ci: include Cargo.toml in publish version bump commit

[carlos-alm]

Summary

• The publish workflow runs sync-native-versions.js which updates crates/codegraph-core/Cargo.toml with the release version, but the version bump commit only staged package.json, package-lock.json, CHANGELOG.md, and DEPENDENCIES.json
• This left Cargo.toml out of the commit, causing the native engine version to drift from the npm version after each release
• This is the root cause of fix: bump native engine version to 3.0.0 #310 — the Cargo.toml version had to be manually bumped from 2.6.0 to 3.0.0

Adds crates/codegraph-core/Cargo.toml to both the git diff check and git add in the "Push version bump via PR" step.

Test plan

• Next stable release: verify the version bump PR includes Cargo.toml changes
• Verify codegraph info reports matching native/npm versions after release

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review: Include Cargo.toml in Version Bump Commit

Todo List:

• Phase 1: Root cause analysis
• Phase 2: Configuration change detection
• Phase 3: Test integrity assessment
• Phase 4: Code quality review
• Final assessment and recommendation

Root Cause Analysis

Problem Being Solved: The publish workflow runs sync-native-versions.js which updates crates/codegraph-core/Cargo.toml with the release version, but the version bump commit only staged package.json, package-lock.json, CHANGELOG.md, and DEPENDENCIES.json. This left Cargo.toml out of the commit, causing native engine version drift from npm version after each release.

Why This Approach: This is a legitimate fix addressing a real synchronization issue. The sync-native-versions.js script (lines 29-39) explicitly updates Cargo.toml version to match package.json, but the git workflow wasn't including this file in commits.

Risk Assessment: ✅ LOW RISK - This is a proper fix, not symptom hiding.

Configuration Change Detection

The workflow file modification adds crates/codegraph-core/Cargo.toml to both:

1. Line 435: git diff --quiet check to detect version bump changes
2. Line 438: git add -f to stage the file for commit

This is a legitimate workflow improvement that ensures all version-synchronized files are committed together. No concerning rule relaxations or threshold lowering detected.

Test Integrity Assessment

✅ No test modifications - This PR only touches workflow configuration
✅ No assertion weakening - No test files changed
✅ Clear scope - Single focused change to fix version drift

Code Quality Review

Strengths:

• ✅ Surgical precision: Only 2 lines changed, exactly what's needed
• ✅ Consistent pattern: Adds Cargo.toml to both the diff check and git add commands
• ✅ Matches script behavior: Aligns with what sync-native-versions.js actually does
• ✅ Clear intent: The change directly addresses the described problem

Analysis:

• The sync-native-versions.js script clearly shows it updates Cargo.toml (lines 29-39)
• The workflow was missing this file from version bump commits, creating version drift
• The fix ensures all version-synchronized files are committed atomically

No issues found - This is a clean, targeted fix.

Final Assessment

## Root Cause Analysis  
**Problem Being Solved**: Native engine Cargo.toml version drifting from npm package version after releases
**Why This Approach**: Fixes missing file in version bump commits - sync script updates it but workflow didn't commit it  
**Risk Assessment**: Low risk - legitimate bug fix, not symptom hiding

## Critical Concerns
None identified. This is a clean fix addressing a real synchronization issue.

## Final Recommendation
- Rating: ⭐⭐⭐⭐☆ (4/5)
- Action: APPROVE  
- Reasoning: Precise surgical fix that addresses root cause of version drift between npm and native engine. Changes are minimal, targeted, and solve a real problem without introducing risk.

Minor suggestion for future robustness: Consider adding a CI check that verifies package.json and Cargo.toml versions match to prevent this type of drift from recurring.

[greptile-apps]

Greptile Summary

Fixed CI/CD bug where crates/codegraph-core/Cargo.toml was modified by sync-native-versions.js during release but not included in the version bump commit, causing native engine version to drift from npm version after each release.

• Added Cargo.toml to both the git diff --quiet check (line 435) and git add -f command (line 438) in the "Push version bump via PR" step
• This ensures the native Rust engine version stays synchronized with the npm package version
• Directly addresses the root cause of issue fix: bump native engine version to 3.0.0 #310

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Simple, focused fix that correctly addresses a clear CI/CD bug. The change is minimal (2 lines), logically sound, and directly corresponds to what sync-native-versions.js modifies. No potential side effects or edge cases.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/publish.yml	Added crates/codegraph-core/Cargo.toml to version bump commit staging to prevent version drift between npm and native engine

_{Last reviewed commit: 76b12d9}