fix(release): parse release id robustly and validate upload endpoint

Use JSON parsing for release id extraction in publish action instead of
regex matching, preventing wrong id selection from nested fields.
Add a pre-upload release endpoint check to fail early with explicit
release URL diagnostics when the resolved id/path is invalid.

publish/action.yml

@@ -44,6 +44,28 @@ runs:
       run: |
         set -euo pipefail
 
+        parse_release_id() {
+          local json_file="$1"
+
+          if command -v python3 >/dev/null 2>&1; then
+            python3 - "$json_file" <<'PY'
+import json
+import sys
+
+with open(sys.argv[1], 'r', encoding='utf-8') as fh:
+    payload = json.load(fh)
+
+value = payload.get('id')
+if isinstance(value, int):
+    print(value)
+PY
+            return
+          fi
+
+          # Fallback for environments without python3.
+          sed -n 's/.*"id"[[:space:]]*:[[:space:]]*\([0-9][0-9]*\).*/\1/p' "$json_file" | head -n 1
+        }
+
         provided="$(printf '%s' "${INPUT_VERSION:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
         if [[ -n "$provided" ]]; then
           normalized="${provided#v}"
@@ -121,7 +143,7 @@ runs:
           "${release_by_tag_api}")"
 
         if [[ "$status_code" == "200" ]]; then
-          existing_release_id="$(sed -n 's/.*"id"[[:space:]]*:[[:space:]]*\([0-9][0-9]*\).*/\1/p' release-existing.json | head -n 1)"
+          existing_release_id="$(parse_release_id release-existing.json)"
           if [[ -z "$existing_release_id" ]]; then
             echo "Failed to parse existing release id for ${TAG_NAME}" >&2
             cat release-existing.json >&2
@@ -156,7 +178,7 @@ runs:
             exit 1
           fi
 
-          release_id="$(sed -n 's/.*"id"[[:space:]]*:[[:space:]]*\([0-9][0-9]*\).*/\1/p' release.json | head -n 1)"
+          release_id="$(parse_release_id release.json)"
           if [[ -z "$release_id" ]]; then
             echo "Failed to parse release id from API response" >&2
             cat release.json >&2