Verify docker cli ce

.github/workflows/release.yml

@@ -491,7 +491,7 @@
     if: ${{ !inputs.skipPackaging }}
     needs: [prepare, release-cli-desktop]
     runs-on: ubuntu-latest
-    timeout-minutes: 120
+    timeout-minutes: 360
     permissions:
       contents: read
     steps:
@@ -574,6 +574,40 @@
             -f release_live=true
           echo "✅ Plugin release workflow triggered in docker/release-repo"
 
+      - name: Wait for release-repo plugin workflow to complete
+        env:
+          GH_TOKEN: ${{ secrets.CLI_RELEASE_PAT }}
+        run: |
+          echo "⏳ Waiting for release-repo plugin workflow to appear..."
+          sleep 15
+
+          # Find the most recent run of plugin.yml in release-repo
+          for i in $(seq 1 10); do
+            RUN_ID=$(gh run list \
+              --repo docker/release-repo \
+              --workflow plugin.yml \
+              --limit 1 \
+              --json databaseId \
+              --jq '.[0].databaseId')
+            if [ -n "$RUN_ID" ]; then
+              echo "Found release-repo run: $RUN_ID"
+              break
+            fi
+            echo "  Retry $i/10..."
+            sleep 10
+          done
+
+          if [ -z "$RUN_ID" ]; then
+            echo "::error::Could not find release-repo plugin workflow run"
+            exit 1
+          fi
+
+          echo "⏳ Waiting for release-repo run $RUN_ID to complete (includes manual deploy-to-live approval)..."
+          gh run watch "$RUN_ID" \
+            --repo docker/release-repo \
+            --exit-status
+          echo "✅ Release-repo plugin workflow completed successfully"
+
       - name: Post summary
         env:
           VERSION: ${{ needs.prepare.outputs.version }}
@@ -594,10 +628,35 @@
           The plugin release workflow has been triggered in [docker/release-repo](https://github.com/docker/release-repo/actions/workflows/plugin.yml).
           SUMMARY
 
+  # ---------------------------------------------------------------------------
+  # Verify Docker CE installation — run test-docker-ce-installation.sh
+  # to confirm the CLI version is available via get.docker.com
+  # ---------------------------------------------------------------------------
+  verify-docker-ce:
+    needs: [prepare, release-cli-docker-ce, build]
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        base_image:
+          - ubuntu:24.04
+          - debian:12
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+
+      - name: Verify Docker CE installation
+        env:
+          BASE_IMAGE: ${{ matrix.base_image }}
+        run: |
+          chmod +x scripts/test-docker-ce-installation.sh
+          ./scripts/test-docker-ce-installation.sh "${{ needs.prepare.outputs.release_tag }}"
+
   # ---------------------------------------------------------------------------
   # Create GitHub Release with AI-generated release notes
   # ---------------------------------------------------------------------------
   github-release:
     needs: [prepare, release-notes, build, release-cli-desktop]
     runs-on: ubuntu-latest
     permissions:

scripts/test-docker-ce-installation.sh

@@ -3,23 +3,26 @@
 set -eux -o pipefail
 
 main() {
-  # Find the remote that points to docker/model-runner.
-  local remote
-  remote=$(git remote -v | awk '/docker\/model-runner/ && /\(fetch\)/ {print $1; exit}')
-
-  if [ -n "$remote" ]; then
-    echo "Fetching tags from $remote (docker/model-runner)..."
-    git fetch "$remote" --tags >/dev/null 2>&1 || echo "Warning: Failed to fetch tags from $remote. Continuing with local tags." >&2
-  else
-    echo "Warning: No remote found for docker/model-runner, using local tags only" >&2
-  fi
-
-  local cli_version
-  cli_version=$(git tag -l --sort=-version:refname "cmd/cli/v*" | head -1 | sed 's|^cmd/cli/||')
+  local cli_version="${1:-}"
 
+  # If no version argument provided, try to detect from git tags
   if [ -z "$cli_version" ]; then
-    echo "Error: Could not determine CLI version from git tags" >&2
-    exit 1
+    local remote
+    remote=$(git remote -v | awk '/docker\/model-runner/ && /\(fetch\)/ {print $1; exit}')
+
+    if [ -n "$remote" ]; then
+      echo "Fetching tags from $remote (docker/model-runner)..."
+      git fetch "$remote" --tags >/dev/null 2>&1 || echo "Warning: Failed to fetch tags from $remote. Continuing with local tags." >&2
+    else
+      echo "Warning: No remote found for docker/model-runner, using local tags only" >&2
+    fi
+
+    cli_version=$(git tag -l --sort=-version:refname "v*" | head -1)
+
+    if [ -z "$cli_version" ]; then
+      echo "Error: Could not determine CLI version from git tags. Pass version as argument: $0 <version>" >&2
+      exit 1
+    fi
   fi
 
   echo "Testing Docker CE installation with expected CLI version: $cli_version"