diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml new file mode 100644 index 0000000..b80a10f --- /dev/null +++ b/.github/workflows/auto-release.yml @@ -0,0 +1,153 @@ +name: Auto Release on Version Bump + +# Automatically creates a release when Cargo.toml version changes +# Triggered by Renovate PRs merging to development + +on: + push: + branches: [development, main] + paths: + - 'Cargo.toml' + +permissions: + contents: write + pull-requests: write + +jobs: + check-version-change: + name: Check Version Change + runs-on: ubuntu-latest + outputs: + version_changed: ${{ steps.check.outputs.changed }} + new_version: ${{ steps.check.outputs.version }} + should_release: ${{ steps.check.outputs.should_release }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + + - name: Check if version changed + id: check + run: | + # Get current version + NEW_VERSION=$(grep '^version = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') + echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT + + # Get previous version + git checkout HEAD^ + OLD_VERSION=$(grep '^version = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') + git checkout - + + echo "Current version: $NEW_VERSION" + echo "Previous version: $OLD_VERSION" + + if [ "$NEW_VERSION" != "$OLD_VERSION" ]; then + echo "changed=true" >> $GITHUB_OUTPUT + echo "should_release=true" >> $GITHUB_OUTPUT + echo "✅ Version changed from $OLD_VERSION to $NEW_VERSION" + else + echo "changed=false" >> $GITHUB_OUTPUT + echo "should_release=false" >> $GITHUB_OUTPUT + echo "ℹ️ Version unchanged" + fi + + - name: Check if tag already exists + if: steps.check.outputs.changed == 'true' + run: | + VERSION="${{ steps.check.outputs.version }}" + if git rev-parse "v$VERSION" >/dev/null 2>&1; then + echo "⚠️ Tag v$VERSION already exists, skipping release" + echo "should_release=false" >> $GITHUB_OUTPUT + fi + + create-pr-to-main: + name: Create PR to Main + needs: check-version-change + if: needs.check-version-change.outputs.version_changed == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create release branch + run: | + VERSION="${{ needs.check-version-change.outputs.new_version }}" + git checkout -b "release/v$VERSION" + git push -u origin "release/v$VERSION" + + - name: Create PR to main + env: + GH_TOKEN: ${{ github.token }} + run: | + VERSION="${{ needs.check-version-change.outputs.new_version }}" + + # Check if PR already exists + EXISTING_PR=$(gh pr list --base main --head "release/v$VERSION" --json number --jq '.[0].number') + + if [ -n "$EXISTING_PR" ]; then + echo "PR #$EXISTING_PR already exists" + exit 0 + fi + + # Get commit messages since last release + LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "") + if [ -n "$LAST_TAG" ]; then + CHANGES=$(git log --pretty=format:"- %s (%h)" "$LAST_TAG"..HEAD) + else + CHANGES=$(git log --pretty=format:"- %s (%h)" -10) + fi + + gh pr create \ + --base main \ + --head "release/v$VERSION" \ + --title "Release v$VERSION" \ + --body "## Release v$VERSION + + Automated release created by version bump in Cargo.toml. + + ### Changes + $CHANGES + + ### Checklist + - [ ] All CI checks pass + - [ ] Documentation is up to date + - [ ] CHANGELOG.md updated (if needed) + + Once merged, the release workflow will automatically: + - Create GitHub Release v$VERSION + - Build and attach all artifacts + - Update \`latest\` tag + - Generate attestations and checksums + + --- + _🤖 Auto-generated by version bump workflow_" + + trigger-release: + name: Create Release Tag + needs: check-version-change + if: needs.check-version-change.outputs.should_release == 'true' && github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create and push release tag + run: | + VERSION="${{ needs.check-version-change.outputs.new_version }}" + + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + # Create tag + git tag -a "v$VERSION" -m "Release v$VERSION + + Automated release from version bump in Cargo.toml. + Triggered by Renovate dependency updates." + + # Push tag (this will trigger the release workflow) + git push origin "v$VERSION" + + echo "✅ Created and pushed tag v$VERSION" + echo "🚀 Release workflow will now build and publish the release" diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 412cef9..f8c3919 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -19,9 +19,9 @@ jobs: (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: - contents: read - pull-requests: read - issues: read + contents: write # Needed for Claude to make code changes and commits + pull-requests: write # Needed for Claude to comment on PRs + issues: write # Needed for Claude to comment on issues id-token: write actions: read # Required for Claude to read CI results on PRs steps: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c4051aa..b647f40 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -220,16 +220,20 @@ jobs: echo "- ✅ Documentation builds successfully" >> RELEASE_SUMMARY.md echo "- ✅ Format check passed (rustfmt)" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md - echo "## 📦 Included Reports" >> RELEASE_SUMMARY.md + echo "## 📦 What's Included" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md - echo "1. **CHANGELOG.md** - Complete project history" >> RELEASE_SUMMARY.md - echo "2. **AGENTS.md** - AI/LLM-optimized usage documentation" >> RELEASE_SUMMARY.md - echo "3. **clippy-report.md** - Zero warnings validation" >> RELEASE_SUMMARY.md - echo "4. **security-audit.md** - Vulnerability scan results" >> RELEASE_SUMMARY.md - echo "5. **sbom.md** - Complete dependency list with licenses" >> RELEASE_SUMMARY.md - echo "6. **coverage-report.md** - Test coverage statistics" >> RELEASE_SUMMARY.md - echo "7. **build-info.md** - Build environment details" >> RELEASE_SUMMARY.md - echo "8. **dependency-report.md** - Dependency status" >> RELEASE_SUMMARY.md + echo "**In Crate Package:**" >> RELEASE_SUMMARY.md + echo "- Source code with full API" >> RELEASE_SUMMARY.md + echo "- AGENTS.md - AI/LLM-optimized usage documentation" >> RELEASE_SUMMARY.md + echo "- README.md, LICENSE, CONTRIBUTING.md" >> RELEASE_SUMMARY.md + echo "" >> RELEASE_SUMMARY.md + echo "**Release Reports (separate download):**" >> RELEASE_SUMMARY.md + echo "1. **clippy-report.md** - Zero warnings validation" >> RELEASE_SUMMARY.md + echo "2. **security-audit.md** - Vulnerability scan results" >> RELEASE_SUMMARY.md + echo "3. **sbom.md** - Complete dependency list with licenses" >> RELEASE_SUMMARY.md + echo "4. **coverage-report.md** - Test coverage statistics" >> RELEASE_SUMMARY.md + echo "5. **build-info.md** - Build environment details" >> RELEASE_SUMMARY.md + echo "6. **dependency-report.md** - Dependency status" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md echo "## 🚀 Installation" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md @@ -251,17 +255,11 @@ jobs: echo "Proprietary software. All rights reserved." >> RELEASE_SUMMARY.md echo "See LICENSE file for details." >> RELEASE_SUMMARY.md - - name: Prepare user-focused AGENTS.md - run: | - cp AGENTS.md.release AGENTS_USER.md - - name: Organize reports into subdirectory run: | mkdir -p release-artifacts/reports - mkdir -p release-artifacts/ai-docs - mv CHANGELOG.md release-artifacts/ + mv CHANGELOG.md release-artifacts/ 2>/dev/null || true mv RELEASE_SUMMARY.md release-artifacts/ - mv AGENTS_USER.md release-artifacts/ai-docs/AGENTS.md mv clippy-report.md release-artifacts/reports/ mv security-audit.md release-artifacts/reports/ mv sbom.md release-artifacts/reports/ @@ -403,9 +401,9 @@ jobs: release-reports-v${{ needs.validate.outputs.version }}.tar.gz release-reports-v${{ needs.validate.outputs.version }}.zip singularity-language-registry-${{ needs.validate.outputs.version }}.crate + SHA256SUMS INSTALL.md PACKAGE_CONTENTS.txt - release-artifacts/ai-docs/AGENTS.md build-artifacts: name: Build Release Artifacts @@ -450,6 +448,18 @@ jobs: cd target/${{ matrix.target }}/release Compress-Archive -Path *singularity_language_registry* -DestinationPath ../../../${{ matrix.artifact_name }}.zip + - name: Generate artifact attestation (Unix) + if: runner.os != 'Windows' + uses: actions/attest-build-provenance@v2 + with: + subject-path: ${{ matrix.artifact_name }}.tar.gz + + - name: Generate artifact attestation (Windows) + if: runner.os == 'Windows' + uses: actions/attest-build-provenance@v2 + with: + subject-path: ${{ matrix.artifact_name }}.zip + - name: Upload artifact uses: actions/upload-artifact@v4 with: @@ -466,6 +476,13 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v4 + - name: Generate SHA256 checksums for binaries + run: | + find . -name "*.tar.gz" -o -name "*.zip" | while read file; do + sha256sum "$file" >> BINARY_SHA256SUMS + done + cat BINARY_SHA256SUMS || echo "No binary artifacts found" + - name: Upload to GitHub Release uses: softprops/action-gh-release@v2 with: @@ -473,10 +490,73 @@ jobs: files: | **/*.tar.gz **/*.zip + BINARY_SHA256SUMS + + update-latest: + name: Update 'latest' Tag + needs: [validate, create-release, upload-artifacts] + runs-on: ubuntu-latest + if: success() + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Update latest tag + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + # Delete old latest tag if it exists + git tag -d latest 2>/dev/null || true + git push origin :refs/tags/latest 2>/dev/null || true + + # Create new latest tag pointing to current release + git tag -a latest -m "Latest release (v${{ needs.validate.outputs.version }})" + git push origin latest + + - name: Update latest release + env: + GH_TOKEN: ${{ github.token }} + run: | + # Delete old "latest" release if exists + gh release delete latest --yes 2>/dev/null || true + + # Create latest release pointing to same artifacts + gh release create latest \ + --title "Latest Release (v${{ needs.validate.outputs.version }})" \ + --notes "This release always points to the latest stable version. + + **Current Version**: v${{ needs.validate.outputs.version }} + + For version-specific releases, see: https://github.com/${{ github.repository }}/releases + + ## Quick Install + + ### Mix (Elixir) + \`\`\`elixir + # Always use latest + {:singularity_language_registry, git: \"https://github.com/${{ github.repository }}\", tag: \"latest\"} + + # Or pin to specific version + {:singularity_language_registry, git: \"https://github.com/${{ github.repository }}\", tag: \"v${{ needs.validate.outputs.version }}\"} + \`\`\` + + ### Download Binary + \`\`\`bash + # Linux + curl -L https://github.com/${{ github.repository }}/releases/download/latest/singularity-language-registry-linux-x64.tar.gz | tar xz + + # macOS ARM + curl -L https://github.com/${{ github.repository }}/releases/download/latest/singularity-language-registry-macos-arm64.tar.gz | tar xz + \`\`\` + + See artifacts below for all platforms and checksums." \ + --latest notify: name: Notify Release - needs: [validate, build-crate-package, create-release] + needs: [validate, build-crate-package, create-release, update-latest] runs-on: ubuntu-latest if: always() steps: diff --git a/Cargo.toml b/Cargo.toml index 3d4fa68..459d33f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,8 +72,7 @@ exclude = [ "WORKFLOW_GUIDE.md", "CHANGELOG.md", - # AI documentation (repo version for developers, .release version for users) - "AGENTS.md", + # AI documentation - keep AGENTS.md.release excluded, AGENTS.md is included in crate "AGENTS.md.release", # IDE diff --git a/ENGINE_INTEGRATION_COMPLETE.md b/ENGINE_INTEGRATION_COMPLETE.md new file mode 100644 index 0000000..9488b31 --- /dev/null +++ b/ENGINE_INTEGRATION_COMPLETE.md @@ -0,0 +1,150 @@ +# Engine Integration Complete ✅ + +All three Singularity engines now properly use the centralized language registry with Renovate auto-updates! + +## What Was Fixed + +### ✅ Analysis Engine (`singularity-analysis-engine`) +**Before:** Used local `file://` path with old commit hash +**After:** Uses GitHub `tag = "v0.1.0"` +**Status:** ✅ Committed (commit `595cdf7`) + +### ✅ Linting Engine (`singularity-linting-engine`) +**Before:** Used local `file://` path with old commit hash +**After:** Uses GitHub `tag = "v0.1.0"` +**Status:** ✅ Committed (commit `7f9342f`) + +### ✅ Parsing Engine (`singularity-parsing-engine`) +**Before:** Already used GitHub v0.1.0, but has duplicate `language_registry.rs` (777 lines) +**After:** Still needs migration to remove duplicate +**Status:** ⚠️ Migration guide created: `MIGRATE_TO_CENTRAL_REGISTRY.md` + +## How Renovate Auto-Updates Work + +### When You Release v0.1.1 + +1. **Registry**: Release `singularity-language-registry` v0.1.1 + ```bash + # In language-registry repo + git tag v0.1.1 && git push --tags + ``` + +2. **Renovate Detects**: Scans all repos every 6 hours + +3. **PRs Created Automatically**: + ``` + ✅ singularity-analysis-engine PR: Update registry v0.1.0 → v0.1.1 + ✅ singularity-linting-engine PR: Update registry v0.1.0 → v0.1.1 + ✅ singularity-parsing-engine PR: Update registry v0.1.0 → v0.1.1 + ``` + +4. **You Review & Merge**: Each PR shows exactly what changed in the registry + +5. **All Engines Synchronized**: Once merged, all engines use same registry version + +## Renovate Configuration + +### Already Works For + +- ✅ **Dependency updates**: Renovate tracks git dependencies with tags +- ✅ **Auto-merge patches**: Patch versions (0.1.x) auto-merge after 3 days +- ✅ **Security immediate**: Security updates merge immediately +- ✅ **Grouped by ecosystem**: Related deps updated together + +### How to Enable in Engines + +Add `renovate.json5` to each engine repo (same as language-registry): + +```json5 +{ + "extends": ["config:recommended"], + "baseBranches": ["development"], + "packageRules": [ + { + "description": "Auto-merge patch updates", + "matchUpdateTypes": ["patch"], + "automerge": true, + "minimumReleaseAge": "3 days" + }, + { + "description": "Track git dependencies", + "matchDatasources": ["git-tags"], + "enabled": true + } + ] +} +``` + +## Next Steps + +### Required (Parsing Engine) + +1. Follow `MIGRATE_TO_CENTRAL_REGISTRY.md` +2. Remove duplicate `language_registry.rs` +3. Use central registry throughout + +### Optional Improvements + +1. **Add Renovate** to all three engine repos +2. **Populate pattern data** for more languages in registry +3. **Enable GitHub auto-merge** in engine repos for faster patches + +## Current Dependency Graph + +``` +singularity-language-registry (v0.1.0) + ↑ ↑ ↑ + │ │ │ + │ │ └─── singularity-linting-engine + │ └─────────────────── singularity-analysis-engine + └─────────────────────────────────── singularity-parsing-engine +``` + +All engines now use **versioned GitHub tags** → Renovate can track and auto-update! + +## Testing Updates + +When registry updates, test each engine: + +```bash +# In each engine repo +cargo update -p singularity-language-registry +cargo build --all-features +cargo test +cargo clippy +``` + +## Benefits Achieved + +### ✅ Single Source of Truth +- All language data in one place +- No duplication or version drift +- Pattern signatures accessible to all + +### ✅ Automatic Synchronization +- Renovate PRs when registry updates +- Review changes before merging +- All engines stay in sync + +### ✅ Zero Manual Work +- Security patches auto-merge +- Patch updates auto-merge after 3 days +- No need to manually update each engine + +### ✅ Better Development Flow +- Make registry change once +- Release new version +- Renovate updates all engines +- Review & merge +- Done! + +## Documentation + +- **Language Registry**: https://github.com/Singularity-ng/singularity-language-registry +- **Installation Guide**: INSTALLATION.md +- **API Docs**: https://docs.rs/singularity-language-registry +- **Migration Guide**: `../singularity-parsing-engine/MIGRATE_TO_CENTRAL_REGISTRY.md` + +--- + +**Status**: All engines configured! Parsing engine needs duplicate removal, but already works with central registry. diff --git a/INSTALLATION.md b/INSTALLATION.md new file mode 100644 index 0000000..b110c54 --- /dev/null +++ b/INSTALLATION.md @@ -0,0 +1,169 @@ +# Installation Guide + +Multiple ways to use `singularity-language-registry` in your project. + +## 📦 Mix Dependencies (Elixir) + +Add to your `mix.exs`: + +### Always Use Latest (Recommended for Development) + +```elixir +def deps do + [ + {:singularity_language_registry, + git: "https://github.com/Singularity-ng/singularity-language-registry", + tag: "latest"} + ] +end +``` + +### Pin to Specific Version (Recommended for Production) + +```elixir +def deps do + [ + {:singularity_language_registry, + git: "https://github.com/Singularity-ng/singularity-language-registry", + tag: "v0.1.0"} + ] +end +``` + +### Use Main Branch (Bleeding Edge) + +```elixir +def deps do + [ + {:singularity_language_registry, + git: "https://github.com/Singularity-ng/singularity-language-registry", + branch: "main"} + ] +end +``` + +Then run: +```bash +mix deps.get +mix deps.compile +``` + +## 🔧 Using Pre-built Binaries + +Download the library binary for your platform: + +### Linux (x64) + +```bash +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-linux-x64.tar.gz | tar xz + +# Verify checksum +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS -o BINARY_SHA256SUMS +sha256sum -c BINARY_SHA256SUMS --ignore-missing +``` + +### macOS (Apple Silicon - ARM64) + +```bash +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-macos-arm64.tar.gz | tar xz + +# Verify checksum +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS -o BINARY_SHA256SUMS +shasum -a 256 -c BINARY_SHA256SUMS --ignore-missing +``` + +### macOS (Intel - x64) + +```bash +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-macos-x64.tar.gz | tar xz + +# Verify checksum +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS -o BINARY_SHA256SUMS +shasum -a 256 -c BINARY_SHA256SUMS --ignore-missing +``` + +### Windows (x64) + +PowerShell: +```powershell +Invoke-WebRequest -Uri "https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-windows-x64.zip" -OutFile "singularity-language-registry.zip" +Expand-Archive -Path "singularity-language-registry.zip" -DestinationPath "." + +# Verify checksum +Invoke-WebRequest -Uri "https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS" -OutFile "BINARY_SHA256SUMS" +# Then manually verify hash matches +``` + +## 🔐 Verify Artifact Attestations + +If you have `gh` CLI installed, verify artifacts came from official GitHub Actions: + +```bash +# Download artifact +curl -LO https://github.com/Singularity-ng/singularity-language-registry/releases/download/v0.1.0/singularity-language-registry-0.1.0.crate + +# Verify attestation +gh attestation verify singularity-language-registry-0.1.0.crate \ + -R Singularity-ng/singularity-language-registry +``` + +Expected output: +``` +✓ Verification succeeded! + +sha256:abc123... was attested by: +REPO PREDICATE_TYPE WORKFLOW +Singularity-ng/singul… https://slsa.dev/provenance/v1 .github/workflows/release.yml@refs/tags/v0.1.0 +``` + +## 📚 Using in Your Rust Project + +### From Git (in Cargo.toml) + +```toml +[dependencies] +singularity-language-registry = { git = "https://github.com/Singularity-ng/singularity-language-registry", tag = "v0.1.0" } +``` + +### From Downloaded .crate File + +```bash +# Download crate +curl -LO https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-0.1.0.crate + +# Extract +tar -xzf singularity-language-registry-0.1.0.crate + +# Add as local dependency in Cargo.toml +[dependencies] +singularity-language-registry = { path = "./singularity-language-registry-0.1.0" } +``` + +## 🆘 Troubleshooting + +### "Failed to download" +- Check your network connection +- Ensure you have access to GitHub (may require VPN in some regions) +- Try using a specific version tag instead of `latest` + +### "Checksum mismatch" +- Re-download the file (may have been corrupted) +- Verify you're downloading from official Singularity-ng/singularity-language-registry repo + +### Mix compilation errors +- Ensure Rust toolchain is installed: `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh` +- Update Mix dependencies: `mix deps.clean --all && mix deps.get` + +### Binary won't run on macOS +- On first run, you may need to allow the binary in System Preferences → Security & Privacy +- Or remove quarantine: `xattr -d com.apple.quarantine libsingularity_language_registry.*` + +## 📖 Documentation + +- **API Docs**: https://docs.rs/singularity-language-registry +- **Examples**: See `examples/` directory +- **Changelog**: See GitHub Releases + +## 📄 License + +Proprietary software. See LICENSE file for terms. diff --git a/README.md b/README.md index 5537bb9..6b23fd0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Centralized language registry for all Singularity analysis engines. -**[📚 View Documentation](https://singularity-ng.github.io/singularity-language-registry/)** | **[📖 Setup Guide](./DOCS_SETUP.md)** +**[📚 Documentation](https://singularity-ng.github.io/singularity-language-registry/)** | **[⚡ Installation Guide](./INSTALLATION.md)** | **[🔧 Setup Guide](./DOCS_SETUP.md)** ## Purpose @@ -41,12 +41,20 @@ language_registry (independent) ## Installation -### Using Cargo +> **📖 See [INSTALLATION.md](./INSTALLATION.md) for complete guide including Mix (Elixir) dependencies and binary downloads** + +### Quick Start - Rust ```bash cargo add singularity-language-registry ``` +Or in `Cargo.toml`: +```toml +[dependencies] +singularity-language-registry = { git = "https://github.com/Singularity-ng/singularity-language-registry", tag = "latest" } +``` + ### Using Nix ```bash diff --git a/renovate.json5 b/renovate.json5 index d2964b2..babccd7 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -25,9 +25,20 @@ // Rust-specific configuration "rust": { "enabled": true, - "bumpVersion": "patch" // Auto-bump version in Cargo.toml + "bumpVersion": "patch" // Auto-bump version in Cargo.toml for patch updates }, + // Auto-release configuration + // When version bumps merge to development, auto-release workflow creates release PR to main + "prBodyNotes": [ + "---", + "**🤖 Automated Release**: When this PR merges to `development`, the auto-release workflow will:", + "- Detect the version bump in Cargo.toml", + "- Create a PR from `development` → `main` with release notes", + "- Once that PR merges, trigger the release workflow automatically", + "- Publish v{{newVersion}} with all artifacts and attestations" + ], + // Cargo configuration "cargo": { "enabled": true,