Add verify release assets GitHub workflow

[ivanvc]

This pull request may seem counter-intuitive, as we're trying to move away from GitHub actions. However, there's no current way of running a CI check like this in Prow. It doesn't support running when the repository has a new tag.

This change:

• Verifies that the SHA256SUMS file exists and has the same number of lines as uploaded assets.
• Verifies that the uploaded files match the checksum from the SHA256SUMS file

For both GitHub and Google Cloud assets.

I tested this in my fork:

• Successful run: https://github.com/ivanvc/etcd/actions/runs/13648835540
• Failure run: https://github.com/ivanvc/etcd/actions/runs/13648892616

If the workflow fails, the release lead will get an email from GitHub with the failure.

With this check, we should have more confidence when we enable the automatic undrafting of the release. This addresses issues with corrupted uploads like #19270.

Part of: #18604.

Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.

[ivanvc]

We can also expand these tests to check that the checksums match and that the binary works (we once manually tested due to a file size in Darwin). We could use https://github.com/uraimo/run-on-arch-action to test different architectures (PPC, mainframe). GitHub also has Windows, Mac (amd64, arm64), and Linux (amd64, arm64) runners.

These are the GitHub available runners:
https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.85%. Comparing base (4ef3b37) to head (215ab98).
Report is 24 commits behind head on main.

Additional details and impacted files

see 21 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #19520      +/-   ##
==========================================
+ Coverage   68.80%   68.85%   +0.05%     
==========================================
  Files         421      421              
  Lines       35901    35901              
==========================================
+ Hits        24700    24721      +21     
+ Misses       9778     9753      -25     
- Partials     1423     1427       +4     

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4ef3b37...215ab98. Read the comment docs.

[ahrtr]

LGTM with two minor comments.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahrtr, ivanvc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• .github/OWNERS [ahrtr,ivanvc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ivanvc]

/cherry-pick release-3.6

[k8s-infra-cherrypick-robot]

@ivanvc: new pull request created: #19539

In response to this:

/cherry-pick release-3.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ivanvc]

/cherry-pick release-3.5

[k8s-infra-cherrypick-robot]

@ivanvc: new pull request created: #19540

In response to this:

/cherry-pick release-3.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ivanvc]

This worked correctly during today's releases.

/cherry-pick release-3.4

[k8s-infra-cherrypick-robot]

@ivanvc: new pull request created: #19545

In response to this:

This worked correctly during today's releases.

/cherry-pick release-3.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.