fix(registry): signer-workflow string format

[scop]

...of GitHub artifact attestations config.

gh uses it as such, after prefixing with https://github.com/

Check List

• Read CONTRIBUTING.md
  • Read OSS Contribution Guide
• Write a GitHub Issue before creating a Pull Request
  • Link to the issue:
• All commits are signed
  • This repository enables Require signed commits, so all commits must be signed
• Avoid force push
• Do only one thing in one Pull Request

Summary by CodeRabbit

• Chores
  • Updated schema validation for GitHub artifact attestation signer workflow fields to enforce format requirements.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 356dfb8f-05e8-4ba4-a5db-5083d3eebed5

📥 Commits

Reviewing files that changed from the base of the PR and between ba05aab and 189fc60.

📒 Files selected for processing (2)

• json-schema/registry.json
• pkg/config/registry/github_cli.go

---

📝 Walkthrough

Walkthrough

This pull request adds regex format validation to the signer workflow properties in both the JSON schema definition and Go struct tags for the GitHubArtifactAttestations configuration. The changes declare that signer_workflow and signer-workflow fields expect regex patterns as values.

Changes

Cohort / File(s)	Summary
Schema Format Constraints json-schema/registry.json	Added format: "regex" constraint to signer_workflow and signer-workflow string properties in the GitHubArtifactAttestations definition.
Go Struct Tag Annotations pkg/config/registry/github_cli.go	Updated SignerWorkflow2 and SignerWorkflow3 struct field tags with jsonschema:"format=regex" annotation for schema validation consistency.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• suzuki-shunsuke

Poem

🐰 The workflow fields now glow so bright,
With regex patterns held just right,
No more plain strings, they're validated now,
Schema and struct, taking a bow! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description is largely incomplete. While it provides context about how GitHub CLI uses the value, it's vague about the actual change and missing critical details about what the fix entails.	Clarify what the signer-workflow string format fix actually does (adding regex format constraint), explain why this change is needed, and provide context for the fix beyond just noting gh's usage pattern.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding regex format validation to the signer-workflow string property in the GitHub artifact attestations registry schema.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can generate a title for your PR based on the changes.

Add @coderabbitai placeholder anywhere in the title of your PR and CodeRabbit will replace it with a title based on the changes in the PR. You can change the placeholder by changing the reviews.auto_title_placeholder setting.

[scop]

We may want to modify the registry and start writing these as regexps in it, i.e. basically replacing plain .s with \.s.

[suzuki-shunsuke]

The documentation and help messages do not state that the value of --signer-workflow is a regular expression.

https://cli.github.com/manual/gh_attestation_verify

However, based on the source code, it appears to be treated as one.

I also confirmed that using a regular expression for signer_workflow in pinact works correctly.

signer_workflow: suzuki-shunsuke/go-release-workflow/.github/workflows/.*.yaml

[suzuki-shunsuke]

Probably this change causes errors.
https://github.com/aquaproj/aqua-registry/actions/runs/23417957649/job/68117441315?pr=50835

Run ajv --spec=draft2020 -s registry.json -d registry.yaml
schema registry.json is invalid
error: unknown format "regex" ignored in schema at path "#/$defs/GitHubArtifactAttestations/properties/signer_workflow"
Error: Process completed with exit code 1.

[scop]

error: unknown format "regex" ignored in schema ...

aquaproj/registry-action#977