Publish plugin package hashes in registry#275
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThe plugin publishing workflow now computes a SHA-256 hash for each ZIP, records it in ChangesPlugin hash registry
Estimated code review effort: 2 (Simple) | ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@coderabbitai review |
✅ Action performedReview finished.
|
Summary
plugins.jsonregistry entriesRoot cause
Microsoft Store builds require each downloadable plugin package to have a trusted SHA-256 digest. The Store package added that verification, but the plugin publishing workflow never populated the
sha256registry field, so Store installs always failed after downloading the package. Plugin URLs also redirected from the reachable registry origin torelease-assets.githubusercontent.com, adding a second network boundary during certification.Validation
dotnet test tests/TypeWhisper.PluginSystem.Tests/TypeWhisper.PluginSystem.Tests.csproj --no-restore --filter FullyQualifiedName~PluginPackagingWorkflowTestsSummary by CodeRabbit
New Features
Tests