Push firecracker to all environments on release

[djeebus]

No description provided.

[cursor]

PR Summary

Medium Risk
Changes the release pipeline’s build/deploy control flow and GCP auth configuration, which can affect what gets built, published, and pushed to staging/juliett/foxtrot. Risk is mostly around CI/CD behavior changes (skipped builds, credential sourcing) rather than application runtime code.

Overview
This PR updates the manual release workflow to always run build, publish, and deploy jobs and push release artifacts to all environments (staging, juliett, foxtrot), instead of conditionally skipping the pipeline via a skip_build output.

Build skipping is moved from scripts/validate.py into the workflow: each build matrix entry now checks GitHub Release assets and skips the build/upload steps per-architecture if the corresponding firecracker-${arch} asset already exists.

In deploy, GCP Workload Identity auth is switched from secrets.* to vars.* and now includes an explicit service_account. The validation script and tests are simplified by removing release-asset detection logic and replacing it with a generate_build_matrix helper that only reflects requested architectures.

^{Reviewed by Cursor Bugbot for commit 2a638df. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 553b1f8. Configure here.}

[cursor]

Publish job fails when all artifacts already exist

High Severity

When all requested artifacts already exist in the release, both build matrix jobs skip the upload-artifact step, producing zero workflow artifacts. The publish job's actions/download-artifact@v8 step then fails with "No artifacts found" (this is documented v4+ behavior), which blocks the deploy job since it declares needs: [validate, publish]. This defeats the PR's stated goal of deploying to all environments on re-runs where artifacts already exist.

Additional Locations (1)

• .github/workflows/release.yml#L181-L183

 

^{Reviewed by Cursor Bugbot for commit 553b1f8. Configure here.}

[cursor]

Dead --github-repo argument after removing its only consumer

Low Severity

The --github-repo argument is still defined in the argument parser, but args.github_repo is never referenced anywhere after this diff removed check_existing_artifacts, which was its only consumer. This is dead code left behind during the refactoring that could confuse future developers into thinking repository context is still used by the validation script.

 

^{Reviewed by Cursor Bugbot for commit 553b1f8. Configure here.}