumers without those secrets can still adopt the reusable.

• ssh-key in actions/checkout: empty string falls back to GITHUB_TOKEN over HTTPS. Pushes still work; only downside is tag-push events don't trigger downstream workflows (only matters if the consumer has tag-listening workflows like float's publish-soldeer.yaml).
• git config user.email/user.name fall back to the github-actions[bot] identity.

CARGO_REGISTRY_TOKEN stays required (no anonymous cargo publish). NPM_PUBLISH_PRIVATE_TOKEN and SOLDEER_API_TOKEN remain optional and only consulted when their feature is enabled.

Unblocks rain.erc autopublish (it has no PUBLISH_PRIVATE_KEY configured).

Summary by CodeRabbit

• Chores
  • Improved robustness of the autopublish workflow by making git configuration inputs optional with sensible fallback values, ensuring the publishing process continues reliably even when custom git credentials are not specified.

[coderabbitai]

Warning

Review limit reached

@thedavidmeister, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 58 minutes and 14 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7cd70c3e-1cc7-45ba-b880-314309589a4b

📥 Commits

Reviewing files that changed from the base of the PR and between 09d695f and 504712c.

📒 Files selected for processing (1)

• .github/workflows/rainix-autopublish.yaml

📝 Walkthrough

Walkthrough

This PR relaxes the reusable publish workflow's interface by making git configuration inputs optional with fallback defaults. The workflow now handles missing CI_GIT_EMAIL and CI_GIT_USER by defaulting to the github-actions[bot] identity instead of requiring callers to provide those values.

Changes

Workflow Configuration and Git Identity Defaults

Layer / File(s)	Summary
Optional git configuration inputs .github/workflows/rainix-autopublish.yaml	CI_GIT_EMAIL and CI_GIT_USER inputs are now optional (required: false) with empty-string defaults.
Checkout and key behavior documentation .github/workflows/rainix-autopublish.yaml	Comments document PUBLISH_PRIVATE_KEY usage and the fallback to GITHUB_TOKEN over HTTPS when the private key is unset.
Git identity configuration with fallback .github/workflows/rainix-autopublish.yaml	Git author identity falls back to github-actions[bot]@users.noreply.github.com`` and github-actions[bot] when the optional secrets or inputs are missing.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A workflow so fine, now more flexible and bright,
With fallbacks in place when secrets aren't quite right,
The git-bot steps in with a friendly default heart,
Making publish less painful right from the start! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: soften autopublish secrets requirements' accurately summarizes the main change: making secrets optional in the autopublish workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-05-23-optional-publish-key

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment:

S/M/L PR Classification Guidelines:

This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed.

Small (S)

Characteristics:

• Simple bug fixes, typos, or minor refactoring
• Single-purpose changes affecting 1-2 files
• Documentation updates
• Configuration tweaks
• Changes that require minimal context to review

Review Effort: Would have taken 5-10 minutes

Examples:

• Fix typo in variable name
• Update README with new instructions
• Adjust configuration values
• Simple one-line bug fixes
• Import statement cleanup

Medium (M)

Characteristics:

• Feature additions or enhancements
• Refactoring that touches multiple files but maintains existing behavior
• Breaking changes with backward compatibility
• Changes requiring some domain knowledge to review

Review Effort: Would have taken 15-30 minutes

Examples:

• Add new feature or component
• Refactor common utility functions
• Update dependencies with minor breaking changes
• Add new component with tests
• Performance optimizations
• More complex bug fixes

Large (L)

Characteristics:

• Major feature implementations
• Breaking changes or API redesigns
• Complex refactoring across multiple modules
• New architectural patterns or significant design changes
• Changes requiring deep context and multiple review rounds

Review Effort: Would have taken 45+ minutes

Examples:

• Complete new feature with frontend/backend changes
• Protocol upgrades or breaking changes
• Major architectural refactoring
• Framework or technology upgrades

Additional Factors to Consider

When deciding between sizes, also consider:

• Test coverage impact: More comprehensive test changes lean toward larger classification
• Risk level: Changes to critical systems bump up a size category
• Team familiarity: Novel patterns or technologies increase complexity

Notes:

• the assessment must be for the totality of the PR, that means comparing the base branch to the last commit of the PR
• the assessment output must be exactly one of: S, M or L (single-line comment) in format of: SIZE={S/M/L}
• do not include any additional text, only the size classification
• your assessment comment must not include tips or additional sections
• do NOT tag me or anyone else on your comment