fix(file): copy part bytes to avoid Bun FetchTasklet segfault

[BlackHole1]

Bun's FetchTasklet teardown (Blob.Any.detach) can segfault when fetch
is given a BunFile-backed Blob slice during multipart upload, which
was the root cause behind the oo file upload crash tracked in
#242. Materializing the part into a fresh Uint8Array
before handing it to fetch sidesteps the lazy file-backed code path
entirely.

With the underlying issue fixed in code, the CI workflows no longer
need the bun-version: canary workaround, so they are switched back
to the pinned .bun-version file. The publish cache key also picks
up .bun-version so cache entries invalidate when the runtime
version changes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 455dd3a1-c65d-42ce-a581-4b857bd75b6b

📥 Commits

Reviewing files that changed from the base of the PR and between 04e8d6b and 89ac069.

📒 Files selected for processing (5)

• .github/workflows/pr-check.yaml
• .github/workflows/publish.yaml
• .github/workflows/reject-large-external-pr.yaml
• .github/workflows/upload-release-binaries-to-oss.yaml
• src/application/commands/file/shared.ts

---

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Fixed a potential crash that could occur when uploading files.

Walkthrough

This PR makes two independent changes. First, it updates four GitHub Actions workflows (pr-check.yaml, publish.yaml, reject-large-external-pr.yaml, upload-release-binaries-to-oss.yaml) to read Bun version from a .bun-version file instead of using hardcoded canary. The publish workflow additionally updates its cache key to include a hash of .bun-version, ensuring cache invalidation when the version changes. Second, the uploadFilePart function in src/application/commands/file/shared.ts now materializes Blob slices into in-memory Uint8Array before sending to presigned URLs, avoiding a Bun-specific crash scenario.

Possibly related PRs

• oomol-lab/oo-cli#188: Both PRs touch the file upload implementation in src/application/commands/file/shared.ts—the retrieved PR's multipart/fusion-api changes and the main PR's uploadFilePart request-body handling (materializing Blob to Uint8Array) are directly connected in the same upload-part codepath.
• oomol-lab/oo-cli#187: Both PRs modify src/application/commands/file/shared.ts's uploadFilePart—the main PR changes the request body/byte-length handling by materializing the Blob into a Uint8Array, while the retrieved PR changes the fetcher used in uploadFilePart to retry on network failure.
• oomol-lab/oo-cli#208: Both PRs modify the CI workflow Bun setup logic in .github/workflows/publish.yaml to use .bun-version/.bun-version-aware caching for bun install, so the changes are directly connected at the workflow-step level.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows the required format 'fix(scope): subject' and clearly describes the main fix.
Description check	✅ Passed	The description is directly related to the changeset, explaining both the code fix and workflow changes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix-242

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}