Experiment/custom release pipeline

[Athemis]

Summary

Testing

• cargo fmt
• cargo clippy --all-targets --all-features
• cargo test
• Other:

Screenshots (if UI changes)

Notes for reviewers

Summary by CodeRabbit

• Chores
  • Refactored release workflow to support multi-target builds across Linux and Windows platforms (including 32-bit variants).
  • Updated CI/CD configuration and removed automated dependency management tooling.
  • Streamlined build artifact packaging and release process with normalized naming conventions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The pull request systematically removes several release automation tools—release-plz, cargo-dist, and git-cliff—along with their configurations and workflows. The release workflow is reworked from a tag-driven, dist-based approach to a workflow-dispatch-triggered, multi-job matrix pipeline supporting multiple build targets across Linux and Windows architectures.

Changes

Cohort / File(s)	Summary
CI/Workflow Restructuring .github/workflows/release.yml, .github/workflows/release-plz.yml	Removed release-plz automation workflow entirely. Redesigned release.yml from tag-driven dist-based orchestration to workflow-dispatch-driven multi-job pipeline with matrix-driven builds across Linux/Windows and 32-bit/nightly variants, explicit Rust build commands, custom packaging (tar.gz/zip per target), artifact management, and SHA256SUMS generation.
Release Automation Configuration release-plz.toml, dist-workspace.toml, cliff.toml	Removed all three configuration files entirely, eliminating workspace-level release toggles, changelog automation via git-cliff templating/commit parsing, and cargo-dist platform/installer configuration.
Package Metadata Cargo.toml	Removed package metadata fields (description, license, authors, repository, homepage, readme, keywords), eliminated [profile.dist] section, and streamlined [profile.release] by removing panic abort and symbol stripping, retaining only lto = "thin".
Dependency Management .github/dependabot.yml	Removed the cargo package-ecosystem block from dependabot configuration, retaining only rust-toolchain and GitHub Actions update blocks with weekly schedules.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Focus areas requiring extra attention:
  • The new matrix build configuration syntax and per-target build logic in .github/workflows/release.yml—ensure all target triples, toolchain versions, and build flags are correctly configured
  • Artifact naming, packaging logic (tar.gz vs. zip), and environment variable handling across matrix dimensions
  • The new publish job's tag-based trigger conditions and integration with softprops/action-gh-release
  • Verification that removal of dist, release-plz, and cliff configurations does not break any undocumented build or release processes

Possibly related PRs

• ci: refactor release pipeline #12: This PR directly opposes and reverses the removal of release pipeline components (cliff.toml, dist-workspace.toml, release-plz.toml, and related workflows) that the current PR strips away.

Poem

✦ The release machinery hath been refactored fair,
No more dist, no plz, no cliff to spare,
Matrix builds now helm the course we chart,
Multi-targets converge—a well-wrought art.
Let workflow-dispatch be our guiding star! 🚀

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description follows the required template structure but fails to provide substantive content in critical sections: Summary is empty, Testing items are unchecked with no details, and Notes for reviewers is blank.	Complete the Summary section with details about why this custom release pipeline was created, explain which testing steps were performed, and add reviewer notes explaining the architectural changes and rationale.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Experiment/custom release pipeline' clearly describes the main change: replacing the automated release system with a custom pipeline implementation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch experiment/custom-release-pipeline

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

212-240: Commendable release gating and artifact management.

The publish job exemplifies disciplined release practices. Tag-based gating (startsWith(github.ref, 'refs/tags/v')) ensures only intentional versions are released. The artifact download, listing, and checksum generation pipeline is transparent and auditible. Reliance on softprops/action-gh-release is wise—a mature and community-trusted action. Auto-generation of release notes leverages GitHub's native changelog intelligence.

One minor consideration: the checksum generation command (line 229) does not explicitly validate that the find and sha256sum steps succeeded. Consider adding a validation step to confirm SHA256SUMS was created and is non-empty:

      - name: Verify checksums generated
        run: |
          if [ ! -s dist/SHA256SUMS ]; then
            echo "ERROR: SHA256SUMS not generated or is empty"
            exit 1
          fi
          cat dist/SHA256SUMS

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 548d84f and 81d5327.

📒 Files selected for processing (7)

• .github/dependabot.yml (0 hunks)
• .github/workflows/release-plz.yml (0 hunks)
• .github/workflows/release.yml (1 hunks)
• Cargo.toml (0 hunks)
• cliff.toml (0 hunks)
• dist-workspace.toml (0 hunks)
• release-plz.toml (0 hunks)

💤 Files with no reviewable changes (6)

• .github/workflows/release-plz.yml
• release-plz.toml
• Cargo.toml
• cliff.toml
• .github/dependabot.yml
• dist-workspace.toml

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: Athemis/ELNPack PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-03T16:16:45.363Z
Learning: Use `cargo run` to build and launch the desktop app; use `cargo check` before pushing; use `cargo fmt` to format Rust sources (enforced style); use `cargo clippy --all-targets --all-features` to lint for warnings; use `cargo test` to run tests; use `cargo build --release` for optimized binary distribution.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Build i686-pc-windows-msvc
• GitHub Check: Build i686-win7-windows-msvc
• GitHub Check: Build i686-unknown-linux-gnu
• GitHub Check: Build x86_64-win7-windows-msvc
• GitHub Check: Build x86_64-unknown-linux-gnu
• GitHub Check: Build x86_64-pc-windows-msvc
• GitHub Check: Analyze (rust)

🔇 Additional comments (3)

.github/workflows/release.yml (3)

3-6: Clarify the intended trigger behavior: every push or tag-only?

Your workflow is configured to run on both push (all branches/commits) and workflow_dispatch (manual trigger). This means the entire matrix build—across six targets—executes on every commit. If your intention is to release only on version tags, you may wish to restrict the push trigger to tag events or remove it entirely.

# Option 1: Only manual dispatch and tags
on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

# Option 2: Only manual dispatch
on:
  workflow_dispatch:

Clarify your intent and adjust accordingly.

---

14-45: Excellent enforcement of code quality gates.

The checks job exemplifies disciplined CI practices. Format verification, linting with -D warnings, and comprehensive testing form a solid front-line defense against regressions. This gate executes before the expensive multi-platform builds—an efficient ordering.

---

123-210: Well-orchestrated cross-platform build and packaging.

Your build matrix steps exemplify careful cross-platform engineering. The safe-ref-name normalization (lines 123–133) handles forward-slashes and branch names gracefully across Windows and Unix shells. Linux dependency installation is comprehensive, with proper 32-bit multilib handling. Conditional logic for toolchain setup, target addition, and rust-src component is clean and efficient. Cache strategy—keyed by toolchain and target—minimizes unnecessary rebuilds while avoiding collisions.

The artifact upload and download integration is sound. Per-target artifacts are correctly uploaded with the name elnpack-${{ env.SAFE_REF }}-${{ matrix.target }} and downloaded by the publish job into dist/. The find . -maxdepth 2 command in the checksums step properly traverses the nested directory structure, and dist/**/* in the GitHub Release step correctly includes all packaged binaries for release publication.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's read the complete release.yml file to see the full context
cat -n .github/workflows/release.yml

Repository: Athemis/ELNPack

Length of output: 9123

---

🏁 Script executed:

# Look for README or documentation explaining win7 support
find . -maxdepth 2 -name "README*" -o -name "CONTRIBUTING*" -o -name "*.md" | head -20

Repository: Athemis/ELNPack

Length of output: 150

---

🏁 Script executed:

# Search for any comments or mentions of win7 or nightly in the codebase
rg -i "win7|windows 7" --type md --type txt --type yml -B 2 -A 2

Repository: Athemis/ELNPack

Length of output: 86

---

🏁 Script executed:

# Check if there's a Cargo.toml that might explain target requirements
cat -n Cargo.toml | head -50

Repository: Athemis/ELNPack

Length of output: 1441

---

🏁 Script executed:

# Check README for platform support and win7 information
cat -n README.md | head -100

Repository: Athemis/ELNPack

Length of output: 5850

---

🏁 Script executed:

# Check CONTRIBUTING for development guidance
cat CONTRIBUTING.md

Repository: Athemis/ELNPack

Length of output: 2196

---

🏁 Script executed:

# Search for any mentions of win7 or nightly in all markdown files
rg -i "win7|windows 7|nightly" . -t md -B 1 -A 1

Repository: Athemis/ELNPack

Length of output: 639

---

🏁 Script executed:

# Check git log for when win7 targets were introduced
git log --all --oneline --grep="win7" 2>/dev/null | head -10 || echo "No win7 commits found"
git log --all --oneline .github/workflows/release.yml 2>/dev/null | head -10 || echo "Could not get release.yml history"

Repository: Athemis/ELNPack

Length of output: 589

---

Pin the nightly toolchain to a specific date for reproducible releases.

The matrix includes two targets (x86_64-win7-windows-msvc and i686-win7-windows-msvc) using an unpinned nightly toolchain. While Windows 7 support is a documented feature (see README), unpinned nightly creates a reproducibility risk: future workflow runs may use a different nightly compiler with potential breaking changes, making release artifacts non-deterministic.

Recommended action:
Pin nightly to a stable date, e.g., toolchain: nightly-2025-12-04. This ensures that release builds remain reproducible if you need to rebuild or investigate issues in the future.

Note: The build job currently skips tests on Windows and 32-bit targets. If possible, consider adding test runs to at least one Windows target to catch platform-specific issues before release, though this may have scheduling implications.

🤖 Prompt for AI Agents

.github/workflows/release.yml lines 52-113: two matrix entries use an unpinned
"nightly" toolchain which risks non-reproducible releases; change both
occurrences (x86_64-win7-windows-msvc and i686-win7-windows-msvc) to a
date-pinned nightly like "nightly-2025-12-04" (or another chosen stable date) so
the workflow always uses the exact same compiler version; update both toolchain
fields accordingly and run/verify a workflow dry-run to ensure the pinned
toolchain is available.