ci: smoke-test the pushed docker image

[scarmuega]

Context

The recent e2e failure (GLIBC_2.39 not found) was a runtime-only breakage: the image built and pushed fine, and nothing failed until the binary was actually executed. docker.yml had no such check, so a broken production image could ship silently.

What this does

Adds a final Smoke test step to the docker job: after build-push, run the image by digest and invoke oura --version.

• #[clap(version)] is set on the CLI, so --version exits 0 on a healthy binary.
• Pulling ghcr.io/txpipe/oura@<digest> selects the amd64 variant on the runner, so this catches runtime breakage (glibc mismatch, missing shared lib, bad entrypoint) before the workflow goes green.

Scope / limitations

• Basic by design — it validates the amd64 image only. arm64 isn't exercised (would need QEMU); since both arches are built the same way on ubuntu-22.04, amd64 is a representative check.
• Runs on every docker.yml invocation (push to main and v* tags).

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Enhanced Docker image verification in the deployment pipeline with automated smoke testing to ensure container integrity and functionality before release.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

The Docker workflow's build-and-push step gains an explicit id: build. A new "Smoke test" step is appended that pulls the just-pushed image by its digest (ghcr.io/txpipe/oura@${{ steps.build.outputs.digest }}) and runs --version to confirm the container image executes successfully.

Changes

Docker CI smoke test

Layer / File(s)	Summary
Build ID and smoke-test step .github/workflows/docker.yml	Adds id: build to the existing build/push step so its digest output is accessible, then appends a smoke-test step that runs the pushed image by digest and invokes --version.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 A digest in hand, the rabbit cheers,
--version rings out for all to hear.
The image is pushed, the smoke test is green,
The freshest container you've ever seen!
Hoppy little CI, doing its thing~ ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: smoke-test the pushed docker image' directly and clearly describes the main change: adding a smoke test for the Docker image in CI.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/docker-smoke-test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}