ci: add release package sanity check

[morgenyu]

Adds a release package sanity check to CI for built distributions.

This new job:

• builds the package with poetry build
• creates a fresh virtual environment
• installs the built wheel
• verifies that pytest is not included as a runtime dependency
• imports installed non-test qdrant_client modules to catch packaging/runtime import issues

The smoke check removes repository paths from sys.path before importing so it validates the installed wheel rather than the local source tree.

Closes #958

[netlify]

✅ Deploy Preview for poetic-froyo-8baba7 ready!

Name	Link
🔨 Latest commit	dbfbe8a
🔍 Latest deploy log	https://app.netlify.com/projects/poetic-froyo-8baba7/deploys/69cf2606269a4100084114d4
😎 Deploy Preview	https://deploy-preview-1186--poetic-froyo-8baba7.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a CI job release-package-sanity that builds the Python package with Poetry, installs the produced wheel(s) into a fresh virtualenv, and runs tools/check_release_package.py against the installed distribution. Introduces tools/check_release_package.py, which removes local source directories from sys.path, locates the installed qdrant-client distribution, checks declared runtime requirements for disallowed entries (e.g., pytest), and attempts to import all non-test qdrant_client submodules, failing on any import errors. Also updates the existing test job to use actions/checkout@v4 and actions/setup-python@v4.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci: add release package sanity check' clearly and accurately summarizes the main change: adding a CI job for release package validation.
Description check	✅ Passed	The description is relevant and provides specific details about the release package sanity check, including its functionality and the issue it addresses.
Linked Issues check	✅ Passed	The pull request fully implements the requirements from issue #958: adding a CI-level check that replicates fresh-install verification, detects pytest leakage into runtime dependencies, and catches import/packaging errors before release.
Out of Scope Changes check	✅ Passed	All changes are within scope of issue #958: the new CI job performs release package validation, the sanity check script validates wheel integrity and dependencies, and workflow updates modernize existing action versions.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/integration-tests.yml:
- Around line 18-22: The workflow uses deprecated action pins; replace uses:
actions/checkout@v2 and uses: actions/setup-python@v2 with their current major
versions (e.g., actions/checkout@v4 and actions/setup-python@v4 or the latest
stable major) throughout the file, including the main job and the test job, so
that the checkout and Python setup steps (actions/checkout and
actions/setup-python) reference supported releases; ensure the with:
python-version value remains '3.10.x' and run the workflow to verify
compatibility.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 44aa9245-53dc-4f75-8934-eb356d770883

📥 Commits

Reviewing files that changed from the base of the PR and between cd5eb25 and bde4bf0.

📒 Files selected for processing (2)

• .github/workflows/integration-tests.yml
• tools/check_release_package.py

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/integration-tests.yml (1)

20-20: ⚠️ Potential issue | 🟠 Major

Bump actions/setup-python to a currently supported major.

Line 20 and Line 57 pin actions/setup-python@v4; actionlint flags this as too old for current runners. Please upgrade both usages consistently.

🔧 Proposed fix

-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
...
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5

According to official GitHub documentation/Marketplace, what is the currently supported major version for actions/setup-python, and is v4 deprecated or unsupported on GitHub-hosted runners?

Also applies to: 57-57

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/integration-tests.yml at line 20, Replace both occurrences
of "uses: actions/setup-python@v4" with the currently supported major release
(e.g., update to actions/setup-python@v5) so both usages at lines referencing
"uses: actions/setup-python@v4" are consistent; ensure you update both locations
(the two "uses: actions/setup-python@v4" entries) in the workflow and run the
workflow linter to verify the new major is accepted by GitHub-hosted runners.

🧹 Nitpick comments (1)

tools/check_release_package.py (1)

90-97: Use the wheel argument to verify artifact identity, not just existence.

Line 90 currently checks only that the file exists. The script can still validate a different installed qdrant-client than the provided wheel if install steps drift. Consider asserting installed distribution version/name matches the wheel argument before running checks.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tools/check_release_package.py` around lines 90 - 97, The script currently
only tests that the provided wheel_path exists (wheel_path) but does not verify
the installed package identity; before calling remove_repo_from_sys_path(),
check_runtime_dependencies(), and import_non_test_modules() add logic to parse
the wheel filename (wheel_path.name) to extract expected package name and
version and then use importlib.metadata (e.g., importlib.metadata.distribution
or metadata.version) to get the installed distribution name/version for the
package (e.g., "qdrant-client") and assert that the installed name/version
matches the expected values from the wheel; if they differ, raise SystemExit
with a clear error so the script fails fast when the wrong artifact is
installed.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/integration-tests.yml:
- Line 20: Replace both occurrences of "uses: actions/setup-python@v4" with the
currently supported major release (e.g., update to actions/setup-python@v5) so
both usages at lines referencing "uses: actions/setup-python@v4" are consistent;
ensure you update both locations (the two "uses: actions/setup-python@v4"
entries) in the workflow and run the workflow linter to verify the new major is
accepted by GitHub-hosted runners.

---

Nitpick comments:
In `@tools/check_release_package.py`:
- Around line 90-97: The script currently only tests that the provided
wheel_path exists (wheel_path) but does not verify the installed package
identity; before calling remove_repo_from_sys_path(),
check_runtime_dependencies(), and import_non_test_modules() add logic to parse
the wheel filename (wheel_path.name) to extract expected package name and
version and then use importlib.metadata (e.g., importlib.metadata.distribution
or metadata.version) to get the installed distribution name/version for the
package (e.g., "qdrant-client") and assert that the installed name/version
matches the expected values from the wheel; if they differ, raise SystemExit
with a clear error so the script fails fast when the wrong artifact is
installed.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b96ac797-8df3-47cb-8b77-4e73fe023337

📥 Commits

Reviewing files that changed from the base of the PR and between bde4bf0 and dbfbe8a.

📒 Files selected for processing (2)

• .github/workflows/integration-tests.yml
• tools/check_release_package.py