Release setup

[LesnyRumcajs]

This PR introduces https://release-plz.dev/ integration. It should work, but follow-ups might come.

Summary by CodeRabbit

• New Features

  • Automated release workflow added to create releases and prepare release PRs.

• Documentation

  • Added changelogs across all crates with initial 0.1.0 entries and Unreleased sections.

• Chores

  • Added package descriptions across crates.
  • Pinned internal dependency versions for consistency and updated package metadata.

[coderabbitai]

Walkthrough

Adds a Release-plz GitHub Actions workflow, creates Keep-a-Changelog files for multiple crates, and updates crate manifests by adding package description fields and pinning internal path dependencies to version = "0.1.0". No source code or public API changes.

Changes

Cohort / File(s)	Summary
Release automation .github/workflows/release-plz.yml	New GitHub Actions workflow "Release-plz" triggered on pushes to main, with two jobs: release-plz-release (runs release-plz/action to perform release, checks out full history, uses GITHUB_TOKEN and CARGO_REGISTRY_TOKEN) and release-plz-pr (creates/updates release PR, requires write perms and sets concurrency per ref).
Changelogs added blssig/CHANGELOG.md, certs/CHANGELOG.md, gpbft/CHANGELOG.md, lightclient/CHANGELOG.md, merkle/CHANGELOG.md, rpc/CHANGELOG.md	New Keep a Changelog files with Unreleased and 0.1.0 (2025-09-23) entries documenting initial release notes and housekeeping items.
Crate manifests (metadata & deps) blssig blssig/Cargo.toml certs certs/Cargo.toml gpbft gpbft/Cargo.toml lightclient lightclient/Cargo.toml merkle merkle/Cargo.toml rpc rpc/Cargo.toml	Added description fields to package manifests. Pinned internal path dependencies to version = "0.1.0" alongside path where applicable (examples: blssig→filecoin-f3-gpbft, certs→filecoin-f3-gpbft in deps & dev-deps, gpbft→filecoin-f3-merkle, lightclient→blssig, certs, gpbft, rpc, rpc→gpbft).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub
  participant WF as Release-plz Workflow
  participant RP as release-plz/action

  Dev->>GH: Push to main
  GH-->>WF: Trigger workflow

  rect rgb(232,240,254)
    note over WF: release-plz-release
    WF->>WF: checkout (fetch-depth: 0)
    WF->>RP: run "release" (env: GITHUB_TOKEN, CARGO_REGISTRY_TOKEN)
    RP-->>WF: create tags & release
  end

  rect rgb(237,251,239)
    note over WF: release-plz-pr
    WF->>WF: checkout
    WF->>RP: run "release-pr"
    RP-->>WF: open/update release PR (write perms, concurrency per ref)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Add F3 light client functionality #27 — Workspace-wide manifest and crate metadata changes (CHANGELOGs and Cargo.toml description/version pins) touching the same crates and dependency declarations.

Poem

I nibble notes and stamp my paw,
Changelogs sprout where coders saw,
Descriptions snug and versions pinned,
Workflows hum, the release begins,
Hop—carrots for the CI bin. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Release setup" is concise, single-phrase, and clearly related to the primary change in this PR (adding release-plz integration and release-related workflows/files), so it communicates the main intent to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release-boilerplate

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 66f7a1f and e7267e0.

📒 Files selected for processing (1)

• .github/workflows/release-plz.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release-plz.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: All lint checks

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

certs/Cargo.toml (1)

18-21: Add a version to the local dev-dependency so publishing isn't blocked

Cargo rejects path-only dependencies (including dev-deps) when publishing; if you include both version and path, Cargo uses the path locally and the version on crates.io — update certs/Cargo.toml's dev-dep accordingly (add a matching version alongside path).

🧹 Nitpick comments (14)

blssig/CHANGELOG.md (4)

14-14: Fix typo and casing in bullet point.

"depenendency" → "dependency"; start with capital for consistency.

- - set depenendency versions in Cargo.toml
+ - Set dependency versions in Cargo.toml

---

12-12: Use standard Keep a Changelog section label.

Replace "Other" with "Changed" to align with the spec.

-### Other
+### Changed

---

17-19: Capitalize bullet entries consistently.

Minor copy polish for readability and consistency.

- - basic CI setup ([#5](https://github.com/ChainSafe/rust-f3/pull/5))
- - be more explicit about the package naming ([#3](https://github.com/ChainSafe/rust-f3/pull/3))
- - workspace and folder structure ([#2](https://github.com/ChainSafe/rust-f3/pull/2))
+ - Basic CI setup ([#5](https://github.com/ChainSafe/rust-f3/pull/5))
+ - Be more explicit about the package naming ([#3](https://github.com/ChainSafe/rust-f3/pull/3))
+ - Workspace and folder structure ([#2](https://github.com/ChainSafe/rust-f3/pull/2))

---

8-8: Add link reference for [Unreleased].

The bracketed "Unreleased" header currently has no target. Add a compare link reference at the bottom.

  - workspace and folder structure ([#2](https://github.com/ChainSafe/rust-f3/pull/2))
+
+[Unreleased]: https://github.com/ChainSafe/rust-f3/compare/filecoin-f3-blssig-v0.1.0...HEAD

lightclient/CHANGELOG.md (4)

12-15: Fix typo and standardize categories per Keep a Changelog.

Use “Added”/“Changed” and fix “depenendency” -> “dependency”. Also sentence‑case bullets.

-### Other
-
-- set depenendency versions in Cargo.toml
-- Add F3 light client functionality ([#27](https://github.com/ChainSafe/rust-f3/pull/27))
+### Added
+- F3 light client functionality ([#27](https://github.com/ChainSafe/rust-f3/pull/27))
+
+### Changed
+- Set dependency versions in Cargo.toml

---

8-8: [Unreleased] is a reference-style link but has no definition.

Add link refs to avoid a broken/unstyled header link.

---

16-16: Add link reference definitions (Unreleased and 0.1.0).

This also enables compare-from-latest-tag UX.

+ 
+[Unreleased]: https://github.com/ChainSafe/rust-f3/compare/filecoin-f3-lightclient-v0.1.0...HEAD
+[0.1.0]: https://github.com/ChainSafe/rust-f3/releases/tag/filecoin-f3-lightclient-v0.1.0

---

3-3: Optional: “project” → “crate” for clarity.

This file is scoped to the lightclient crate.

-All notable changes to this project will be documented in this file.
+All notable changes to this crate will be documented in this file.

rpc/CHANGELOG.md (1)

14-15: Fix typo: “depenendency” → “dependency”.

Also consider capitalizing the sentence for consistency with other entries.

Apply this diff:

-- set depenendency versions in Cargo.toml
+- Set dependency versions in Cargo.toml

certs/CHANGELOG.md (1)

23-24: Fix typo: “depenendency” → “dependency”.

Capitalize for consistency.

-- set depenendency versions in Cargo.toml
+- Set dependency versions in Cargo.toml

gpbft/CHANGELOG.md (1)

25-26: Fix typo: “depenendency” → “dependency”.

Capitalize for consistency.

-- set depenendency versions in Cargo.toml
+- Set dependency versions in Cargo.toml

.github/workflows/release-plz.yml (2)

30-39: Optional: add concurrency to the release job as well.

Prevents overlapping runs on rapid pushes to main.

   release-plz-release:
     name: Release-plz release
     runs-on: ubuntu-latest
+    concurrency:
+      group: release-plz-release-${{ github.ref }}
+      cancel-in-progress: false

---

18-18: Update GH Actions to latest stable tags
In .github/workflows/release-plz.yml, use actions/checkout@v5.0.0 and release-plz/action@v0.5.117 (latest stable tags).

merkle/CHANGELOG.md (1)

14-15: Fix typo: “depenendency” → “dependency”.

Capitalize for consistency.

-- set depenendency versions in Cargo.toml
+- Set dependency versions in Cargo.toml

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4470702 and b3fad2c.

📒 Files selected for processing (13)

• .github/workflows/release-plz.yml (1 hunks)
• blssig/CHANGELOG.md (1 hunks)
• blssig/Cargo.toml (2 hunks)
• certs/CHANGELOG.md (1 hunks)
• certs/Cargo.toml (2 hunks)
• gpbft/CHANGELOG.md (1 hunks)
• gpbft/Cargo.toml (2 hunks)
• lightclient/CHANGELOG.md (1 hunks)
• lightclient/Cargo.toml (1 hunks)
• merkle/CHANGELOG.md (1 hunks)
• merkle/Cargo.toml (1 hunks)
• rpc/CHANGELOG.md (1 hunks)
• rpc/Cargo.toml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/release-plz.yml

41-41: element of "steps" section is alias node but mapping node is expected

(syntax-check)

---

41-41: step must run script with "run" section or run action with "uses" section

(syntax-check)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: All lint checks

🔇 Additional comments (13)

blssig/CHANGELOG.md (2)

15-15: Confirm scope: is light client change relevant to blssig crate’s changelog?

If the light client functionality lives in a different crate, keep crate-specific entries here and ensure cross-crate notes are placed appropriately.

---

10-10: Verify release tag format matches release-plz config
Found release-plz workflow at .github/workflows/release-plz.yml but no release-plz config file detected; confirm the tag "filecoin-f3-blssig-v0.1.0" referenced in blssig/CHANGELOG.md (line 10) matches your release-plz tag template or add an explicit tag template (e.g., .release-plz.yml) to avoid broken links.

lightclient/CHANGELOG.md (1)

10-10: Changelog link is correct — tag = filecoin-f3-lightclient-v0.1.0

lightclient/Cargo.toml has name = "filecoin-f3-lightclient" and no tag-format override in .github/workflows/release-plz.yml; the changelog link matches package-name-vX.Y.Z.

merkle/Cargo.toml (1)

4-4: LGTM: clear, concise description.

rpc/Cargo.toml (2)

4-4: Good description; reads well for crates.io.

---

12-12: Verify path+version pins match the actual crate versions before publishing.

Confirm rpc/Cargo.toml:12 (filecoin-f3-gpbft = { path = "../gpbft", version = "0.1.0" }) matches ../gpbft/Cargo.toml's version (Cargo requires path+version to be identical). Automated verification failed to run here; manually verify or run the provided check script.

blssig/Cargo.toml (2)

4-4: LGTM: description added.

---

15-15: Verify path+version pins match actual crate versions.

Same check as for rpc/Cargo.toml to prevent publish failures.

Reuse the version verification script provided in rpc/Cargo.toml comment.

gpbft/Cargo.toml (1)

4-4: Good package description.

Clear and aligned with the crate’s purpose.

lightclient/Cargo.toml (2)

4-4: Nice, descriptive summary.

Helpful for crates.io metadata.

---

11-14: Explicit versions on internal path deps: LGTM.

Consistent with the release setup and other manifests.

certs/Cargo.toml (2)

4-4: Description added: LGTM.

---

14-14: Dependency pinning matches the workspace pattern.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/release-plz.yml (3)

18-21: Use a valid, stable checkout version (v4) instead of v5.

actions/checkout@v5 may not exist; prefer @v4 (or pin to a commit SHA). Keeps both steps consistent with the change suggested below.

Apply this diff:

-        uses: actions/checkout@v5
+        uses: actions/checkout@v4

Please confirm whether v5 exists in your environment; if not, this change is required for the workflow to run.

---

37-39: Consider enabling cancel-in-progress for PR job concurrency.

When multiple pushes happen quickly, canceling in-flight runs reduces noise and stale PR updates.

Apply this diff:

-      cancel-in-progress: false
+      cancel-in-progress: true

---

1-7: Set top‑level default permissions to read‑only.

Harden the workflow by defaulting to read, then elevating per job (you already do per‑job).

Apply this diff:

 name: Release-plz

 on:
   push:
     branches:
       - main
+
+permissions:
+  contents: read

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 879dfd1 and 66f7a1f.

📒 Files selected for processing (1)

• .github/workflows/release-plz.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/release-plz.yml

41-41: unexpected key "<<" for "step" section. expected one of "continue-on-error", "env", "id", "if", "name", "run", "shell", "timeout-minutes", "uses", "with", "working-directory"

(syntax-check)

---

41-41: step must run script with "run" section or run action with "uses" section

(syntax-check)

🔇 Additional comments (2)

.github/workflows/release-plz.yml (2)

41-41: Fix actionlint error: merge key << is invalid in a step; inline the checkout step.

actionlint flags “unexpected key '<<' for 'step' section”. Replace the alias/merge usage with a full step mapping.

Apply this diff:

-      - <<: *checkout
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false

---

23-28: No change required — release-plz/action@v0.5 is current (latest v0.5.117)
Latest release: v0.5.117 (2025-09-13).