ci(release): reject AppImage with bad sharun lib path

[aqilaziz]

Summary

• fail AppImage release post-processing when a sharun bundle is missing shared/lib/lib.path
• reject lib.path files that still contain GitHub Actions runner paths
• keeps the existing sharun interpreter repair in place while preventing non-portable AppImages from shipping

Refs #2242
Refs #2368

Testing

• bash -n scripts/release/strip-appimage-graphics-libs.sh
• git diff --check

Summary by CodeRabbit

• Chores
  • Enhanced AppImage release validation to ensure proper library path configuration and prevent invalid builds from being released.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6ca36c93-49ba-4e03-ae8f-797d0d98cdc5

📥 Commits

Reviewing files that changed from the base of the PR and between 369a392 and b497e9e.

📒 Files selected for processing (1)

• scripts/release/strip-appimage-graphics-libs.sh

---

📝 Walkthrough

Walkthrough

This PR extends the AppImage release pipeline by adding validation for sharun's lib.path file to catch CI runner-specific absolute paths before repackaging. The check ensures that library paths are bundle-relative and fails the build if CI markers are detected.

Changes

sharun lib.path validation in AppImage stripping

Layer / File(s)	Summary
sharun lib.path validation and integration scripts/release/strip-appimage-graphics-libs.sh	New validate_sharun_lib_path function checks for a non-empty shared/lib/lib.path file and rejects builds where it contains CI runner absolute paths (/home/runner/ or /__w/). The function is called during strip_one_appimage to enforce validation at release time.

Sequence Diagrams

No sequence diagram generated. The change is a single focused validation function addition without multi-component interactions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• tinyhumansai/openhuman#2052: Introduces the scripts/release/strip-appimage-graphics-libs.sh script and its AppImage extraction/stripping pipeline that this PR extends.
• tinyhumansai/openhuman#2307: Also modifies scripts/release/strip-appimage-graphics-libs.sh in the strip_one_appimage flow to handle sharun-specific AppImage fixes, working alongside the lib.path validation added here.

Suggested reviewers

• senamakel

Poem

🐰 A path to check, a path to fix,
With CI runners in the mix,
We validate before we pack,
No absolute paths sneak through the crack! 🎯

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically summarizes the main change: rejecting AppImages with bad sharun lib paths, which aligns perfectly with the core functionality added to validate and reject AppImages with invalid lib.path contents.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[graycyrus]

Clean, well-targeted fix that prevents shipping broken AppImages. Addresses real user-reported launch failures on Fedora 43 (#2242) and Ubuntu 26.04 (#2368).

Changes

File	Change
scripts/release/strip-appimage-graphics-libs.sh	New validate_sharun_lib_path() — fails release if shared/lib/lib.path is missing/empty or contains CI runner paths

Notes

• exit 1 (vs return 1) is the right call here — a bad lib.path means the AppImage will fail on user machines, so aborting the entire release is correct.
• Grep pattern properly handles PATH-separator-prefixed entries (+ and :).
• Placement after ensure_sharun_interpreter is logical — validate after ensuring the interpreter exists.

No issues found. LGTM — clean for approval.

[graycyrus]

Looks good, nice work!