part 4b rel v25.9.1 (#1680)

* allow manual dispatch to allow debug GH actions shit

* Implement unique PR-based summary file naming and git commit to .audit/

- Generate unique summary filename: {repo}-{branch}-{pr}-wstest-summary.md
- Update summary headers with repo/branch/PR info instead of timestamp
- Replace artifact upload with git commit to .audit/ directory
- Only commit if file is new or changed
- This enables reuse in post-summary.yml workflow

* Completely rewrite post-summary.yml workflow for improved reliability

- Use workflow_run trigger instead of pull_request_target for better security
- Add workflow_dispatch for manual testing and debugging
- Extract PR info dynamically from workflow_run event or manual input
- Checkout PR branch directly instead of downloading artifacts
- Check if summary file exists and was changed before commenting
- Use thollander/actions-comment-pull-request for better comment management
- Only comment when summary file is new or updated
- Remove dependency on fine-grained PAT, use standard GITHUB_TOKEN

* Add pull_request_target trigger for proper write permissions

- Add pull_request_target to run in main repo context (required for GITHUB_TOKEN write permissions)
- Keep workflow_run and workflow_dispatch triggers for completeness
- Handle all three trigger types in PR info extraction logic
- This fixes the limitation where forked PRs cannot write comments with standard GITHUB_TOKEN

* Fix YAML syntax error in commit message

- Escape dollar sign in commit message template to prevent YAML parsing issues
- The unescaped variable reference was causing workflow validation to fail

* Fix summary filename to use -- separator instead of directory paths

- Replace '/' in repo name with '--' to create flat filename in .audit/ directory
- Use double dash as separator for clean parsing: user--repo--branch--pr--wstest-summary.md
- This avoids creating subdirectories and fixes the 'No such file or directory' error
- Result: oberstet--autobahn-python--rel_v25.9.1_part4b--1680--wstest-summary.md

* Fix git push from detached HEAD by creating local branch

- Add 'git checkout -b' to create local branch from detached HEAD
- This allows pushing to the PR branch since GitHub Actions checks out in detached HEAD by default
- Fixes 'src refspec does not match any' error when pushing changes

* Switch to artifact-based approach for PR summary comments

wstest.yml:
- Remove git commit/push that was failing due to permissions
- Upload summary file as workflow artifact instead
- Use standard artifact naming: conformance-summary-{TEST_MODE}

post-summary.yml:
- Replace git checkout with artifact download
- Find summary file dynamically in downloaded artifact
- Use artifact file path for PR commenting
- This avoids fork permission issues while maintaining functionality

* add and integrate centralized github identifier components

* update wamp-cicd submodule

* update cicd submodule

* Consolidate GitHub release publishing into centralized release workflow

- Rename post-summary.yml → release.yml to reflect expanded scope
- Add unified publish-github-release job that:
  * Triggers via workflow_run after wheels/wheels-docker complete
  * Downloads artifacts from both workflows using pattern matching
  * Consolidates all artifacts into single release directory
  * Uses release_type and release_name from centralized identifiers
  * Creates ONE unified GitHub release (eliminates duplicate releases)
  * Only runs for nightly and official releases (skips development/PR builds)
- Remove publish-github-releases job from wheels.yml
- Remove publish-github-releases job from wheels-docker.yml

This eliminates the previous pattern where wheels.yml and wheels-docker.yml
each created separate releases (wheels-YYYYMMDD-SHA and wheels-docker-YYYYMMDD-SHA).
Now there is a single unified release per build with all wheels consolidated.

The release workflow uses the centralized .cicd/workflows/identifiers.yml
helper to get consistent release_type and release_name values across all
workflows.

* Fix release workflow: explicit filtering, Jinja2 templates, consolidated PyPI/RTD publishing

1. Use explicit positive filtering for release types
   - Changed from 'release_type != development' to explicit positive list
   - publish-github-release: filters for 'nightly' or 'release'
   - publish-pypi-release: filters for 'release' only
   - Safer and more maintainable than negative filtering

2. Replace bash heredoc templates with separate Jinja2 templates
   - Created .github/templates/release-nightly.md.j2
   - Created .github/templates/release-official.md.j2
   - Eliminates bash escaping hell and double YAML embedding issues
   - Template variables: release_name, commit_sha, build_date, wheel_count, sdist_count
   - Install jinja2-cli and render templates in workflow
   - Use --notes-file with rendered markdown for gh release create

3. Add consolidated PyPI and RTD publishing job
   - New publish-pypi-release job in release.yml
   - Consolidates publish-pypi from wheels.yml and wheels-docker.yml
   - Consolidates publish-rtd from wheels.yml
   - Filters for release_type == 'release' (official releases only)
   - Downloads wheels from both wheel workflows
   - Publishes to PyPI using trusted publishing
   - Triggers RTD documentation build
   - Remove redundant publish-pypi/publish-rtd jobs from wheels.yml
   - Remove redundant publish-pypi job from wheels-docker.yml

All release publishing (GitHub Releases, PyPI, RTD) is now centralized
in the release.yml workflow with proper filtering and template separation.

* update submodule

* Rename release types and jobs for consistency: release -> stable

1. Rename template file for consistency
   - release-official.md.j2 -> release-stable.md.j2
   - Matches the release_type naming convention

2. Update release_type references throughout release.yml
   - Changed 'release' -> 'stable' in all filter conditions
   - Changed 'release' -> 'stable' in template selection logic
   - Changed 'release' -> 'stable' in release title logic
   - Aligns with updated identifiers.yml that uses 'stable' for tagged releases

3. Rename jobs for maximum consistency
   - publish-github-release -> release-nightly
   - publish-pypi-release -> release-stable
   - post-pr-summary -> release-development

This creates perfect symmetry across the release system:
- Release types: development, nightly, stable
- Job names: release-development, release-nightly, release-stable
- Templates: release-nightly.md.j2, release-stable.md.j2

All naming now consistently reflects the three-tier release strategy:
- development: PR builds with conformance testing summaries
- nightly: Automated nightly builds from master branch
- stable: Official tagged releases published to PyPI and RTD

* Add development release template and replace third-party action with native GitHub CLI

1. Create release-development.md.j2 template
   - Completes the template trio: development, nightly, stable
   - Provides structured PR comment with build information
   - Includes PR details, build info, workflow links, wstest summary
   - Variables: pr_number, pr_repo, pr_branch, base_repo, base_branch,
     commit_sha, build_date, workflow_run_url, wheel_count, wstest_summary

2. Update release-development job to use Jinja2 template
   - Add checkout step (needed to access templates)
   - Install jinja2-cli for template rendering
   - Collect all template variables from PR context and environment
   - Read wstest summary file content if available
   - Render template with all variables
   - Generate pr-comment.md from template

3. Replace thollander/actions-comment-pull-request with gh pr comment
   - Remove external third-party dependency
   - Use native GitHub CLI (gh) already available in Actions
   - Use --body-file flag with rendered template
   - More secure, robust, and maintainable
   - Simpler implementation

Benefits:
- Perfect template symmetry across all release types
- Eliminates external dependency (thollander action)
- More secure and maintainable using native GitHub CLI
- Consistent Jinja2 templating approach for all release notes
- Clean separation of content (templates) from logic (workflow)

* Fix reusable workflow reference to use remote repository instead of submodule

GitHub Actions parses workflow files BEFORE checking out submodules, so
references to ./.cicd/workflows/identifiers.yml fail with "no version specified".

Solution: Reference the reusable workflow directly from its source repository:
  uses: wamp-proto/wamp-cicd/.github/workflows/identifiers.yml@main

The .cicd submodule is still required at runtime because identifiers.yml
needs to access scripts/sanitize.sh during execution.

Updated all 5 workflows that use the identifiers reusable workflow:
- .github/workflows/main.yml
- .github/workflows/release.yml
- .github/workflows/wheels-docker.yml
- .github/workflows/wheels.yml
- .github/workflows/wstest.yml

Added explanatory comments to clarify why we must use the remote reference
instead of the local submodule path, and why the submodule is still needed.

* Fix reusable workflow path: remove .github from reference

The wamp-cicd repository stores workflows at /workflows/ not /.github/workflows/

Changed:
  uses: wamp-proto/wamp-cicd/.github/workflows/identifiers.yml@main

To:
  uses: wamp-proto/wamp-cicd/workflows/identifiers.yml@main

Updated all 5 workflows:
- .github/workflows/main.yml
- .github/workflows/release.yml
- .github/workflows/wheels-docker.yml
- .github/workflows/wheels.yml
- .github/workflows/wstest.yml

* Bump .cicd submodule to include .github/workflows symlink

* Update workflow references to use .github path (via symlink workaround)

Changed back to:
  uses: wamp-proto/wamp-cicd/.github/workflows/identifiers.yml@main

GitHub Actions requires reusable workflows to be at .github/workflows/ even
for external repos. We added a symlink in wamp-cicd to work around this while
keeping the canonical workflow at workflows/identifiers.yml.

Symlink structure in wamp-cicd:
  .github/workflows/identifiers.yml -> ../../workflows/identifiers.yml

This allows:
- Remote reference via .github/workflows/ (GitHub Actions requirement)
- Local submodule access via workflows/ (actual file location)
- Scripts access to scripts/sanitize.sh from the canonical location

Updated all 5 workflows:
- .github/workflows/main.yml
- .github/workflows/release.yml
- .github/workflows/wheels-docker.yml
- .github/workflows/wheels.yml
- .github/workflows/wstest.yml

* update cicd submodule

Author: oberstet

.cicd

@@ -0,0 +1,31 @@
+# Development Build Summary
+
+## Pull Request Information
+
+- **PR Number**: #{{ pr_number }}
+- **Source Repository**: `{{ pr_repo }}`
+- **Source Branch**: `{{ pr_branch }}`
+- **Target Repository**: `{{ base_repo }}`
+- **Target Branch**: `{{ base_branch }}`
+
+## Build Information
+
+- **Commit**: {{ commit_sha }}
+- **Build Date**: {{ build_date }}
+- **Workflow Run**: [View Details]({{ workflow_run_url }})
+
+## Build Artifacts
+
+The following artifacts were built and are available for testing:
+
+- **Wheels Built**: {{ wheel_count }}
+- **Platforms**: Linux (x86_64), macOS (ARM64), Windows (x86_64)
+- **Python Versions**: CPython 3.11, 3.12, 3.13, 3.14 | PyPy 3.11
+
+## WebSocket Conformance Testing
+
+{{ wstest_summary }}
+
+---
+
+💡 **Download artifacts** from the [workflow run]({{ workflow_run_url }}) for local testing.

.github/templates/release-development.md.j2

@@ -0,0 +1,33 @@
+# Nightly Build {{ release_name }}
+
+Automated nightly build from master branch
+
+## Build Information
+
+- **Commit**: {{ commit_sha }}
+- **Build Date**: {{ build_date }}
+- **Release Type**: nightly
+
+## Included Platforms
+
+- **Linux**: x86_64, ARM64 (manylinux wheels + pure Python fallbacks)
+- **macOS**: Apple Silicon ARM64
+- **Windows**: x86_64
+
+## Python Versions
+
+- **CPython**: 3.11, 3.12, 3.13, 3.14
+- **PyPy**: 3.11
+
+## Installation
+
+Download the appropriate wheel for your platform:
+
+```bash
+pip install <downloaded-wheel-file>
+```
+
+## Artifact Inventory
+
+- **Total Wheels**: {{ wheel_count }}
+- **Source Distributions**: {{ sdist_count }}

.github/templates/release-nightly.md.j2

@@ -0,0 +1,43 @@
+# Release {{ release_name }}
+
+Official release {{ release_name }}
+
+## Included Platforms
+
+- **Linux**: x86_64, ARM64 (manylinux_2_34 wheels with NVX)
+- **macOS**: Apple Silicon ARM64 (binary wheels with NVX)
+- **Windows**: x86_64 (binary wheels with NVX)
+
+## Python Versions
+
+- **CPython**: 3.11, 3.12, 3.13, 3.14
+- **PyPy**: 3.11
+
+## Installation
+
+```bash
+pip install autobahn[all]=={{ release_name }}
+```
+
+Or download wheels directly from this release.
+
+## Build Information
+
+- **Release Date**: {{ build_date }}
+- **Total Wheels**: {{ wheel_count }}
+- **Source Distributions**: {{ sdist_count }}
+
+## Features
+
+Autobahn|Python provides:
+
+- **WebSocket** client and server implementations (RFC 6455)
+- **WAMP** client library for both Twisted and asyncio
+- **NVX acceleration** for high-performance networking (binary wheels)
+- **Pure Python fallback** wheels for maximum compatibility
+
+## Documentation
+
+- [Read the Docs](https://autobahn.readthedocs.io)
+- [GitHub Repository](https://github.com/crossbario/autobahn-python)
+- [WAMP Protocol](https://wamp-proto.org)

.github/templates/release-stable.md.j2

@@ -11,13 +11,32 @@ env:
   UV_CACHE_DIR: ${{ github.workspace }}/.uv-cache
 
 jobs:
+  identifiers:
+    # GitHub needs to know where .cicd/workflows/identifiers.yml lives at parse time,
+    # and submodules aren't included in that context! thus the following does NOT work:
+    # uses: ./.cicd/workflows/identifiers.yml
+    # we MUST reference the remote repo directly:
+    uses: wamp-proto/wamp-cicd/.github/workflows/identifiers.yml@main
+    # IMPORTANT: we still need .cicd as a Git submodule in the using repo though!
+    # because e.g. identifiers.yml wants to access scripts/sanitize.sh !
+
   quality-checks:
     name: Code Quality Checks
+    needs: identifiers
     runs-on: ubuntu-24.04
 
+    env:
+      BASE_REPO: ${{ needs.identifiers.outputs.base_repo }}
+      BASE_BRANCH: ${{ needs.identifiers.outputs.base_branch }}
+      PR_NUMBER: ${{ needs.identifiers.outputs.pr_number }}
+      PR_REPO: ${{ needs.identifiers.outputs.pr_repo }}
+      PR_BRANCH: ${{ needs.identifiers.outputs.pr_branch }}
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Install Just
         env:
@@ -79,11 +98,21 @@ jobs:
 
   documentation:
     name: Documentation Build
+    needs: identifiers
     runs-on: ubuntu-24.04
 
+    env:
+      BASE_REPO: ${{ needs.identifiers.outputs.base_repo }}
+      BASE_BRANCH: ${{ needs.identifiers.outputs.base_branch }}
+      PR_NUMBER: ${{ needs.identifiers.outputs.pr_number }}
+      PR_REPO: ${{ needs.identifiers.outputs.pr_repo }}
+      PR_BRANCH: ${{ needs.identifiers.outputs.pr_branch }}
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Install Just
         env:
@@ -141,7 +170,8 @@ jobs:
   #   steps:
   #     - name: Checkout code
   #       uses: actions/checkout@v4
-
+  #       with:
+  #         submodules: recursive
   #     - name: Install Just
   #       run: |
   #         curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to ~/bin
@@ -192,6 +222,8 @@ jobs:
   #   steps:
   #     - name: Checkout code
   #       uses: actions/checkout@v4
+  #       with:
+  #         submodules: recursive
 
   #     - name: Install Just
   #       run: |
@@ -230,15 +262,25 @@ jobs:
 
   build-schema:
     name: FlatBuffers Schema Build
+    needs: identifiers
     runs-on: ubuntu-24.04
 
+    env:
+      BASE_REPO: ${{ needs.identifiers.outputs.base_repo }}
+      BASE_BRANCH: ${{ needs.identifiers.outputs.base_branch }}
+      PR_NUMBER: ${{ needs.identifiers.outputs.pr_number }}
+      PR_REPO: ${{ needs.identifiers.outputs.pr_repo }}
+      PR_BRANCH: ${{ needs.identifiers.outputs.pr_branch }}
+
     strategy:
       matrix:
         python-env: [cpy314, cpy311, pypy311]
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Install Just
         env:
@@ -348,8 +390,15 @@ jobs:
   build-package:
     name: Package Build
     runs-on: ubuntu-24.04
-    needs: [quality-checks, build-schema]
-    #    needs: [quality-checks, tests, build-schema]
+    needs: [identifiers, quality-checks, build-schema]
+    #    needs: [identifiers, quality-checks, tests, build-schema]
+
+    env:
+      BASE_REPO: ${{ needs.identifiers.outputs.base_repo }}
+      BASE_BRANCH: ${{ needs.identifiers.outputs.base_branch }}
+      PR_NUMBER: ${{ needs.identifiers.outputs.pr_number }}
+      PR_REPO: ${{ needs.identifiers.outputs.pr_repo }}
+      PR_BRANCH: ${{ needs.identifiers.outputs.pr_branch }}
 
     strategy:
       matrix:
@@ -358,6 +407,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
       - name: Install Just
         env: