feat: release process with install script, version flag, and musl builds

[Miyamura80]

Summary

• --version flag: Outputs version + git SHA (e.g. desktest 0.2.0 (abc1234)) via build.rs compile-time embedding
• Install script: One-liner curl -fsSL .../install.sh | sh with platform detection, SHA256 checksum verification, DESKTEST_VERSION pinning, musl preference on Linux, and DESKTEST_INSTALL_DIR override
• musl builds: Added x86_64-unknown-linux-musl and aarch64-unknown-linux-musl targets to release workflow (6 total) for Alpine/minimal Docker image compatibility
• Version consistency check: New check-version CI job blocks release if git tag doesn't match Cargo.toml
• make bump_version VERSION=x.y.z: Updates Cargo.toml, commits, and tags in one command

Install usage

# Latest
curl -fsSL https://raw.githubusercontent.com/Edison-Watch/desktest/master/install.sh | sh

# Pinned version
DESKTEST_VERSION=0.2.0 curl -fsSL ... | sh

# Custom install dir (e.g. in Dockerfile)
DESKTEST_INSTALL_DIR=/usr/bin curl -fsSL ... | sh

Test plan

• cargo test — 377 passed, 0 failed
• desktest --version outputs desktest 0.2.0 (77b5fa3)
• Verify release workflow runs on next tag push
• Test install script on Linux (glibc + musl) and macOS

🤖 Generated with Claude Code

---

[greptile-apps]

Greptile Summary

This PR introduces a full release pipeline: a --version flag embedding the git SHA at compile time via build.rs, a rewritten POSIX sh install script with checksum verification and sudo-aware installation, musl cross-compilation targets (x86_64 and aarch64), a check-version CI gate, and a make bump_version helper. The changes address all previously raised review issues (supply-chain verification, TMPDIR shadowing, pipefail, chmod ordering, packed-refs tracking).

Key findings:

• Logic bug — install.sh unconditionally downloads the *-musl tarball on Linux. Users pinning an older DESKTEST_VERSION that predates musl builds will receive a confusing download failure instead of a graceful fallback to the *-gnu artifact.
• Cosmetic issue — verify_installation logs "Installed desktest $(desktest --version)", but clap's --version already prefixes output with the binary name, resulting in ==> Installed desktest desktest 0.2.0 (abc1234).
• Minor portability note — The Package step in release.yml uses &> (bash extension) in a run: block that defaults to /bin/sh on GitHub Actions runners.

Confidence Score: 3/5

• Safe to merge after addressing the musl-only download logic in install.sh, which breaks pinned installs of pre-musl releases.
• The overall implementation is solid and previous review concerns have been thoroughly addressed. The one blocking issue is the musl-always-on-Linux logic in install.sh that silently breaks DESKTEST_VERSION pinning for any release tag that predates this PR's musl builds — a real regression for users who rely on version pinning.
• install.sh — musl-only download logic on Linux (lines 36–41) needs a fallback to the gnu build for older releases.

Important Files Changed

Filename	Overview
install.sh	Rewritten from bash to POSIX sh with improved version pinning, checksum verification, sudo handling, and PATH warnings. A logic bug causes musl-only downloads on Linux, breaking pinned installs of pre-musl releases. Also has a cosmetic double "desktest" in the version log message.
.github/workflows/release.yml	Adds check-version gate, four new matrix targets (x86_64/aarch64 musl), and checksum-verified musl.cc toolchain download. Minor POSIX portability note on &> redirect in Package step. Overall solid.
build.rs	New build script embeds git SHA at compile time with graceful fallback to "unknown". Correctly tracks HEAD, loose refs, and packed-refs to avoid stale SHA after git gc.
Makefile	Adds bump_version target that updates Cargo.toml, runs cargo check (no longer swallowed), commits, and tags. Clean and correct implementation.
src/cli.rs	Adds version string embedding CARGO_PKG_VERSION and DESKTEST_GIT_SHA via clap's version attribute. Straightforward and correct.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["curl install.sh | sh"] --> B[detect_platform]
    B --> C{OS?}
    C -- Linux --> D["TARGET = ARCH-unknown-linux-musl ⚠️"]
    C -- Darwin --> E[TARGET = ARCH-apple-darwin]
    C -- Other --> F[err: Unsupported OS]
    D --> G[resolve_version]
    E --> G
    G --> H{DESKTEST_VERSION set?}
    H -- Yes --> I["VERSION = v$DESKTEST_VERSION"]
    H -- No --> J[curl GitHub API for latest tag]
    J --> K{VERSION empty?}
    K -- Yes --> L[err: Failed to fetch]
    K -- No --> M[download_and_install]
    I --> M
    M --> N[Download tarball + SHA256SUMS.txt]
    N --> O[Verify checksum]
    O --> P{INSTALL_DIR writable?}
    P -- Yes --> Q[mkdir + mv + chmod +x]
    P -- No --> R[sudo mkdir + mv + chmod +x]
    Q --> S[verify_installation]
    R --> S
    S --> T{desktest in PATH?}
    T -- Yes --> U[log desktest --version]
    T -- No --> V{INSTALL_DIR in PATH?}
    V -- Yes --> W[log installed path]
    V -- No --> X[warn: add to PATH]

Loading

Comments Outside Diff (1)

1. .github/workflows/release.yml, line 101-105 (link)

   sha256sum vs shasum inconsistency between Package step and install script

   The workflow uses command -v sha256sum &>/dev/null (bash-style redirect) but this step runs on both Ubuntu (where sha256sum is the standard tool) and macOS (where shasum is standard). The &> redirect is a bash extension; the shebang for GitHub Actions inline run: steps is /bin/sh by default.

   More importantly: the sha256sum output format includes a relative path (./desktest-...tar.gz) when sha256sum is invoked on the tarball with a relative path, but GNU sha256sum outputs just the filename (no leading ./) when passed a bare filename. The install script's grep "${TARBALL}" would match either form, but it's worth being explicit.

   Consider pinning the run: to bash with shell: bash to use &> safely, or replace &> with >/dev/null 2>&1 for POSIX compatibility:

           if command -v sha256sum >/dev/null 2>&1; then
             sha256sum desktest-${{ github.ref_name }}-${{ matrix.target }}.tar.gz >> checksums.txt
           else
             shasum -a 256 desktest-${{ github.ref_name }}-${{ matrix.target }}.tar.gz >> checksums.txt
           fi

_{Last reviewed commit: "fix: chmod +x under ..."}

[Miyamura80]

@greptileai

[Miyamura80]

@greptileai