fix(ci): harden publish workflow package matrix validation

[miyaontherelay]

Summary

Fix the publish.yml failure mode behind the failed publish run:

• old workflow matrix included packages that no longer existed or were not present in the dependency-aware build order
• artifact upload then failed later with opaque cp: cannot stat .../dist

This PR hardens the workflow in two ways:

1. fail clearly when a matrix package does not produce build artifacts
2. fail early when the publish matrix references:
   • a missing package directory, or
   • a package omitted from the dependency-aware build order

Root cause from the failed run

The failed run on main (26327788454) used a workflow revision where:

• the publish matrix still included persona and dispatch
• the dependency-aware ORDER=(...) build list did not include dispatch
• packages/dispatch/dist was never produced
• Upload build artifacts then failed with:
  • cp: cannot stat 'packages/dispatch/dist'

Changes

• add explicit checks in Upload build artifacts for:
  • packages/$pkg/package.json
  • packages/$pkg/dist
• add a Validate publish matrix packages exist step before build/test loops
• validate that every package in the publish matrix is present in the dependency-aware build order before running the build loop

Why this helps

Instead of a late opaque artifact-copy failure, the workflow now fails with a precise, actionable error when the matrix and repo/build order drift apart.

Commits

• 6dc68f6 fix(ci): fail clearly when publish artifacts are missing
• 9c3906e fix(ci): validate publish matrix against repo and build order

[coderabbitai]

Warning

Review limit reached

@miyaontherelay, we couldn't start this review because you've used your available PR reviews for now.

Your plan currently allows 1 review/hour. Refill in 54 minutes and 26 seconds.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more review capacity refills, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than trial, open-source, and free plans. In all cases, review capacity refills continuously over time.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: b5bba484-9f8b-4f37-80b8-72119beb6ece

📥 Commits

Reviewing files that changed from the base of the PR and between 9c3906e and 937e0a5.

📒 Files selected for processing (1)

• .github/workflows/publish.yml

📝 Walkthrough

Walkthrough

The publish workflow now performs guard checks to ensure package matrix consistency. Before builds start, it validates that all matrix packages have corresponding package.json files and are listed in the dependency-aware build order. After builds complete, artifact upload validates that both package metadata and dist output exist for each package.

Changes

Publish Workflow Validation

Layer / File(s)	Summary
Preflight matrix validation .github/workflows/publish.yml	Before tests and builds, the workflow validates that every matrix package has a packages/<pkg>/package.json file and exists in the predefined ORDER array for dependency-aware builds.
Post-build artifact validation .github/workflows/publish.yml	After builds complete, the artifact upload step checks that both packages/<pkg>/package.json and packages/<pkg>/dist exist; it errors out if either is missing instead of uploading potentially absent artifacts.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Guard checks now watch the publish flow,
Package files and dist, high and low,
No phantom artifacts slip through,
The workflow validates, tried and true!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: hardening the publish workflow's package matrix validation to catch mismatches early.
Description check	✅ Passed	The description clearly explains the issue, root cause, and specific validation improvements introduced to prevent opaque failures in artifact upload.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/publish-workflow-matrix-validation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file

_{Re-trigger cubic}