build: v2.8.2

[jasoneri]

Description

Related Issues

Checklist:

• Have you checked to ensure there aren't other open Pull Requests for the same update/change?
• Have you linted your code locally prior to submission?
• Have you successfully ran app with your changes locally?

Summary by Sourcery

Bump the project to version v2.8.2 and wire up automated release and PyPI publishing workflows.

Bug Fixes:

• Document that v2.8.2 is published via PyPI after fixing issues with tag-based release packages.

Enhancements:

• Update documentation and changelog to reflect the v2.8.2 release and reference shared fix notes from v2.8.1.

Build:

• Increment the package version to 2.8.2 in project metadata and internal version constants.

CI:

• Add a GitHub Actions workflow to build tagged releases, generate release notes, and upload preset archives.
• Add a GitHub Actions workflow to build and publish the package to PyPI on version tags.

[sourcery-ai]

Reviewer's Guide

Bumps the project to version v2.8.2, updates docs/release notes accordingly, and introduces GitHub Actions workflows to build GitHub releases and publish the package to PyPI on tagged pushes.

Sequence diagram for release workflow on tagged push

sequenceDiagram
  actor Developer
  participant GitHubRepo
  participant ReleaseWorkflow
  participant PresetReleaseRepo
  participant ReleaseNotes
  participant GitHubReleases

  Developer->>GitHubRepo: Push tag v2.8.2
  GitHubRepo-->>ReleaseWorkflow: Trigger on tag v*.*.*

  ReleaseWorkflow->>ReleaseWorkflow: Checkout code
  ReleaseWorkflow->>PresetReleaseRepo: Download CGS-macOS_preset.7z
  ReleaseWorkflow->>PresetReleaseRepo: Download CGS_preset.7z

  ReleaseWorkflow->>ReleaseWorkflow: Read docs/_github/release_notes.md
  ReleaseWorkflow->>ReleaseWorkflow: Detect tag name
  alt Tag name contains beta
    ReleaseWorkflow->>ReleaseWorkflow: Read preset_preview.md
    ReleaseWorkflow->>ReleaseWorkflow: Set is_beta = true
  else Stable tag
    ReleaseWorkflow->>ReleaseWorkflow: Read preset_stable.md
    ReleaseWorkflow->>ReleaseWorkflow: Set is_beta = false
  end

  ReleaseWorkflow->>ReleaseNotes: Write full_body.md
  ReleaseWorkflow->>GitHubReleases: Create release with assets and notes

Loading

Sequence diagram for PyPI publish workflow on tagged push

sequenceDiagram
  actor Developer
  participant GitHubRepo
  participant PyPIWorkflow
  participant UvTool
  participant PyPIRegistry

  Developer->>GitHubRepo: Push tag v2.8.2
  GitHubRepo-->>PyPIWorkflow: Trigger on tag v*.*.*

  PyPIWorkflow->>PyPIWorkflow: Checkout code
  PyPIWorkflow->>UvTool: Install uv
  PyPIWorkflow->>UvTool: Build package (uv build)
  PyPIWorkflow->>UvTool: Publish package (uv publish)
  UvTool->>PyPIRegistry: Upload distribution artifacts

Loading

File-Level Changes

Change	Details	Files
Update project and documentation versioning from 2.8.1 to 2.8.2 and adjust release notes.	Change displayed docs site version string from v2.8.1 to v2.8.2. Update Python project version metadata from 2.8.1 to 2.8.2. Update the application runtime version constant from v2.8.1 to v2.8.2. Revise GitHub release notes markdown to reference v2.8.1 changelog and explain 2.8.2 PyPI release. Mark v2.8.1 as struck-through in changelog history and show v2.8.2 as the active version.	docs/.vitepress/config.ts pyproject.toml variables/__init__.py docs/_github/release_notes.md docs/changelog/history.md
Add GitHub Actions workflow to build and publish GitHub releases with composed release notes and preset archives on new tags.	Trigger on pushed version tags and manual workflow dispatch. Run build job in python:3.12 container with a mounted /build volume. Download platform-specific preset archives into the build volume. Compose release notes by combining base release_notes.md with either beta or stable preset notes depending on tag name; expose beta flag via outputs. Create a GitHub release with tag/name from ref, prerelease flag driven by beta detection, body from composed markdown file, and uploaded preset archives as assets.	.github/workflows/release.yml
Add GitHub Actions workflow to build and publish the package to PyPI using uv on new version tags.	Trigger on pushed version tags. Check out repository with shallow history. Install uv via astral-sh/setup-uv action without caching. Build the Python package using uv build. Publish the built package to PyPI using uv publish, leveraging OIDC via id-token permissions.	.github/workflows/pypi.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 3 issues, and left some high level feedback:

• In the Compose Release Notes step, echo "$base\n$extra" > /build/full_body.md will write a literal \n rather than a newline; use printf '%s %s ' "$base" "$extra" > /build/full_body.md to correctly concatenate the files.
• The Release workflow declares pull-requests: write permission but never interacts with PRs; consider dropping this permission to keep the token as narrow as possible.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In the `Compose Release Notes` step, `echo "$base\n$extra" > /build/full_body.md` will write a literal `\n` rather than a newline; use `printf '%s
%s
' "$base" "$extra" > /build/full_body.md` to correctly concatenate the files.
- The `Release` workflow declares `pull-requests: write` permission but never interacts with PRs; consider dropping this permission to keep the token as narrow as possible.

## Individual Comments

### Comment 1
<location> `.github/workflows/release.yml:50` </location>
<code_context>
+            ;;
+        esac
+
+        echo "$base\n$extra" > /build/full_body.md
+
+    - name: Create Release
</code_context>

<issue_to_address>
**issue (bug_risk):** The newline between `base` and `extra` won’t actually be inserted with `echo` as written.

In POSIX sh, `echo` prints `\n` literally, so this won’t split `base` and `extra` onto separate lines. To ensure a real newline, use e.g.:

```sh
printf '%s
%s
' "$base" "$extra" > /build/full_body.md
```

(or a here‑doc) so the release body is formatted as intended.
</issue_to_address>

### Comment 2
<location> `.github/workflows/pypi.yml:2-5` </location>
<code_context>
+name: Publish
+permissions:
+  contents: write
+  pull-requests: read
+  id-token: write
+on:
+  push:
</code_context>

<issue_to_address>
**🚨 suggestion (security):** Workflow permissions are broader than necessary for a simple PyPI publish job.

For this publish-only job, `contents: read` should be enough, and `pull-requests: read` can likely be removed. Please restrict permissions to the minimum required (e.g., `contents: read`, `id-token: write`) to align with least-privilege practices.

```suggestion
permissions:
  contents: read
  id-token: write
```
</issue_to_address>

### Comment 3
<location> `docs/_github/release_notes.md:5` </location>
<code_context>

-❔ 修复内置重启卡死（难以复现，只能一点点试）  
+同 `v2.8.1` ， 见[参考](https://doc.comicguispider.nyc.mn/changelog/history)  
+发现 tag 包替换无法打开所以转 pypi 发布 `2.8.2` ，后续应该恢复 pypi  
</code_context>

<issue_to_address>
**suggestion (typo):** Consider correcting "pypi" to "PyPI" and slightly smoothing the sentence structure.

"pypi" should be capitalized as "PyPI" to match the official name. For smoother Chinese wording and readability, you could revise to: “发现 tag 包替换后无法打开，所以转 PyPI 发布 `2.8.2`，后续应该恢复 PyPI”。
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): The newline between base and extra won’t actually be inserted with echo as written.

In POSIX sh, echo prints \n literally, so this won’t split base and extra onto separate lines. To ensure a real newline, use e.g.:

printf '%s
%s
' "$base" "$extra" > /build/full_body.md

(or a here‑doc) so the release body is formatted as intended.

[sourcery-ai]

🚨 suggestion (security): Workflow permissions are broader than necessary for a simple PyPI publish job.

For this publish-only job, contents: read should be enough, and pull-requests: read can likely be removed. Please restrict permissions to the minimum required (e.g., contents: read, id-token: write) to align with least-privilege practices.

Suggested change

	permissions:
	contents: write
	pull-requests: read
	id-token: write
	permissions:
	contents: read
	id-token: write

[sourcery-ai]

suggestion (typo): Consider correcting "pypi" to "PyPI" and slightly smoothing the sentence structure.

"pypi" should be capitalized as "PyPI" to match the official name. For smoother Chinese wording and readability, you could revise to: “发现 tag 包替换后无法打开，所以转 PyPI 发布 2.8.2，后续应该恢复 PyPI”。