fix(fwdcloudsec/granted): set type to GitHub release#51713
Merged
suzuki-shunsuke merged 5 commits intoApr 15, 2026
Conversation
📝 WalkthroughWalkthroughRefactored fwdcloudsec/granted package resolution to per-version rules: bumped pkg entry to v0.39.0, added a pinned v0.35.0 entry, and replaced a single HTTP source with version_overrides that select between Changes
Sequence Diagram(s)sequenceDiagram
participant Resolver as Package Resolver
participant Registry as Package Registry (version_overrides)
participant HTTP as HTTP Host
participant GH as GitHub Releases
participant Installer as Installer / Platform Handler
Resolver->>Registry: request package + version
Registry-->>Resolver: select matching version_override
alt semver("< 0.35.0") -> http
Resolver->>HTTP: download asset URL (tar.gz)
else semver("= 0.39.0") or default -> github_release
Resolver->>GH: fetch release asset and checksums
end
Resolver->>Installer: provide artifact + chosen overrides
Installer->>Installer: apply Windows/Darwin overrides, extract/install
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (2)
registry.yaml (1)
37787-37802: Make the catch-all branch mirror the latest known release layout.The
"true"override currently restores the darwin file/link handling from the older branch, so any future version will default back to macOS binaries unless another override is added. Thev0.39.0release notes say prebuilt macOS binaries are not currently available, and aqua’sversion_overridesstyle guide recommends making the last override represent the latest known layout. I’d either make the catch-all branch match thev0.39.0linux/windows-only config or cap the darwin-enabled branch at< 0.39.0until macOS assets return. (github.com)♻️ Possible reshape
- - version_constraint: "true" + - version_constraint: semver(">= 0.35.0, < 0.39.0") type: github_release - repo_owner: fwdcloudsec - repo_name: granted asset: granted_{{trimV .Version}}_{{.OS}}_{{.Arch}}.{{.Format}} format: tar.gz overrides: - goos: windows format: zip - goos: darwin files: - name: granted - name: assume - name: assumego src: granted link: assumego + - version_constraint: "true" + type: github_release + asset: granted_{{trimV .Version}}_{{.OS}}_{{.Arch}}.{{.Format}} + format: tar.gz + supported_envs: + - linux + - windows + overrides: + - goos: windows + format: zip🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@registry.yaml` around lines 37787 - 37802, The catch-all github_release block (version_constraint: "true") currently restores the darwin file/link handling; update it so the default mirrors the latest known release layout (linux/windows-only) or else constrain the darwin-enabled override to versions < 0.39.0: either remove the darwin files/link entries from the catch-all and keep only the linux (tar.gz) and windows (zip) overrides, or change the darwin override to include version_constraint: "< 0.39.0" while leaving the catch-all as the linux/windows-only layout; adjust the asset/format/overrides entries for repo_owner: fwdcloudsec and repo_name: granted accordingly.pkgs/fwdcloudsec/granted/registry.yaml (1)
42-57: Consider removing redundantrepo_ownerandrepo_name.These fields (lines 44-45) duplicate the top-level values from lines 4-5. Version overrides inherit from the parent configuration, so they can be omitted.
♻️ Suggested cleanup
- version_constraint: "true" type: github_release - repo_owner: fwdcloudsec - repo_name: granted asset: granted_{{trimV .Version}}_{{.OS}}_{{.Arch}}.{{.Format}} format: tar.gz overrides:As per coding guidelines: "Omit settings equivalent to default values (name, link, files entries when derivable from repo_owner and repo_name)".
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkgs/fwdcloudsec/granted/registry.yaml` around lines 42 - 57, The registry.yaml override block currently repeats top-level repo_owner and repo_name values—remove the redundant repo_owner and repo_name keys inside the github_release entry (the override that contains asset: granted_{{trimV .Version}}_{{.OS}}_{{.Arch}}.{{.Format}} and overrides: - goos: windows ... - goos: darwin ...) so the override inherits the parent repo_owner/repo_name; ensure the overrides retain only keys that differ (format, files, src/link entries) and validate YAML after removing those two fields.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@pkgs/fwdcloudsec/granted/registry.yaml`:
- Around line 42-57: The registry.yaml override block currently repeats
top-level repo_owner and repo_name values—remove the redundant repo_owner and
repo_name keys inside the github_release entry (the override that contains
asset: granted_{{trimV .Version}}_{{.OS}}_{{.Arch}}.{{.Format}} and overrides: -
goos: windows ... - goos: darwin ...) so the override inherits the parent
repo_owner/repo_name; ensure the overrides retain only keys that differ (format,
files, src/link entries) and validate YAML after removing those two fields.
In `@registry.yaml`:
- Around line 37787-37802: The catch-all github_release block
(version_constraint: "true") currently restores the darwin file/link handling;
update it so the default mirrors the latest known release layout
(linux/windows-only) or else constrain the darwin-enabled override to versions <
0.39.0: either remove the darwin files/link entries from the catch-all and keep
only the linux (tar.gz) and windows (zip) overrides, or change the darwin
override to include version_constraint: "< 0.39.0" while leaving the catch-all
as the linux/windows-only layout; adjust the asset/format/overrides entries for
repo_owner: fwdcloudsec and repo_name: granted accordingly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 4853cbe7-ce75-4da5-8dec-08dd955c6aa2
📒 Files selected for processing (3)
pkgs/fwdcloudsec/granted/pkg.yamlpkgs/fwdcloudsec/granted/registry.yamlregistry.yaml
There was a problem hiding this comment.
🧹 Nitpick comments (1)
registry.yaml (1)
37793-37794: Consider removing redundantrepo_ownerandrepo_name.These fields are already defined in the base entry (lines 37749-37750) and should be inherited by the version_override.
♻️ Proposed diff
- version_constraint: "true" type: github_release - repo_owner: fwdcloudsec - repo_name: granted asset: granted_{{trimV .Version}}_{{.OS}}_{{.Arch}}.{{.Format}}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@registry.yaml` around lines 37793 - 37794, Remove the redundant repo_owner and repo_name entries from the version_override block so it inherits those values from the base entry; locate the recurring keys named repo_owner and repo_name in the version_override section (they currently duplicate the base entry values) and delete them, leaving only the override-specific fields so the base definitions are used.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@registry.yaml`:
- Around line 37793-37794: Remove the redundant repo_owner and repo_name entries
from the version_override block so it inherits those values from the base entry;
locate the recurring keys named repo_owner and repo_name in the version_override
section (they currently duplicate the base entry values) and delete them,
leaving only the override-specific fields so the base definitions are used.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 8a8ff297-b44a-4a42-8d5c-bd7446d3f5ed
📒 Files selected for processing (2)
pkgs/fwdcloudsec/granted/registry.yamlregistry.yaml
✅ Files skipped from review due to trivial changes (1)
- pkgs/fwdcloudsec/granted/registry.yaml
Contributor
Author
|
Hey @garysassano, saw your Pull Request only after I started working on this, hope you don't mind. I took a bit of a different approach, where I'm switching to GitHub Release from version 0.35.0 onward. Feel free to leave any feedback! |
Member
|
Thank you! |
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Apr 16, 2026
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua-registry](https://github.com/aquaproj/aqua-registry) | minor | `v4.493.0` → `v4.494.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary> ### [`v4.494.1`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.494.1) [Compare Source](aquaproj/aqua-registry@v4.494.0...v4.494.1) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.494.1) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.494.1) | <aquaproj/aqua-registry@v4.494.0...v4.494.1> #### Fixes [#​51713](aquaproj/aqua-registry#51713) [#​51207](aquaproj/aqua-registry#51207) Fix fwdcloudsec/granted [@​garysassano](https://github.com/garysassano) [@​tmeijn](https://github.com/tmeijn) [#​51661](aquaproj/aqua-registry#51661) Rescaffold watchexec/watchexec [@​sanemat](https://github.com/sanemat) ### [`v4.494.0`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.494.0) [Compare Source](aquaproj/aqua-registry@v4.493.0...v4.494.0) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.494.0) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.494.0) | <aquaproj/aqua-registry@v4.493.0...v4.494.0> #### 🎉 New Packages [#​52040](aquaproj/aqua-registry#52040) [max-sixty/worktrunk](https://github.com/max-sixty/worktrunk) - Worktrunk is a CLI for Git worktree management, designed for parallel AI agent workflows [@​edouardr](https://github.com/edouardr) [#​52035](aquaproj/aqua-registry#52035) [santosr2/TerraTidy](https://github.com/santosr2/TerraTidy): A comprehensive quality platform for Terraform and Terragrunt [#​51616](aquaproj/aqua-registry#51616) [rose-pine/rose-pine-bloom](https://github.com/rose-pine/rose-pine-bloom) - Generate Rosé Pine themes [@​yudai-nkt](https://github.com/yudai-nkt) #### Security [#​52022](aquaproj/aqua-registry#52022) rvben/rumdl: GitHub artifact attestations config [@​scop](https://github.com/scop) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiLCJhdXRvbWF0aW9uOmJvdC1hdXRob3JlZCIsImRlcGVuZGVuY3ktdHlwZTo6bWlub3IiXX0=-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Check List
argd scommand when adding new packagesThis PR sets the type to
github_releaseand adds checksum verification from version 0.35.0 onward. Since 0.35.0 prebuilt binaries are also distributed through GitHub releases which I think is the preferred platform.There is an issue with version 0.39.0 specifically that did not publish prebuilt Darwin binaries, not even on
releases.granted.dev. See fwdcloudsec/granted#936 for some more information.References:
Summary by CodeRabbit