ci(release): smoke-test packaged binaries' --version before attaching

[FrozenRaspberry]

What

Smoke-tests the packaged release binaries (gl, git-remote-gitlawb, gitlawb-node) by running each one's --version in the release-binaries job before they're attached to the release.

Why

This is the follow-up I flagged in #30 ("wiring --version checks for all three binaries into release.yml"), now unblocked by git-remote-gitlawb gaining --version in that PR.

docs/OSS-READINESS-AUDIT.md notes:

"release binaries are not smoke-tested after packaging."

The release-binaries job builds and tars up all three binaries but never executes them, so a broken artifact (bad build, missing runtime symbol) would ship to a release unnoticed. The docker job only smoke-tests the image's gitlawb-node --version, not the standalone binaries in the tarball.

How

• After Build, a new Smoke test binaries step runs --version on each of the three binaries and asserts the released version string is present in the output (they print <name> <version>, matching the convention feat(git-remote-gitlawb): add --version and --help flags #30 aligned git-remote-gitlawb to).
• A version mismatch or non-zero exit fails the release with a clear ::error:: annotation.
• Skipped for aarch64-unknown-linux-musl, which is cross-compiled and can't execute on the x86_64 runner. The other three targets (x86_64-linux-musl, x86_64-apple-darwin, aarch64-apple-darwin) run natively on their matrix runners.

No protocol, API, or release-artifact changes — purely an added verification gate.

Testing

• release.yml validated as well-formed YAML.
• Verified locally against a release build of the current main:
  • gl --version → gl 0.3.9
  • git-remote-gitlawb --version → git-remote-gitlawb 0.3.9
  • gitlawb-node --version → gitlawb-node 0.3.9
  • The exact loop from the workflow passes for all three, and correctly fails when the expected version doesn't match (confirming the gate isn't a no-op).

Summary by CodeRabbit

• Chores
  • Enhanced release pipeline with automated verification of compiled binaries to ensure version consistency across all target platforms.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 977d952c-e5fe-4089-b071-95f24b93bd52

📥 Commits

Reviewing files that changed from the base of the PR and between 8680d0f and a56f7bf.

📒 Files selected for processing (1)

• .github/workflows/release.yml

---

📝 Walkthrough

Walkthrough

A new "Smoke test binaries" step is added to the release workflow's "Build & Attach Binaries" job. After building each target, the step executes each binary with --version and checks that the output contains the expected release version string, failing the workflow on mismatch. The step is skipped for the aarch64-unknown-linux-musl target.

Changes

Binary Smoke Test in Release Workflow

Layer / File(s)	Summary
Smoke test binaries step .github/workflows/release.yml	Adds a step after artifact compilation that runs --version on each built binary and asserts the release-please version string is present in the output; the step is conditionally skipped for the aarch64-unknown-linux-musl target.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 A bunny hops through each binary file,
Sniffing for versions with quite a smile,
"Does your --version match what we planned?"
If not, the workflow halts as commanded!
Aarch64 gets a gentle pass today~ 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci(release): smoke-test packaged binaries' --version before attaching' directly and clearly describes the main change - adding smoke testing of release binaries by checking their --version output before they are attached.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}