Docs: clean up release-readiness tutorials and standards metadata#333
Conversation
|
@codex review |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Document signed config bundle formats and verification semantics as a governed stability surface with the tests that enforce it. Refs #203. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Add adopter tutorial troubleshooting for amd64-only images, warn Intel macOS readers about source builds, refresh registryctl tutorial links and image wording, make the OpenCRVS redirect base-path aware for current docs, and add as-of provenance wording. Closes #219. Closes #217. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Closes #220. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Closes #219. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Closes #217. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Closes #257. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Closes #221. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #203. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #220. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #217. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #221. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #203. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #257. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #220. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #203. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #257. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #220. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #217. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Refs #220. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
f5b723c to
b8d64f9
Compare
|
@codex review |
Refs #220. Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
|
Codex Review: Didn't find any major issues. More of your lovely PRs please. Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review |
|
Maintainer Tier-C security signoff: approved for merge. Reviewed the #203 config-bundle and break-glass stability row against registry-platform-config and registry-platform-ops enforcement and regression tests. The documented normal verification, accept_rollback, and accept_unsigned boundaries match implementation. Installer trust limitations and release verification scope are explicitly disclosed. All staff findings are addressed, required CI is green, and no unresolved security review thread remains. |
|
Codex Review: Didn't find any major issues. Breezy! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Summary
refs/tags/script URLs, Bash invocation, hostile-tag regression coverage, SHA256-only trust disclosure, Intel macOS behavior, and refreshed tutorial links.Issues
Closes #257
Closes #219
Closes #217
Closes #221
Closes #220
Refs #203
Refs #309
Security review required
registry-platform-configandregistry-platform-ops: normal signed verification,accept_rollback, andaccept_unsignedretain the documented hash, binding, closure, product-validation, and anti-rollback boundaries.vMAJOR.MINOR.PATCHtags and fetch the Bash installer through an explicitrefs/tags/raw URL.release/VERIFY.mdwas traced to the release workflow and the v0.8.4 asset layout: selected GitHub Release artifacts receive cosign siblings; the separately generated provenance is verified withslsa-verifier.Verification
cargo fmt --all -- --checkcargo clippy --locked --workspace --all-targets -- -D warningscargo test --locked -p registryctl(86 tests across lib, main, integrations, and doc tests)cargo test --locked -p registry-platform-config -p registry-platform-ops(113 tests)bash -n crates/registryctl/install.sh docs/site/scripts/check-registryctl-tutorials.sh docs/site/scripts/check-tutorial.shpython3 -m unittest discover -s release/scripts -p 'test_*.py'(47 tests)npm --prefix docs/site test(76 tests)npm --prefix docs/site run check:tutorial:dry-runnpm --prefix docs/site run check(current plus 8 archives; 151 LLM checks; 217 latest and 1,881 archived SEO pages; 349,619 internal links/assets)curl -fsSI https://raw.githubusercontent.com/registrystack/registry-stack/refs/tags/v0.8.4/crates/registryctl/install.sh(HTTP 200)git diff --checkExisting warning-only output remains from generated product-doc Vale suggestions, archived OpenAPI/link warnings, Astro deprecation hints, and code-highlighting fallbacks.
Remaining manual gates
registryctl-tutorialsCI job executes the registryctl tutorials from source.cosign verify-blobandslsa-verifiercommands were not rerun locally; the staff review traced the commands to workflow subjects and the published v0.8.4 asset shape.