ci: support for nightly builds

[yuvrajjsingh0]

Problem

Daily nightly builds to automate deployments

Solution

1. Added scheduled nightly in nightly_release.yaml (30 11 * * * UTC = 5:00 PM IST).
2. Nightly now computes version as 0.x.y-nightly-.
3. Detects changes since last nightly/stable marker.
4. Skips build if no new merges.
5. Centralized shared logic into reusable workflows:
6. Docker: docker_images_common.yaml
7. Language + artifacts: language_artifacts_common.yaml
8. Both stable and nightly call these shared workflows with mode-specific inputs (latest vs nightly, publish toggles, release tag).
9. For Python nightly publishing, mapped version to PEP 440 format (0.x.y.dev) while keeping nightly release/tag format unchanged elsewhere.

Environment variable changes

Pre-deployment activity

Post-deployment activity

API changes

Endpoint	Method	Request body	Response Body

Possible Issues in the future

Describe any possible issues that could occur because of this change

Summary by CodeRabbit

• Chores
  • Improved release automation with new reusable GitHub Actions workflows for building and publishing Docker images across multiple architectures and generating language-specific artifacts consistently.
  • Streamlined stable release workflow to leverage shared build pipelines for Docker images and language packages.
  • Added automated nightly release process with daily builds and version management.

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
.github/workflows/release.yaml	2% smaller
.github/workflows/docker_images_common.yaml	0% smaller
.github/workflows/language_artifacts_common.yaml	0% smaller
.github/workflows/nightly_release.yaml	0% smaller

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e867eb88-ef97-45f5-a5c6-2784dc82595b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Introduces reusable GitHub Actions workflows for building Docker images and language artifacts (Java, Python, JavaScript, Rust), adds a nightly release automation workflow with git tag-based versioning, and refactors the release workflow to delegate to these reusable components instead of duplicating build logic inline.

Changes

Cohort / File(s)	Summary
Reusable Docker Workflow \.github/workflows/docker_images_common.yaml	Builds and publishes multi-architecture (amd64, arm64) Docker images to GHCR with separate production and demo pipelines; creates and pushes multi-arch manifests for versioned and aliased tags.
Reusable Language Artifacts Workflow \.github/workflows/language_artifacts_common.yaml	Orchestrates Rust binary builds (cross-platform matrix: Linux, macOS Intel/Silicon, Windows), Java packages via Gradle, Python wheels via uv, JavaScript packages via npm workspaces, and Rust crates publishing, with granular conditional build/publish flags and optional GitHub Release creation.
Release Automation Workflows \.github/workflows/nightly_release.yaml, \.github/workflows/release.yaml	Adds nightly release workflow with computed semantic versions, git tag markers, and merged-commit detection on main; refactors release workflow to call reusable Docker and language artifact workflows instead of inlining job definitions (+27/\-555).

Sequence Diagram(s)

sequenceDiagram
    participant GHA as GitHub Actions
    participant RustBld as generate-rust-binary
    participant JavaBld as generate-java-packages
    participant PyBld as generate-python-packages
    participant JSBld as generate-js-packages
    participant CarBld as generate-rust-packages
    participant RelBld as release
    participant Artifact as Artifact Store
    
    GHA->>RustBld: Start (matrix: Linux/macOS/Windows)
    RustBld->>Artifact: Upload platform zips
    Artifact->>JavaBld: Await Rust artifacts
    Artifact->>PyBld: Await Rust artifacts
    Artifact->>JSBld: Await Rust artifacts
    Artifact->>CarBld: Await Rust artifacts
    
    JavaBld->>JavaBld: Extract libs, Gradle publish
    PyBld->>PyBld: Extract libs, uv build wheels, twine upload
    JSBld->>JSBld: Extract libs, npm publish
    CarBld->>CarBld: Set versions, cargo publish
    
    JavaBld->>Artifact: Complete
    PyBld->>Artifact: Complete
    JSBld->>Artifact: Complete
    CarBld->>Artifact: Complete
    
    Artifact->>RelBld: All artifacts ready
    RelBld->>RelBld: Download artifacts, create GitHub Release

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Poem

🐰 Workflows once scattered, now unified and neat,
Reusable pipelines make the release complete,
Nightly and stable, Docker and code so fine,
Languages dancing in harmony—what a design! 🎯

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: support for nightly builds' directly and accurately summarizes the main change: adding support for nightly CI builds through new scheduled workflows and shared CI logic.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch nightly-builds

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds CI support for automated nightly releases and refactors stable/nightly release pipelines to reuse shared build/publish logic across Docker images and language artifacts.

Changes:

• Introduces a scheduled nightly_release.yaml workflow that tags and publishes nightly builds only when there are new commits since the last nightly/stable marker.
• Refactors stable release workflow to call new reusable workflows for Docker images and language artifacts publishing.
• Adds reusable workflows docker_images_common.yaml and language_artifacts_common.yaml to centralize shared release logic.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File	Description
.github/workflows/release.yaml	Stable release now delegates docker/language publishing to reusable workflows.
.github/workflows/nightly_release.yaml	New scheduled nightly workflow that computes version, tags, detects changes, and triggers publishing.
.github/workflows/docker_images_common.yaml	New reusable workflow to build/push multi-arch Docker + demo images and manifests.
.github/workflows/language_artifacts_common.yaml	New reusable workflow to build rust binaries, publish language packages, and draft GitHub releases.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (4)

.github/workflows/docker_images_common.yaml (1)

30-34: Unnecessary deep checkout in multiple jobs.

fetch-depth: 0 fetches the entire git history, which is unnecessary for Docker builds and manifest creation. The create-manifest and create-demo-manifest jobs don't need any checkout at all since they only run docker buildx imagetools commands.

♻️ Suggested simplifications

For build jobs, use shallow checkout:

 - name: Checkout repository
   uses: actions/checkout@v4
-  with:
-      fetch-depth: 0
-      token: ${{ secrets.SUPERPOSITION_TOKEN }}

For manifest jobs, remove checkout entirely since no repo files are needed.

Also applies to: 60-64, 100-104, 131-135

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/docker_images_common.yaml around lines 30 - 34, The
workflow currently does a full git history checkout via actions/checkout@v4 with
fetch-depth: 0; change build-related checkouts to a shallow clone by setting
fetch-depth: 1 (replace fetch-depth: 0) for the jobs that actually need the
repo, and remove the entire checkout step from the manifest-only jobs
(create-manifest and create-demo-manifest) since they only run docker buildx
imagetools commands and do not require repository files; update all instances
flagged (lines around the other checkouts) accordingly.

.github/workflows/release.yaml (1)

97-97: Redundant if conditions on dependent jobs.

Both build-docker-images and build-language-artifacts have if: github.ref == 'refs/heads/main', but they depend on tag-release which already has this same condition. If tag-release is skipped, these jobs won't run anyway due to the needs dependency.

♻️ Remove redundant conditions

 build-docker-images:
     needs: tag-release
-    if: github.ref == 'refs/heads/main'
     uses: ./.github/workflows/docker_images_common.yaml

 build-language-artifacts:
     needs: tag-release
-    if: github.ref == 'refs/heads/main'
     uses: ./.github/workflows/language_artifacts_common.yaml

Also applies to: 106-106

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yaml at line 97, The jobs 'build-docker-images'
and 'build-language-artifacts' include redundant "if: github.ref ==
'refs/heads/main'" conditions; remove those if lines so they rely on the
existing dependency on the 'tag-release' job (which already has that condition)
and the 'needs' behavior to skip when appropriate—search for the job blocks
named build-docker-images and build-language-artifacts and delete their if:
github.ref == 'refs/heads/main' entries (also remove the duplicate at the other
occurrence mentioned).

.github/workflows/nightly_release.yaml (2)

42-44: Tag sorting by -creatordate may produce incorrect semantic version order.

Using --sort=-creatordate sorts by tag creation time, not semantic version. If tags are created out of order (e.g., backporting a fix to an older version), this could select the wrong "latest" tag. For example, if v0.9.1 is tagged after v0.10.0, the former would be selected.

Consider using --sort=-version:refname for proper semantic version sorting:

♻️ Suggested fix

-latest_release_tag="$(git tag -l --sort=-creatordate | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+(-nightly-[0-9]+)?$' | head -n 1 || true)"
-latest_stable_tag="$(git tag -l --sort=-creatordate | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1 || true)"
-latest_nightly_tag="$(git tag -l --sort=-creatordate | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+-nightly-[0-9]+$' | head -n 1 || true)"
+latest_release_tag="$(git tag -l --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+(-nightly-[0-9]+)?$' | head -n 1 || true)"
+latest_stable_tag="$(git tag -l --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1 || true)"
+latest_nightly_tag="$(git tag -l --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+-nightly-[0-9]+$' | head -n 1 || true)"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/nightly_release.yaml around lines 42 - 44, The current tag
queries use --sort=-creatordate which orders by creation time and can pick the
wrong semantic "latest" tag; update the three commands that set
latest_release_tag, latest_stable_tag, and latest_nightly_tag to use
--sort=-version:refname instead of --sort=-creatordate (keeping the existing
grep patterns for the version and nightly regexes) so tags are selected by
semantic version order.

---

100-107: Misleading variable name: merged_pr_count counts commits, not PRs.

git rev-list --count --first-parent counts commits on the first-parent path (i.e., merge commits and direct commits to main), not the number of merged pull requests. A single PR merge is one commit, but direct pushes are also counted.

Consider renaming for clarity:

-merged_pr_count="$(git rev-list --count --first-parent "$range")"
+commit_count="$(git rev-list --count --first-parent "$range")"
 should_build="false"
-if [[ "$merged_pr_count" -gt 0 ]]; then
+if [[ "$commit_count" -gt 0 ]]; then
     should_build="true"
 fi

-echo "merged_pr_count=$merged_pr_count" >> "$GITHUB_OUTPUT"
+echo "commit_count=$commit_count" >> "$GITHUB_OUTPUT"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/nightly_release.yaml around lines 100 - 107, The variable
merged_pr_count is misleading because git rev-list --count --first-parent
returns commits, not PRs; rename it (e.g., commit_count or merged_commit_count)
everywhere it appears and update the echo outputs and any downstream usage
(references: merged_pr_count, should_build, and the git command invocation git
rev-list --count --first-parent "$range") so the name accurately reflects that
you're counting commits rather than merged PRs; leave the logic (setting
should_build based on >0) intact but use the new variable name consistently.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/docker_images_common.yaml:
- Around line 83-84: The demo job docker-demo-build currently always uses the
image tag "latest" from the example.Dockerfile and can pull a stale base; update
docker-demo-build (which depends on create-manifest) to pass a build-arg that
sets the base tag to the manifest alias (e.g., alias_tag/nightly) when building
the demo image, and change example.Dockerfile to accept ARG BASE_TAG and use
FROM ghcr.io/juspay/superposition:${BASE_TAG} as runtime so the demo build pulls
the newly published production image; reference the create-manifest job output
(needs.create-manifest.outputs.alias_tag) as the value for BASE_TAG when
invoking the docker build in docker-demo-build.

In @.github/workflows/language_artifacts_common.yaml:
- Around line 65-123: The generate-rust-binary job is missing an explicit
permissions block; add a minimal permissions stanza at the job level (for
example, set permissions.contents: read) so the job declares only the
least-privilege access it needs; update the job definition named
generate-rust-binary to include this permissions block immediately under the job
key (near strategy/runs-on) to satisfy CodeQL/static policy and follow security
best practices.
- Around line 354-359: The workflow step using the dtolnay/rust-toolchain action
(the step named "Install Rust" with uses: dtolnay/rust-toolchain@master)
incorrectly lists "cargo" in the components list; remove "cargo" from the
components array so only valid components (e.g., rustfmt, clippy) are specified,
leaving toolchain and targets as-is.
- Around line 378-386: The publish steps run back-to-back causing registry index
propagation failures; insert 30-second pauses between each cargo publish
invocation so dependent crates have time to appear. Update the workflow block
containing the cargo publish commands (the lines with "cargo publish --package
superposition_derives", "superposition_sdk", "superposition_types",
"superposition_core", "superposition_provider") to run a sleep 30 (or similar
delay) after each publish command except the last, ensuring each crate publish
is followed by a 30s delay before the next publish.

---

Nitpick comments:
In @.github/workflows/docker_images_common.yaml:
- Around line 30-34: The workflow currently does a full git history checkout via
actions/checkout@v4 with fetch-depth: 0; change build-related checkouts to a
shallow clone by setting fetch-depth: 1 (replace fetch-depth: 0) for the jobs
that actually need the repo, and remove the entire checkout step from the
manifest-only jobs (create-manifest and create-demo-manifest) since they only
run docker buildx imagetools commands and do not require repository files;
update all instances flagged (lines around the other checkouts) accordingly.

In @.github/workflows/nightly_release.yaml:
- Around line 42-44: The current tag queries use --sort=-creatordate which
orders by creation time and can pick the wrong semantic "latest" tag; update the
three commands that set latest_release_tag, latest_stable_tag, and
latest_nightly_tag to use --sort=-version:refname instead of --sort=-creatordate
(keeping the existing grep patterns for the version and nightly regexes) so tags
are selected by semantic version order.
- Around line 100-107: The variable merged_pr_count is misleading because git
rev-list --count --first-parent returns commits, not PRs; rename it (e.g.,
commit_count or merged_commit_count) everywhere it appears and update the echo
outputs and any downstream usage (references: merged_pr_count, should_build, and
the git command invocation git rev-list --count --first-parent "$range") so the
name accurately reflects that you're counting commits rather than merged PRs;
leave the logic (setting should_build based on >0) intact but use the new
variable name consistently.

In @.github/workflows/release.yaml:
- Line 97: The jobs 'build-docker-images' and 'build-language-artifacts' include
redundant "if: github.ref == 'refs/heads/main'" conditions; remove those if
lines so they rely on the existing dependency on the 'tag-release' job (which
already has that condition) and the 'needs' behavior to skip when
appropriate—search for the job blocks named build-docker-images and
build-language-artifacts and delete their if: github.ref == 'refs/heads/main'
entries (also remove the duplicate at the other occurrence mentioned).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d2a477bb-fbd6-460f-b174-ee269c193144

📥 Commits

Reviewing files that changed from the base of the PR and between d95129c and eb0dfec.

📒 Files selected for processing (4)

• .github/workflows/docker_images_common.yaml
• .github/workflows/language_artifacts_common.yaml
• .github/workflows/nightly_release.yaml
• .github/workflows/release.yaml