Skip to content

🔧 Fix GPG fingerprint verification in verify_signatures job#115

Merged
behrangsa merged 3 commits intomasterfrom
fix/verify-signatures-fingerprint
Aug 14, 2025
Merged

🔧 Fix GPG fingerprint verification in verify_signatures job#115
behrangsa merged 3 commits intomasterfrom
fix/verify-signatures-fingerprint

Conversation

@behrangsa
Copy link
Contributor

@behrangsa behrangsa commented Aug 14, 2025

Summary

Fixes the second instance of GPG fingerprint verification failure in the verify_signatures job by applying the same whitespace normalization fix.

Problem

The verify_signatures job was failing with the same whitespace issue:

  • GPG outputs fingerprints with variable spacing (double spaces in some positions)
  • The workflow was doing exact string matching which failed due to spacing differences
  • Error: ❌ Public key fingerprint verification failed

Solution

Applied the same robust fingerprint verification pattern with spacing normalization.

Type of Change

☑ Bug fix (non-breaking change which fixes an issue)

@behrangsa
fix(ci): normalize spacing in verify_signatures job fingerprint check
3c4cfb8 
- Apply same whitespace normalization fix to verify_signatures job
- Use tr -s and xargs to handle GPG's variable spacing output
- Add debug output to show expected vs actual fingerprints
- Resolves GPG fingerprint verification failure in signature verification step
Copilot AI review requested due to automatic review settings August 14, 2025 04:40

This comment was marked as outdated.

Sign in to view

@github-actions
Copy link
Contributor

github-actions bot commented Aug 14, 2025

🔒 Security Audit Report

Error parsing audit report

Could not parse security audit results. Check the logs for details.

Security audit performed by cargo-audit

@codecov
Copy link

codecov bot commented Aug 14, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@behrangsa
fix(ci): improve regex pattern to match complete GPG fingerprint
e14ea78 
- Change from '^\s+[0-9A-F]{4} [0-9A-F]{4}' to '^\s+([0-9A-F]{4}\s*){10}'
- Previous pattern only matched first 8 characters (2 groups) of fingerprint
- New pattern matches all 40 characters (10 groups of 4) of full fingerprint
- Prevents potential false positives from partial fingerprint matches
- Addresses Copilot code review feedback about incomplete fingerprint matching
@behrangsa behrangsa requested a review from Copilot August 14, 2025 13:05
@github-actions
Copy link
Contributor

github-actions bot commented Aug 14, 2025

🔒 Security Audit Report

Error parsing audit report

Could not parse security audit results. Check the logs for details.

Security audit performed by cargo-audit

Copilot AI reviewed Aug 14, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Fixes GPG fingerprint verification failures in the verify_signatures job by applying consistent whitespace normalization to address spacing inconsistencies in GPG output.

  • Updates GPG fingerprint extraction pattern to handle variable spacing in GPG output
  • Replaces direct grep matching with normalized string comparison using extracted variables
  • Adds debug output to show expected vs actual fingerprints for troubleshooting

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@behrangsa
chore: bump version to 0.1.15
3b5893c 
- Update version in Cargo.toml and Cargo.lock
- Prepare for next release with improved GPG fingerprint verification
@github-actions
Copy link
Contributor

github-actions bot commented Aug 14, 2025

🔒 Security Audit Report

Error parsing audit report

Could not parse security audit results. Check the logs for details.

Security audit performed by cargo-audit

@github-actions
Copy link
Contributor

github-actions bot commented Aug 14, 2025

📊 Performance Test Report

Test Environment: Ubuntu Latest (GitHub Actions)
Commit: 3c464c7
Branch: 115/merge
Triggered by: pull_request

📏 Binary Size Analysis (AC8.2)

Binary Size Status
samoyed 946848 bytes
samoyed-hook 361120 bytes
Total 1307968 bytes < 10MB

🧠 Memory Usage Analysis (AC8.3)

Component Memory Usage Status
samoyed init 4276 KB
samoyed-hook 1932 KB
Limit 50 MB All under limit

⚡ Performance Benchmarks

Metric Value Target Status
Hook Execution Overhead null ms < 50ms
Startup Time TBD < 100ms
File Operations TBD Efficient

📈 Performance Summary

  • AC8.1: Hook execution overhead < 50ms
  • AC8.2: Binary size < 10MB
  • AC8.3: Memory usage < 50MB
  • AC8.4: Startup time < 100ms
  • AC8.5: Efficient file system operations

Full benchmark results available in workflow artifacts.

@behrangsa behrangsa merged commit 4e36cb9 into master Aug 14, 2025
13 checks passed
@behrangsa behrangsa deleted the fix/verify-signatures-fingerprint branch August 14, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@behrangsa