fix: harden downstream release validate and rollback context

[c-vigo]

Description

Addresses smoke-test dispatch failure in downstream release orchestration (#421): trigger-release failed while validating the image from inside the devcontainer job. The validate job no longer runs docker manifest inspect in the container (redundant with runner-side resolve-image and the running image). Rollback gh issue create now receives GH_REPO when the job skips checkout so gh has an explicit repository context.

Type of Change

• feat -- New feature
• fix -- Bug fix
• docs -- Documentation only
• chore -- Maintenance task (deps, config, etc.)
• refactor -- Code restructuring (no behavior change)
• test -- Adding or updating tests
• ci -- CI/CD pipeline changes
• build -- Build system or dependency changes
• revert -- Reverts a previous commit
• style -- Code style (formatting, whitespace)

Modifiers

• Breaking change (!) -- This change breaks backward compatibility

Changes Made

• CHANGELOG.md — document fix under ## [0.3.1] - TBD / ### Fixed
• assets/workspace/.devcontainer/CHANGELOG.md — mirror changelog entry
• assets/workspace/.github/workflows/release-core.yml — remove container docker manifest inspect step from validate job
• assets/workspace/.github/workflows/release.yml — set GH_REPO: ${{ github.repository }} for rollback gh issue create env

Changelog Entry

Target branch is release/0.3.1; there is no ## Unreleased section. Entry was added under ## [0.3.1] - TBD → ### Fixed:

- **Smoke-test dispatch release validate no longer runs docker inside devcontainer** ([#421](https://github.com/vig-os/devcontainer/issues/421))
  - Remove redundant `docker manifest inspect` step from `release-core.yml` validate job (container image is already proof of accessibility; `resolve-image` validates on the runner)
  - Set `GH_REPO` for rollback `gh issue create` in workspace `release.yml` when git checkout is skipped

Testing

• Tests pass locally (just test)
• Manual testing performed (describe below)

Manual Testing Details

uv run pre-commit run --all-files passed on the branch before commit.

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have updated the documentation accordingly (edit docs/templates/, then run just docs)
• I have updated CHANGELOG.md in the [Unreleased] section (and pasted the entry above)
• My changes generate no new warnings or errors
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Additional Notes

N/A

Refs: #421

[Copilot]

Pull request overview

Hardens the downstream (workspace template) release orchestration to avoid failures when validating/publishing from within containerized jobs, and ensures rollback reporting works even when git checkout is skipped.

Changes:

• Remove container-side image manifest validation (docker manifest inspect) from the release-core.yml validate job.
• Provide explicit GH_REPO context for rollback gh issue create in release.yml when checkout is not present.
• Document the fix in both the root and workspace template changelogs.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
CHANGELOG.md	Adds a 0.3.1 “Fixed” entry describing the downstream validate/rollback hardening.
assets/workspace/.devcontainer/CHANGELOG.md	Mirrors the same changelog entry in the workspace template payload.
assets/workspace/.github/workflows/release-core.yml	Removes redundant/failing container-side docker manifest inspect validation step.
assets/workspace/.github/workflows/release.yml	Sets GH_REPO for the rollback “Create failure issue” step to keep gh working without checkout.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.