Add automated Ruby version detection and publishing workflows

Implements end-to-end automation for detecting new Ruby versions from
rbenv/ruby-build and publishing features/images with approval gates.

Key Features:
- Daily check for new Ruby versions (>= 3.2.0 non-EOL only)
- Automatic PR creation with auto-merge on CI success
- Conditional publishing: full rebuild on feature bump, incremental otherwise
- Single approval gate for all publishing operations
- Comprehensive workflow annotations and failure notifications

Workflows:
- check-ruby-versions.yaml: Daily cron + manual trigger for detection
- publish-ruby-updates.yaml: Handles feature/image publishing with approval
- Modified release-features.yaml: Excludes Ruby feature from batch publish
- Modified publish-new-image-version.yaml: Uses dynamic matrix from JSON

Scripts:
- find-new-ruby-versions: Fetches and filters versions from ruby-build
- check-and-create-pr: Orchestrates detection and PR creation
- create-ruby-versions-pr: Creates formatted PR with automation labels
- check-feature-bump: Detects feature version changes in commits
- extract-new-ruby-versions: Parses new versions from git diff
- get-current-image-version: Gets latest ruby-* tag
- Modified add-ruby-version: Uses JSON storage instead of YAML

Infrastructure:
- .github/ruby-versions.json: Single source of truth for version matrix
- Uses RUBY_AUTOMATION_PAT for proper workflow triggering
- Proper stdout/stderr separation for script composition
- yq installed in devcontainer for JSON/YAML manipulation

Workflow Behavior:
- Feature bump: Publish feature → create release → tag → build all versions
- No bump: Trigger builds for new Ruby versions only
- Approval step shows summary of what will be published
- Failure notifications create GitHub issues automatically

Author: rafaelfranca

.devcontainer/Dockerfile

@@ -1,3 +1,8 @@
 FROM mcr.microsoft.com/devcontainers/javascript-node:1-20-bookworm
 
 RUN apt-get update && apt-get install -y shellcheck
+
+# Install yq for YAML processing
+RUN ARCH=$(dpkg --print-architecture) && \
+    wget -qO /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" && \
+    chmod +x /usr/local/bin/yq

.github/ruby-versions.json

@@ -0,0 +1,33 @@
+[
+  "4.0.0",
+  "3.4.8",
+  "3.4.7",
+  "3.4.6",
+  "3.4.5",
+  "3.4.4",
+  "3.4.3",
+  "3.4.2",
+  "3.4.1",
+  "3.4.0",
+  "3.3.10",
+  "3.3.9",
+  "3.3.8",
+  "3.3.7",
+  "3.3.6",
+  "3.3.5",
+  "3.3.4",
+  "3.3.3",
+  "3.3.2",
+  "3.3.1",
+  "3.3.0",
+  "3.2.9",
+  "3.2.8",
+  "3.2.7",
+  "3.2.6",
+  "3.2.5",
+  "3.2.4",
+  "3.2.3",
+  "3.2.2",
+  "3.2.1",
+  "3.2.0"
+]

.github/workflows/check-ruby-versions.yaml

@@ -0,0 +1,64 @@
+name: Check for New Ruby Versions
+
+on:
+  schedule:
+    - cron: '0 2 * * *'  # Daily at 2 AM UTC
+  workflow_dispatch:  # Allow manual triggers
+
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+
+jobs:
+  check-versions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Check for new versions and create PR
+        id: check-and-create
+        env:
+          GH_TOKEN: ${{ secrets.RUBY_AUTOMATION_PAT }}
+        run: |
+          PR_NUMBER=$(bin/check-and-create-pr "${{ secrets.RUBY_AUTOMATION_PAT }}")
+
+          if [ -n "$PR_NUMBER" ]; then
+            echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Enable auto-merge
+        if: steps.check-and-create.outputs.pr_number != ''
+        env:
+          GH_TOKEN: ${{ secrets.RUBY_AUTOMATION_PAT }}
+        run: |
+          echo "Enabling auto-merge for PR #${{ steps.check-and-create.outputs.pr_number }}..."
+          gh pr merge ${{ steps.check-and-create.outputs.pr_number }} --auto --squash
+
+      - name: Create issue on failure
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: '🔴 Ruby Version Check Failed',
+              body: `The automated Ruby version check workflow failed.
+
+              **Run:** ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}
+
+              **Job:** ${context.job}
+
+              Please check the workflow logs for details.`,
+              labels: ['automation', 'bug', 'ruby-versions']
+            });

.github/workflows/publish-new-image-version.yaml

@@ -4,43 +4,22 @@ name: Build and Publish Images
     tags:
       - ruby-*.*.*
 jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v4
+      - id: set-matrix
+        run: echo "matrix=$(cat .github/ruby-versions.json | jq -c '.')" >> $GITHUB_OUTPUT
+
   build:
     name: Build Images
+    needs: setup
     strategy:
       fail-fast: false
       matrix:
-        RUBY_VERSION:
-          - 4.0.0
-          - 3.4.8
-          - 3.4.7
-          - 3.4.6
-          - 3.4.5
-          - 3.4.4
-          - 3.4.3
-          - 3.4.2
-          - 3.4.1
-          - 3.4.0
-          - 3.3.10
-          - 3.3.9
-          - 3.3.8
-          - 3.3.7
-          - 3.3.6
-          - 3.3.5
-          - 3.3.4
-          - 3.3.3
-          - 3.3.2
-          - 3.3.1
-          - 3.3.0
-          - 3.2.9
-          - 3.2.8
-          - 3.2.7
-          - 3.2.6
-          - 3.2.5
-          - 3.2.4
-          - 3.2.3
-          - 3.2.2
-          - 3.2.1
-          - 3.2.0
+        RUBY_VERSION: ${{ fromJSON(needs.setup.outputs.matrix) }}
     runs-on: ubuntu-latest
     permissions:
       contents: read