fix: retry self-upgrade with binary rename on Linux/WSL to avoid ETXTBSY

[Copilot]

gh aw upgrade fails on Linux/WSL because gh extension upgrade cannot overwrite the gh-aw binary while it is the currently-executing process — the kernel returns ETXTBSY when any process attempts to open() a memory-mapped executable for writing.

Change

The upgrade now uses a try-first, rename-retry strategy to minimize the risk of leaving the installation in a broken state:

1. First attempt: gh extension upgrade is run directly, without touching the filesystem. On most systems — and on Linux when there is no in-use binary conflict — this succeeds with zero file manipulation.
2. Rename + retry (Linux only): if the first attempt fails (likely ETXTBSY), the current executable is atomically renamed to a .bak backup path, freeing the original path for gh to write the newly-downloaded binary. The inode remains alive for the running process.
3. Restore on retry failure: if the retry also fails (network error, permissions, etc.), the backup is automatically renamed back so the user is never left without a working gh-aw installation.
4. Correct relaunch path: after the rename, os.Executable() returns a "(deleted)"-suffixed path on Linux. upgradeExtensionIfOutdated returns the pre-rename install path, passed directly to relaunchWithSameArgs via a new exeOverride parameter, ensuring the freshly-installed binary is exec'd correctly.

On Linux, the first attempt's output is buffered and suppressed when the rename+retry succeeds, so users do not see a confusing error followed by success.

// renamePathForUpgrade renames exe → exe.bak, freeing the path for the new binary.
// restoreExecutableBackup renames exe.bak → exe if the upgrade fails.
// cleanupExecutableBackup removes exe.bak after a successful upgrade.

• No behaviour change on macOS or Windows — the first attempt is the only attempt and no files are renamed.
• Rename failure is non-fatal: logged at debug level and the retry proceeds (it may still fail with ETXTBSY, but with an informative error from gh).
• If backup restoration itself fails, a user-visible error message is printed with instructions to recover manually.
• Helper functions (firstAttemptWriter, renamePathForUpgrade, restoreExecutableBackup, cleanupExecutableBackup) are extracted and covered by unit tests.

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

[dsyme]

@pelikhan wdyt, could you look at this? Seems kind of dodgy to delete outselves befor we have a clear understanding the upgrade will succeed?

[Copilot]

Replaced the os.Remove approach with os.Rename to a .bak backup in commit 87759d2. If gh extension upgrade succeeds, the backup is cleaned up; if it fails, the backup is automatically restored so the user is never left without gh-aw. The upgrade is only attempted after the rename — we don't proceed blindly without knowing the path is free.

[Copilot]

Pull request overview

Fixes gh aw upgrade failures on Linux/WSL where gh extension upgrade cannot overwrite the currently-running gh-aw executable due to ETXTBSY (“text file busy”).

Changes:

• Add Linux-only pre-upgrade logic to resolve the current executable path and os.Remove() it before invoking gh extension upgrade.
• Add debug logging around the pre-removal attempt to aid diagnosis.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[pelikhan]

@copilot review comments

[pelikhan]

@copilot review the risk of bricking the extension and make sure that the copy/swap is done when the new binary is ready and minize potential failure that would break the installation.

[Copilot]

@copilot review the risk of bricking the extension and make sure that the copy/swap is done when the new binary is ready and minize potential failure that would break the installatio...

Reworked in f37859c. The swap now only happens after the upgrade has already been attempted:

1. First, try gh extension upgrade directly — no filesystem changes at all (zero bricking risk). On macOS/Windows this is the only path.
2. Only if the first attempt fails on Linux (likely ETXTBSY): rename the binary to .bak, then retry.
3. On retry success → clean up .bak.
4. On retry failure → restore .bak so the user still has a working gh-aw.

The first attempt's error output is buffered on Linux and suppressed when the retry succeeds, so users see a clean experience. The binary is never touched on systems where the upgrade works first time.