Problem or motivation
.github/workflows/release.yml triggers on push: tags: v*, builds the binary, generates and signs an SBOM, and runs GoReleaser — but never runs go test ./.... A tag pushed to a broken commit (or to a commit that bypassed the build.yml workflow by being on a non-protected branch) will publish a broken release binary with no test gate.
Proposed solution
Add a go test ./... -count=1 step to release.yml between go build and GoReleaser. Alternatively, convert build.yml to a reusable workflow (on: workflow_call) and call it from release.yml via needs:, which reuses the full existing test-with-coverage pipeline without duplication.
Alternatives considered
Relying on branch protection to ensure only tested commits reach main before tagging — insufficient because tags can be pushed to any commit, including commits on branches without protection rules.
Additional context
Affected: .github/workflows/release.yml. The build.yml workflow already contains the full test-with-coverage pipeline and would be the natural candidate for reuse.
Problem or motivation
.github/workflows/release.ymltriggers onpush: tags: v*, builds the binary, generates and signs an SBOM, and runs GoReleaser — but never runsgo test ./.... A tag pushed to a broken commit (or to a commit that bypassed thebuild.ymlworkflow by being on a non-protected branch) will publish a broken release binary with no test gate.Proposed solution
Add a
go test ./... -count=1step torelease.ymlbetweengo buildand GoReleaser. Alternatively, convertbuild.ymlto a reusable workflow (on: workflow_call) and call it fromrelease.ymlvianeeds:, which reuses the full existing test-with-coverage pipeline without duplication.Alternatives considered
Relying on branch protection to ensure only tested commits reach
mainbefore tagging — insufficient because tags can be pushed to any commit, including commits on branches without protection rules.Additional context
Affected:
.github/workflows/release.yml. Thebuild.ymlworkflow already contains the full test-with-coverage pipeline and would be the natural candidate for reuse.