feat(spinel-coop/rv): GitHub artifact attestations config

[scop]

https://github.com/spinel-coop/rv/attestations

Registry is at 0.5.2 currently while attestations are available from 0.5.3 on, so no test coverage yet.

Check List

• Read CONTRIBUTING.md
  • Read OSS Contribution Guide
• All commits are signed
  • This repository enables Require signed commits, so all commits must be signed
• Avoid force push
• Install and execute the package and confirm if the package works well
• Execute cmdx s to scaffold code

Summary by CodeRabbit

• New Features

  • Added explicit support for v0.5.2 and earlier, including Linux and macOS tar.xz releases.
  • Registered an additional package entry for v0.5.2.

• Security

  • Enabled cryptographic verification for release artifacts via release attestations.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 165c3463-eca7-4fda-bb1c-3ba6ba396e29

📥 Commits

Reviewing files that changed from the base of the PR and between 15bc0ae and 369ba19.

📒 Files selected for processing (1)

• pkgs/spinel-coop/rv/pkg.yaml

---

📝 Walkthrough

Walkthrough

Adds new version-specific package entries and manifest fields: a version_override for semver("<= 0.5.2") with asset naming, replacements, tar.xz format, github_release sha256 checksum, supported_envs (linux, darwin), and a github_artifact_attestations signer_workflow; also adds a new package entry for v0.5.2.

Changes

Cohort / File(s)	Summary
Package registry override pkgs/spinel-coop/rv/registry.yaml	Adds version_override for semver("<= 0.5.2") with asset pattern rv-{{.Arch}}-{{.OS}}.{{.Format}}, format: tar.xz, replacement mappings (amd64→x86_64, arm64→aarch64, darwin→apple-darwin, linux→unknown-linux-gnu), github_release checksum ({{.Asset}}.sha256, sha256), and supported_envs: [linux, darwin]; adds github_artifact_attestations with signer_workflow.
Top-level registry registry.yaml	Introduces corresponding package manifest entries reflecting the new version-specific asset selection and attestations; no deletions or edits to existing entries.
Packages list pkgs/spinel-coop/rv/pkg.yaml	Adds a package entry for spinel-coop/rv version v0.5.2 alongside existing versions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

enhancement

Poem

🐰 A tiny release hops into view,
Assets named right for mac and for GNU.
Checksums tucked in a tidy array,
Attestations wink, signing the day. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding GitHub artifact attestations configuration for the spinel-coop/rv package.
Description check	✅ Passed	The pull request description includes the required checklist template and provides context about the attestations configuration, though some checklist items remain unchecked.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pkgs/spinel-coop/rv/registry.yaml (1)

38-40: Drop the quotes around {{.Asset}}.sha256.

This value does not need YAML quoting, and the repo style for registry.yaml asks to omit unnecessary quotes.

Suggested cleanup

         checksum:
           type: github_release
-          asset: "{{.Asset}}.sha256"
+          asset: {{.Asset}}.sha256
           algorithm: sha256

As per coding guidelines, "Remove unnecessary quotes from string values in registry.yaml".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkgs/spinel-coop/rv/registry.yaml` around lines 38 - 40, The checksum.asset
value currently uses unnecessary YAML quotes: change the asset field in the
checksum block (where type: github_release and asset: "{{.Asset}}.sha256") to
remove the quotes so it reads asset: {{.Asset}}.sha256, preserving the template
exactly but following the registry.yaml style guideline.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pkgs/spinel-coop/rv/registry.yaml`:
- Around line 38-40: The checksum.asset value currently uses unnecessary YAML
quotes: change the asset field in the checksum block (where type: github_release
and asset: "{{.Asset}}.sha256") to remove the quotes so it reads asset:
{{.Asset}}.sha256, preserving the template exactly but following the
registry.yaml style guideline.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5465a201-fb63-4d3e-aa0d-e219d4968d65

📥 Commits

Reviewing files that changed from the base of the PR and between 8d93d8c and 15bc0ae.

📒 Files selected for processing (2)

• pkgs/spinel-coop/rv/registry.yaml
• registry.yaml

[suzuki-shunsuke]

Thank you always!