chore(modules): recover signed module publication#343
Merged
Conversation
Contributor
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughManifest and integrity
Validation
WalkthroughUpdated the code-review and requirements module versions and rotated their integrity checksum and signature values. ChangesModule metadata updates
Estimated code review effort: 1 (Trivial) | ~2 minutes Possibly related PRs
Suggested reviewers: ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Strix is installed on this repository, but we couldn't run this PR security review because this workspace's trial has ended. Add a card to resume code reviews here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Prepare corrected releases for the requirements and code-review modules:
nold-ai/specfact-requirements:0.2.3→0.2.4nold-ai/specfact-code-review:0.47.51→0.47.52Root cause
The prior feature PR committed registry entries and tarballs before the canonical
publish-modulesworkflow ran. The source manifests were later signed by CI, while the committed tarballs still embedded unsigned manifests. Becausedevalready recorded the same versions, a manual publish dispatch selected no corrective release.Release path
This change intentionally leaves
registry/**untouched and keeps local manifests checksum-only. After merge todev, CI must generate the signed manifest and registry publication PRs for these new versions.Validation
hatch run yaml-linthatch run verify-modules-signature --payload-from-filesystem --enforce-version-bump --allow-missing-public-key