fix(ci): use ubuntu-latest for test/audit/publish release jobs

[mickvandijke]

Summary

• Test, security-audit, validate, publish-crate, and release jobs now use ubuntu-latest
• Only build, installers-linux, and sign jobs remain on ubuntu-22.04 (need GLIBC 2.35 compat for deployed binaries)

Problem

The release workflow's test job failed with linker errors:

undefined symbol: __isoc23_strtol
undefined symbol: __isoc23_sscanf

These are C23 glibc symbols referenced by lmdb-master-sys and aws-lc-sys headers that aren't available on ubuntu-22.04's glibc. The CI workflow (ci.yml) already uses ubuntu-latest for tests.

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Updates the release GitHub Actions workflow to run validation/testing/audit/publish/release steps on a newer Ubuntu runner to avoid glibc/C23 symbol linker failures seen on ubuntu-22.04, while keeping artifact-building/signing steps pinned to ubuntu-22.04 for GLIBC 2.35 compatibility of distributed binaries.

Changes:

• Switch validate, test, and security-audit jobs to ubuntu-latest.
• Switch publish-crate and release jobs to ubuntu-latest.
• Keep build/install/sign jobs on ubuntu-22.04 to preserve runtime compatibility targets.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[greptile-apps]

Greptile Summary

This PR fixes CI failures in release.yml caused by missing C23 glibc symbols (__isoc23_strtol, __isoc23_sscanf) from lmdb-master-sys and aws-lc-sys when running on ubuntu-22.04. Five jobs that don't produce deployment binaries are migrated to ubuntu-latest, bringing them in line with what ci.yml already uses.

• validate, test, security-audit: Moved to ubuntu-latest — these jobs run formatting checks, clippy, tests, and audits but produce no distributed binaries, so glibc portability is irrelevant.
• publish-crate: Moved to ubuntu-latest — publishes Rust source code to crates.io, not compiled binaries.
• release: Moved to ubuntu-latest — only downloads pre-built signed artifacts and creates the GitHub Release via the API; no compilation occurs.
• build, installers-linux, sign: Correctly remain on ubuntu-22.04 to ensure distributed binaries link against GLIBC 2.35, maintaining compatibility with server deployments on older Linux distributions.

The change is well-scoped and consistent with the existing ci.yml approach.

Confidence Score: 5/5

• This PR is safe to merge — it makes a minimal, targeted change to runner labels with no effect on code or build logic.
• The diff is purely a configuration change (5 runs-on label replacements), the reasoning is sound, the split between jobs that produce portable binaries (kept on ubuntu-22.04) and jobs that do not (moved to ubuntu-latest) is correct, and the approach matches what ci.yml already uses.
• No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/release.yml	Five jobs migrated from ubuntu-22.04 to ubuntu-latest (validate, test, security-audit, publish-crate, release); binary-producing jobs (build, installers-linux, sign) correctly remain on ubuntu-22.04 for GLIBC 2.35 compatibility. No issues found.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["validate\n🟢 ubuntu-latest"] --> B["test\n🟢 ubuntu-latest"]
    A --> C["security-audit\n🟢 ubuntu-latest"]
    B --> D["build\n🔵 ubuntu-22.04 matrix"]
    C --> D
    A --> D
    D --> E["installers-linux\n🔵 ubuntu-22.04"]
    A --> F["installers-windows\nwindows-latest"]
    D --> F
    E --> G["sign\n🔵 ubuntu-22.04"]
    F --> G
    D --> G
    B --> H["publish-crate\n🟢 ubuntu-latest"]
    C --> H
    A --> H
    G --> I["release\n🟢 ubuntu-latest"]
    A --> I

    classDef latest fill:#22c55e,color:#fff,stroke:#16a34a
    classDef focal fill:#3b82f6,color:#fff,stroke:#2563eb
    classDef windows fill:#8b5cf6,color:#fff,stroke:#7c3aed

    class A,B,C,H,I latest
    class D,E,G focal
    class F windows

Loading

_{Last reviewed commit: "fix(ci): switch sign..."}