Skip to content

chore(modules): recover signed module publication#343

Merged
djm81 merged 2 commits into
devfrom
codex/recover-module-publication
Jul 14, 2026
Merged

chore(modules): recover signed module publication#343
djm81 merged 2 commits into
devfrom
codex/recover-module-publication

Conversation

@djm81

@djm81 djm81 commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Summary

Prepare corrected releases for the requirements and code-review modules:

  • nold-ai/specfact-requirements: 0.2.30.2.4
  • nold-ai/specfact-code-review: 0.47.510.47.52

Root cause

The prior feature PR committed registry entries and tarballs before the canonical publish-modules workflow ran. The source manifests were later signed by CI, while the committed tarballs still embedded unsigned manifests. Because dev already recorded the same versions, a manual publish dispatch selected no corrective release.

Release path

This change intentionally leaves registry/** untouched and keeps local manifests checksum-only. After merge to dev, CI must generate the signed manifest and registry publication PRs for these new versions.

Validation

  • hatch run yaml-lint
  • hatch run verify-modules-signature --payload-from-filesystem --enforce-version-bump --allow-missing-public-key
  • pre-commit format, YAML, import-boundary, command-reference, documentation, and manifest-signature checks

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 25fe916d-e25a-4e0e-ba3c-55010fe78ea5

📥 Commits

Reviewing files that changed from the base of the PR and between c6b7893 and 9aa0325.

📒 Files selected for processing (2)
  • packages/specfact-code-review/module-package.yaml
  • packages/specfact-requirements/module-package.yaml

📝 Walkthrough

Manifest and integrity

  • Bumps specfact-code-review from 0.47.51 to 0.47.52.
  • Bumps specfact-requirements from 0.2.3 to 0.2.4.
  • Rotates each module’s checksum and signature in module-package.yaml.
  • Leaves registry/** unchanged and retains checksum-only local manifests.
  • CI will generate signed manifests and registry publication PRs after merging to dev.

Validation

  • YAML linting
  • Module signature verification
  • Pre-commit checks
  • Import-boundary and command-reference checks
  • Documentation checks
  • Manifest-signature checks

Walkthrough

Updated the code-review and requirements module versions and rotated their integrity checksum and signature values.

Changes

Module metadata updates

Layer / File(s) Summary
Version and integrity metadata refresh
packages/specfact-code-review/module-package.yaml, packages/specfact-requirements/module-package.yaml
The code-review module advances to 0.47.52 and the requirements module to 0.2.4; both packages receive replacement checksum and signature values.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Possibly related PRs

Suggested reviewers: github-actions[bot]

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/recover-module-publication

Comment @coderabbitai help to get the list of available commands.

@djm81 djm81 self-assigned this Jul 14, 2026
@djm81 djm81 added the bug Something isn't working label Jul 14, 2026
@djm81
djm81 marked this pull request as ready for review July 14, 2026 20:07
@strix-security

Copy link
Copy Markdown

Strix is installed on this repository, but we couldn't run this PR security review because this workspace's trial has ended. Add a card to resume code reviews here.

@djm81
djm81 merged commit 596c93a into dev Jul 14, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant