fix(packages): Pin odg-core-libs version during image build

[8R0WNI3]

What this PR does / why we need it:
Since the package is also published to PyPI, it must be ensured that the version of the current build (e.g. a hotfix version) is used instead of the greatest available version (e.g. from PyPI).

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

The `odg-core-libs` version is now pinned during the image build

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9b4d19a3-30e6-41f4-9f1b-e65229c71ea1

📥 Commits

Reviewing files that changed from the base of the PR and between ad1bf21 and fa2352c.

📒 Files selected for processing (2)

• .github/workflows/build.yaml
• Dockerfile

---

📝 Walkthrough

Walkthrough

The CI workflow exports the computed package version from the packages job as a step output and job-level output, then passes it as ODG_CORE_LIBS_VERSION build arg to the oci-image job. The Dockerfile declares that build arg and uses it to pin the odg-core-libs install to the exact computed version.

Changes

Version propagation from CI to OCI image build

Layer / File(s)	Summary
CI version output and job wiring .github/workflows/build.yaml	The distribution-packages step receives id: packages and writes version=${version} to GITHUB_OUTPUT; the packages job declares a version output mapped from that step; the oci-image job sets ODG_CORE_LIBS_VERSION in build-args from needs.packages.outputs.version.
Dockerfile build arg and pinned install Dockerfile	Adds ARG ODG_CORE_LIBS_VERSION and changes the pip3 install invocation from an unpinned odg-core-libs to odg-core-libs==${ODG_CORE_LIBS_VERSION}.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

A rabbit hopped through the pipeline one day,
"Which version of libs?" she heard someone say.
She wrote to the output, pinned it down tight,
Passed it to Docker — the version just right.
No more floating installs to cause a fright! 🐇📦

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: pinning the odg-core-libs version during image build, which matches the core objective of the PR.
Description check	✅ Passed	The description includes all required sections from the template with appropriate content: problem statement, issue reference field, reviewer notes field, and a properly formatted release note.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[zkdev]

/lgtm