feat: update version to 0.2.0 and add release configuration files

[twangodev]

Summary by CodeRabbit

• Chores

  • Added automated release workflow to publish releases on pushes to the main branch, streamlining version updates and deployments.

• Version

  • Project version advanced to 0.2.0 and release tooling configured to keep package versions in sync across the repository.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Adds GitHub Actions release workflow and release-please configuration/manifest; bumps the Rust package version from 0.1.0 to 0.2.0.

Changes

Cohort / File(s)	Summary
Release Automation Configuration ​.github/workflows/release.yml, release-please-config.json	Adds a "Release" GitHub Actions workflow triggered on pushes to main that runs googleapis/release-please-action@v4. Adds release-please config for the root package with release-type: "rust" and an extra-files entry sourcing version from packages/typescript/package.json ($.version). Review secret usage and JSONPath correctness.
Version Management .release-please-manifest.json, Cargo.toml	Adds a release manifest mapping . → 0.2.0 and updates Cargo.toml package version from 0.1.0 to 0.2.0. Verify consistency with other package/version sources.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub
    participant Runner as Actions Runner
    participant RP as release-please-action
    participant Repo as Repository (manifest/Cargo)

    Dev->>GH: push to main
    GH->>Runner: trigger "Release" workflow
    Runner->>RP: run googleapis/release-please-action (token, config, manifest)
    RP->>Repo: read `release-please-config.json` and `.release-please-manifest.json`
    RP->>Repo: read extra-file `packages/typescript/package.json` ($.version)
    RP->>GH: create/update release PR or tag (via token)
    GH->>Repo: persist changes (manifest/Cargo) or open PR

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped to bump a tiny crate,
Pushed a workflow, set the date,
release-please hums, tokens in hand,
Manifests, versions all in band.
A merry rabbit seals the crate! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: version bump to 0.2.0 and addition of release configuration files (.github/workflows/release.yml, release-please-config.json, .release-please-manifest.json).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/release-please

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
rust	21.85% <ø> (ø)
typescript	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR sets up automated release management using Google's release-please action, bumping the project version from 0.1.0 to 0.2.0 across both the Rust crate and TypeScript SDK.

Changes:

• Updated version to 0.2.0 in Cargo.toml, Cargo.lock, and verified consistency with packages/typescript/package.json
• Added release-please configuration files to enable automated release PR generation and version management
• Created a GitHub Actions workflow that will automatically manage releases on pushes to main branch

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
Cargo.toml	Updated version from 0.1.0 to 0.2.0
Cargo.lock	Updated version from 0.1.0 to 0.2.0 (lockfile sync)
release-please-config.json	Configured release-please for Rust release type with TypeScript package version syncing
.release-please-manifest.json	Set initial version tracking at 0.2.0
.github/workflows/release.yml	Added automated release workflow (missing required checkout step)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (4)

.github/workflows/release.yml (2)

15-18: Missing token input — GITHUB_TOKEN prevents downstream workflow triggers.

Without an explicit token, the action uses the built-in GITHUB_TOKEN. GitHub intentionally prevents events (push, release) generated by GITHUB_TOKEN from triggering further workflow runs to avoid recursive loops. The official documentation demonstrates using a PAT configured as a repository secret (e.g. MY_RELEASE_PLEASE_TOKEN) as the token input. If you have — or plan to add — a CI/build/publish workflow triggered by on: push to main or on: release, it will not fire on release-please's automated commits/tags without a PAT.

💡 Suggested fix

       - uses: googleapis/release-please-action@v4
         with:
+          token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
           config-file: release-please-config.json
           manifest-file: .release-please-manifest.json

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 15 - 18, The release-please
action invocation (googleapis/release-please-action@v4) is missing the token
input so it falls back to GITHUB_TOKEN and prevents downstream workflows from
being triggered; update the action block to include a token input that
references a repository secret containing a GitHub PAT (for example token: ${{
secrets.MY_RELEASE_PLEASE_TOKEN }}) and ensure that the secret holds a PAT with
repo permissions so automated commits/tags from release-please can trigger
subsequent push/release workflows.

---

15-15: Pin the action to a commit SHA instead of the mutable @v4 tag.

The @v4 tag is mutable — it can be force-pushed to point to a different (potentially malicious) commit. Pinning to the full commit SHA of a specific release is the standard supply-chain hardening approach for third-party Actions.

🔒 Example

-      - uses: googleapis/release-please-action@v4
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 15, Replace the mutable tag reference
"googleapis/release-please-action@v4" with a pinned full commit SHA for the
googleapis/release-please-action action; locate the workflow step using the
string "googleapis/release-please-action@v4" and update it to the specific
commit SHA for the desired release to ensure the action is immutable and
supply‑chain hardened.

release-please-config.json (2)

1-15: Consider adding bootstrap-sha to anchor the initial release scan.

Without bootstrap-sha, release-please scans up to the last 250 commits to build the first changelog. You can add a top-level "bootstrap-sha": <full sha value> key/value entry to the config, which will cause release-please to stop there for collecting changelog commits. Without it, the first release PR may include an unexpectedly large changelog from prior work.

💡 Suggested addition

 {
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "bootstrap-sha": "<SHA of the commit just before the first commit to include>",
   "packages": {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@release-please-config.json` around lines 1 - 15, Add a top-level
"bootstrap-sha" entry to the release-please configuration to anchor the initial
changelog scan; update the JSON in release-please-config.json by adding a
"bootstrap-sha": "<full commit SHA>" property at the root so release-please
stops collecting commits before that SHA when building the first release PR,
preventing an unexpectedly large changelog.

---

2-2: $schema URL is pinned to the mutable main branch.

The $schema reference resolves live from the main branch, so schema changes upstream can silently alter IDE validation. Pinning to a tagged release URL is more stable (e.g., https://raw.githubusercontent.com/googleapis/release-please/v16.x.x/schemas/config.json). This only affects local editor tooling, not the action's runtime behaviour.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@release-please-config.json` at line 2, The $schema entry currently points to
the mutable "main" branch; update the "$schema" value to a version-pinned raw
URL (for example replace "main" with a release tag such as "v16.x.x") so the
schema used by IDEs is stable—locate the "$schema" key in
release-please-config.json and change the URL to the tagged release URL (e.g.,
https://raw.githubusercontent.com/googleapis/release-please/v16.x.x/schemas/config.json).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 15-18: The release-please action invocation
(googleapis/release-please-action@v4) is missing the token input so it falls
back to GITHUB_TOKEN and prevents downstream workflows from being triggered;
update the action block to include a token input that references a repository
secret containing a GitHub PAT (for example token: ${{
secrets.MY_RELEASE_PLEASE_TOKEN }}) and ensure that the secret holds a PAT with
repo permissions so automated commits/tags from release-please can trigger
subsequent push/release workflows.
- Line 15: Replace the mutable tag reference
"googleapis/release-please-action@v4" with a pinned full commit SHA for the
googleapis/release-please-action action; locate the workflow step using the
string "googleapis/release-please-action@v4" and update it to the specific
commit SHA for the desired release to ensure the action is immutable and
supply‑chain hardened.

In `@release-please-config.json`:
- Around line 1-15: Add a top-level "bootstrap-sha" entry to the release-please
configuration to anchor the initial changelog scan; update the JSON in
release-please-config.json by adding a "bootstrap-sha": "<full commit SHA>"
property at the root so release-please stops collecting commits before that SHA
when building the first release PR, preventing an unexpectedly large changelog.
- Line 2: The $schema entry currently points to the mutable "main" branch;
update the "$schema" value to a version-pinned raw URL (for example replace
"main" with a release tag such as "v16.x.x") so the schema used by IDEs is
stable—locate the "$schema" key in release-please-config.json and change the URL
to the tagged release URL (e.g.,
https://raw.githubusercontent.com/googleapis/release-please/v16.x.x/schemas/config.json).