Require all release proofs for verifier all target

[AnthonyRonning]

Summary

• make the release verifier all target require every release proof class instead of only those present
• add a present target for partial PR artifact bundles
• keep PR Linux fake-updater verification available without weakening release checks

Verification

• nix develop .#ci -c bash -n scripts/ci/verify-release-artifacts.sh
• nix flake check
• git diff --check
• strict empty-bundle test: all fails on missing desktop-release-linux-final.sha256, present passes

---

Summary by CodeRabbit

• Chores
  • Refactored CI verification script to improve release artifact validation and enhance consistency of manifest verification across different verification scenarios and platforms.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7cd374a4-b34d-4b03-be62-3968d694af09

📥 Commits

Reviewing files that changed from the base of the PR and between f1e9005 and a87d0ee.

📒 Files selected for processing (1)

• scripts/ci/verify-release-artifacts.sh

---

📝 Walkthrough

Walkthrough

This PR refactors release artifact verification by extracting Linux manifest verification into a reusable helper, splitting Linux verification into two conditional paths, and introducing a new dispatch mode that verifies only proof classes present in the artifacts directory versus unconditionally verifying all classes.

Changes

Release Artifact Verification Refactoring

Layer / File(s)	Summary
Linux manifest verification abstraction and reorganization scripts/ci/verify-release-artifacts.sh	A new verify_linux_manifest helper encapsulates Linux final manifest verification. verify_linux becomes a strict path requiring the final proof, while verify_linux_present conditionally uses either the final proof or a fallback, both delegating to the helper.
Conditional verification dispatch and usage documentation scripts/ci/verify-release-artifacts.sh	A new verify_present function conditionally verifies each proof class based on file existence. CLI dispatch is updated so present uses verify_present (conditional) and all uses verify_all (unconditional). Help text is clarified to document the two verification modes.

Sequence Diagrams

sequenceDiagram
  participant CLI as CLI dispatch
  participant verifyAll as verify_all
  participant verifyPresent as verify_present
  participant linux as verify_linux
  participant linuxOpt as verify_linux_present
  participant helper as verify_linux_manifest
  
  CLI->>verifyAll: all target (unconditional)
  verifyAll->>linux: requires all proofs
  linux->>helper: verify manifest
  
  CLI->>verifyPresent: present target (conditional)
  verifyPresent->>linuxOpt: if Linux proof exists
  linuxOpt->>helper: verify manifest

Loading

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A rabbit hops through proof and path,
Linux manifests take the lead,
Conditional checks and dispatch maps,
Let presence guide what we need. 🐰✓

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Require all release proofs for verifier all target' clearly and concisely describes the main change: making the 'all' target require every release proof class rather than just those present.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/strict-release-verifier-all

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying maple with    Cloudflare Pages

Latest commit:	a87d0ee
Status:	✅  Deploy successful!
Preview URL:	https://5f9c924a.maple-ca8.pages.dev
Branch Preview URL:	https://fix-strict-release-verifier.maple-ca8.pages.dev

View logs

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 4 additional findings.