Skip to content

deploy: always sign with PRIVATE_KEY (never PRIVATE_KEY_DEV)#473

Merged
thedavidmeister merged 4 commits into
mainfrom
2026-06-05-private-key
Jun 5, 2026
Merged

deploy: always sign with PRIVATE_KEY (never PRIVATE_KEY_DEV)#473
thedavidmeister merged 4 commits into
mainfrom
2026-06-05-private-key

Conversation

@thedavidmeister
Copy link
Copy Markdown
Contributor

@thedavidmeister thedavidmeister commented Jun 5, 2026

Per project policy, deploy workflows always sign with secrets.PRIVATE_KEY. Replaces the github.ref == 'refs/heads/main' && secrets.PRIVATE_KEY || secrets.PRIVATE_KEY_DEV fallback in: manual-sol-artifacts.yaml rainix.yaml

Fresh PR off current main (supersedes the stale #472, which was based on a pre-FlowTest-refactor main and no longer compiled). Last repo referencing the org PRIVATE_KEY_DEV secret, so this clears it for deletion.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 5, 2026
edited
Loading

Warning

Review limit reached

@thedavidmeister, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 50 minutes and 35 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5db6122f-2e51-404e-a3e0-a430b0723b89

📥 Commits

Reviewing files that changed from the base of the PR and between 952acc9 and 9d47b64.

📒 Files selected for processing (3)
  • .github/workflows/manual-sol-artifacts.yaml
  • .github/workflows/rainix.yaml
  • test/src/concrete/Flow.time.t.sol
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 2026-06-05-private-key

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@thedavidmeister thedavidmeister mentioned this pull request Jun 5, 2026
Closed
@thedavidmeister
ci: modernize nix setup (drop dead magic-nix-cache, add cachix + cach…
e97b760 
…e-nix-action)

The DeterminateSystems magic-nix-cache service was sunset; its daemon now 418s
and fails every build. Swap for nix-quick-install + cachix (rainlanguage) +
cache-nix-action. CI-only; keeps submodules + the bespoke matrix.
@thedavidmeister
test: fix Flow.time.t.sol generateFlowStack calls (missed in the Flow…
e424c53 
…UtilsAbstractTest refactor)

Lines 40 + 59 still used the removed bare generateFlowStack(transfer) wrapper;
align with every other flow test (and this file's own line 20) by calling the
library form LibStackGeneration.generateFlowStack(Sentinel.unwrap(RAIN_FLOW_SENTINEL), transfer).
main hasn't compiled since the refactor — it was masked by the dead magic-nix-cache.
@thedavidmeister
test: forge fmt Flow.time.t.sol
9d47b64
@thedavidmeister
Copy link
Copy Markdown
Contributor Author

thedavidmeister commented Jun 5, 2026

Reviewed 9d47b64: APPROVE — PRIVATE_KEY (drops PRIVATE_KEY_DEV, the last org reference); modernize nix setup (dead magic-nix-cache -> nix-quick-install + cachix + cache-nix-action, fixes HTTP 418); fix Flow.time.t.sol generateFlowStack calls (lines 40+59 missed in the FlowUtilsAbstractTest refactor — main hadn't compiled since, masked by the dead cache); forge fmt. All standard-tests green.

@thedavidmeister thedavidmeister merged commit 0af4624 into main Jun 5, 2026
4 checks passed
@thedavidmeister thedavidmeister mentioned this pull request Jun 6, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thedavidmeister