feat: pre-submit to catch major version bump

[laurentsimon]

When we bump the major version, we need to update the go.mod and all the imports in the file.

See #299 and #378 for context.

We may want to add pre-release checks to ensure we've done this

[asraa]

How do you think we can programmatically do this? It relies on the tag being created, so maybe it can only effectively happen on the RC's?

We would at some point need to hard-code the go install command.

So the release workflow would do something ike

1. Tag an RC
2. Try go install at RC (block here if the module paths weren't updated)
3. Run build

[laurentsimon]

I was thinking doing what you describe manually, and automated only the part to scan the files to verify that the tag in the code are the same as the version we want to cut. It would be a workflow_dispatch trigger that takes as input a version.

But if we do what you describe manually, maybe it'd be good enough.

[laurentsimon]

I've thought about it a little more. I think we should have these pre-release checks. Otherwise, we may release a version that internally calls an older version; and even if the installation works, running it may lead to strange results.

Wdut?

[asraa]

I think we have the same thing in mind.

Once we finish creating the RC, we can also create a workflow_dispatch that runs the following 3 checks:

1. Downloads the RC provenance and verifies
2. Runs go install
3. Maybe? Kicks of example-package tests