chore: add PyPI publishing infrastructure for wren-core-py

[goldmedal]

Summary

• Add PyPI metadata to wren-core-py/pyproject.toml and Cargo.toml (description, license, classifiers, project URLs)
• Update README.md with installation instructions, quick start example, and publishing guide
• Add scripts/publish.sh for local build + publish to PyPI/TestPyPI
• Add .github/workflows/pypi-publish.yml CI workflow (builds wheels for Linux x86_64/arm64, macOS x86_64/arm64, Windows x86_64 via maturin-action, publishes with trusted publisher OIDC)

Package is already verified on TestPyPI: https://test.pypi.org/project/wren-core-py/

Test plan

• maturin build --release succeeds locally
• maturin sdist succeeds locally
• Published to TestPyPI and verified install with pip install --index-url https://test.pypi.org/simple/ wren-core-py
• Configure trusted publisher on PyPI after merge
• Trigger pypi-publish.yml workflow manually to verify CI build matrix

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Expanded README with installation, Quick Start examples, developer/test/build guidance, publishing instructions, and Python ≥3.11 requirement.

• Chores

  • Updated packaging/project metadata (description, license, authors, classifiers, URLs).
  • Added CI workflow and a publish helper to build artifacts and support publishing to TestPyPI/PyPI.
  • Updated ignore rules to exclude local dict artifacts.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b315ca27-15bb-477a-b286-1e2d66c37caa

📥 Commits

Reviewing files that changed from the base of the PR and between e618b22 and 6417a5d.

📒 Files selected for processing (1)

• wren-core-py/README.md

✅ Files skipped from review due to trivial changes (1)

• wren-core-py/README.md

---

📝 Walkthrough

Walkthrough

Adds publishing infrastructure and package metadata for wren-core-py: a GitHub Actions workflow to build and publish wheels/sdist to TestPyPI/PyPI, a local publish.sh script, expanded packaging metadata and README updates, and a .gitignore addition.

Changes

Cohort / File(s)	Summary
CI / Publishing Workflow ​.github/workflows/pypi-publish.yml	New GitHub Actions workflow: manual workflow_dispatch target (testpypi/pypi), OIDC-enabled least-privilege permissions, matrixed build-wheels, build-sdist, and publish job that aggregates artifacts and runs pypa/gh-action-pypi-publish with dynamic repository URL and environment metadata.
Local Publish Script wren-core-py/scripts/publish.sh	New Bash publish helper: strict shell mode, prerequisite checks (cargo, maturin, twine), builds wheels and sdist via maturin, lists artifacts, optional twine check, uploads to TestPyPI/PyPI; supports --test and --build.
Package Metadata wren-core-py/Cargo.toml, wren-core-py/pyproject.toml	Added/expanded package metadata: description, license, repository in Cargo.toml; fuller [project] fields, classifiers, requires-python >=3.11, authors, and project URLs in pyproject.toml.
Documentation & Guides wren-core-py/README.md	Updated heading and expanded documentation: Installation, Quick Start, Test and Build (developer guide), and Publishing sections; updated examples and Python requirement.
Ignore Rules .gitignore	Added wren-core-py/dict/ to ignore list.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant GH as GitHub Actions
  participant Runner as Build Runner
  participant Art as Artifact Storage
  participant PyPI as PyPI/TestPyPI

  rect rgba(200,230,201,0.5)
  Dev->>GH: trigger workflow (manual `workflow_dispatch`)
  end

  GH->>Runner: start matrixed build-wheels & build-sdist jobs
  Runner->>Art: upload per-target wheel artifacts
  Runner->>Art: upload sdist artifact
  Art->>GH: artifacts available
  GH->>GH: publish job downloads artifacts into consolidated `dist/`
  GH->>PyPI: invoke pypa publishing action (repository-url chosen by `target`)
  PyPI-->>GH: publish result
  GH-->>Dev: workflow completion and logs

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• douenergy

Poem

🐰 I hopped through builds both near and far,
Wheels spun on Linux, macOS, and Windows star,
Manifests snug, metadata set just right,
Artifacts gathered by GitHub's light,
Off to TestPyPI then PyPI — carrots in sight! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately describes the main change: adding PyPI publishing infrastructure (workflow, scripts, and metadata) for the wren-core-py package.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/pypi-publish.yml:
- Around line 34-38: The job matrix uses an invalid runner label "macos-13" for
the x86_64 job (the entry paired with target: x86_64-apple-darwin); update that
runner label to a valid hosted runner such as "macos-latest" (or "macos-12") so
the workflow can start correctly—i.e., replace the "macos-13" value with a
supported label next to the x86_64-apple-darwin target.

In `@wren-core-py/README.md`:
- Around line 17-28: The example in README.md calls to_manifest(base64_mdl_json)
but never defines base64_mdl_json; update the snippet to show how to construct
base64_mdl_json (e.g., create the MDL manifest as a JSON string or dict,
serialize it to JSON, base64-encode that payload) and place that definition
immediately above the to_manifest call so readers can run the example; reference
the existing example symbols (to_manifest, SessionContext, transform_sql) and
ensure the added lines produce a variable named base64_mdl_json used by the
to_manifest call.

In `@wren-core-py/scripts/publish.sh`:
- Around line 95-101: The current block runs `twine check "$DIST_DIR"/*` and
treats any failure as "twine not available" when MODE=build, which masks real
validation errors; change the logic to first detect whether the `twine` command
exists (e.g., via `command -v twine` or checking exit status 127) and only
suppress validation in build mode when `twine` is genuinely missing; if `twine`
exists but `twine check` returns non-zero, always treat that as a validation
failure (exit non-zero) regardless of MODE, and if `twine` is missing and
MODE==build emit the warning you already have. Reference: the `twine check`
invocation, the `MODE` variable and `DIST_DIR` glob in the failing block.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 85071781-b16c-4fcc-801e-f88956c315b2

📥 Commits

Reviewing files that changed from the base of the PR and between 3a02b13 and 0a8fc65.

📒 Files selected for processing (5)

• .github/workflows/pypi-publish.yml
• wren-core-py/Cargo.toml
• wren-core-py/README.md
• wren-core-py/pyproject.toml
• wren-core-py/scripts/publish.sh

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify workflow syntax and runner labels
actionlint -color -oneline .github/workflows/pypi-publish.yml

Repository: Canner/wren-engine

Length of output: 856

---

Invalid macOS runner label will break the wheel matrix.

Line 34 uses macos-13, which is not a valid GitHub Actions hosted runner label, so that job will fail to start.

💡 Proposed fix

-          - os: macos-13
+          - os: macos-15-intel
             target: x86_64-apple-darwin
@@
-          - os: macos-latest
+          - os: macos-15
             target: aarch64-apple-darwin

🧰 Tools

🪛 actionlint (1.7.11)

[error] 34-34: label "macos-13" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2025-vs2026", "windows-2022", "windows-11-arm", "ubuntu-slim", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26-large", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xlarge", "macos-14-large", "macos-14", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/pypi-publish.yml around lines 34 - 38, The job matrix uses
an invalid runner label "macos-13" for the x86_64 job (the entry paired with
target: x86_64-apple-darwin); update that runner label to a valid hosted runner
such as "macos-latest" (or "macos-12") so the workflow can start correctly—i.e.,
replace the "macos-13" value with a supported label next to the
x86_64-apple-darwin target.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Validation failures are masked in --build mode.

This block treats any twine check failure as “twine not available” when MODE=build, so real metadata/package errors can pass silently.

💡 Proposed fix

-echo "==> Validating with twine check"
-twine check "$DIST_DIR"/* 2>/dev/null || {
-    if [[ "$MODE" == "build" ]]; then
-        echo "Warning: twine not available for validation (build-only mode)"
-    else
-        exit 1
-    fi
-}
+echo "==> Validating with twine check"
+if command -v twine &>/dev/null; then
+    twine check "$DIST_DIR"/*
+elif [[ "$MODE" == "build" ]]; then
+    echo "Warning: twine not installed; skipping validation in build-only mode"
+else
+    echo "Error: 'twine' is not installed. Run: pip install twine" >&2
+    exit 1
+fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@wren-core-py/scripts/publish.sh` around lines 95 - 101, The current block
runs `twine check "$DIST_DIR"/*` and treats any failure as "twine not available"
when MODE=build, which masks real validation errors; change the logic to first
detect whether the `twine` command exists (e.g., via `command -v twine` or
checking exit status 127) and only suppress validation in build mode when
`twine` is genuinely missing; if `twine` exists but `twine check` returns
non-zero, always treat that as a validation failure (exit non-zero) regardless
of MODE, and if `twine` is missing and MODE==build emit the warning you already
have. Reference: the `twine check` invocation, the `MODE` variable and
`DIST_DIR` glob in the failing block.