Automate downstream dependency PRs on release

[27Bslash6]

Summary

When cachekit-core releases a new version, downstream dependents (e.g., cachekit-py) need to update their pinned dependency. Currently this is manual.

Context

• cachekit-py pins: cachekit-core = { version = "=0.1.0", ... }
• Exact pins prevent Dependabot from proposing updates (intentional)
• Manual update required after each cachekit-core release

Proposed Solution

Add a GitHub Action that triggers on release and opens PRs in downstream repos:

on:
  release:
    types: [published]

jobs:
  notify-downstream:
    runs-on: ubuntu-latest
    steps:
      - uses: peter-evans/repository-dispatch@v3
        with:
          token: ${{ secrets.DOWNSTREAM_PAT }}
          repository: cachekit-io/cachekit-py
          event-type: cachekit-core-release
          client-payload: '{"version": "${{ github.event.release.tag_name }}"}'

Downstream repo listens and opens PR updating the version pin.

Alternatives Considered

1. Manual updates - Current approach, works fine for low release frequency
2. Relax exact pin - Let Dependabot handle it (loses explicit control)
3. Monorepo - Combine repos (architectural change, not worth it)

Priority

Low - Manual updates are fine for now. Nice-to-have for when release frequency increases.

Downstream Repos

• cachekit-io/cachekit-py (rust/Cargo.toml)