fix(registry): signer-workflow string format #4663

[Marukome0743]

Check List

• Read CONTRIBUTING.md
  • Read OSS Contribution Guide
• Write a GitHub Issue before creating a Pull Request
  • Link to the issue:
• All commits are signed
  • This repository enables Require signed commits, so all commits must be signed
• Avoid force push
• Do only one thing in one Pull Request

Overview

Fix the format validation for signer-workflow and signer_workflow fields in GitHubArtifactAttestations.

Problem

The signer-workflow / signer_workflow fields were using "format": "regex" in the JSON schema (and jsonschema:"format=regex" in Go struct tags), which incorrectly validates the value as a regular expression. These fields are not regex patterns — they represent a GitHub Actions workflow reference.

According to the GitHub CLI documentation, the expected format for --signer-workflow is:

[host/]<owner>/<repo>/<path>/<to>/<workflow>

For example:

suzuki-shunsuke/test-github-artifact-attestation/.github/workflows/release.yaml

Changes

• json-schema/registry.json: Replaced "format": "regex" with "pattern": "^([^/]+/)?[^/]+/[^/]+/.+$" for both signer_workflow and signer-workflow.
• pkg/config/registry/github_cli.go: Replaced jsonschema:"format=regex" with jsonschema:"pattern=^([^/]+/)?[^/]+/[^/]+/.+$" in struct tags.

Pattern explanation

^([^/]+/)?[^/]+/[^/]+/.+$

Part	Matches
([^/]+/)?	Optional host (e.g. github.com/)
[^/]+/	<owner>/
[^/]+/	<repo>/
.+	<path>/<to>/<workflow> (at least one path segment)

Summary by CodeRabbit

• Chores
  • Updated validation patterns for GitHub artifact attestation workflow configuration fields to enforce more explicit and precise formatting requirements. These changes improve consistency in validation enforcement across configuration layers and ensure workflow identifiers conform to proper formatting standards, preventing potential configuration errors. Configuration accuracy is now better maintained throughout the system.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates JSON schema validation for GitHub artifact attestation signer workflow fields, replacing the generic format: "regex" keyword with a specific regex pattern ^([^/]+/)?[^/]+/[^/]+/.+$ in both the schema definition and corresponding Go struct annotations.

Changes

Cohort / File(s)	Summary
GitHub Artifact Attestations Schema json-schema/registry.json, pkg/config/registry/github_cli.go	Replaced generic format: "regex" with explicit pattern: "^([^/]+/)?[^/]+/[^/]+/.+$" for signer_workflow and signer-workflow (Go: SignerWorkflow2 and SignerWorkflow3) fields to enforce workflow-like naming constraints.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• fix(registry): signer-workflow string format #4663: Initially added format: "regex" to these same schema properties and struct tags; this PR refines it with an explicit pattern constraint.

Suggested reviewers

• suzuki-shunsuke

Poem

🐰 A pattern emerges, precise and clear,
No longer vague, the schema's here!
From format loose to pattern tight,
The workflow fields now shine so bright! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: fixing the validation format for the signer-workflow field in the registry, which is the core focus of the changeset.
Description check	✅ Passed	The description is comprehensive and complete. It includes the checklist with appropriate items checked, clear problem statement, detailed changes, and pattern explanation. All template requirements are met.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@json-schema/registry.json`:
- Around line 268-272: The registry.json change appears to be a manual edit;
revert any manual edits to json-schema/registry.json and regenerate the file
from source using the project's generator: run the command `cmdx js` (per
json-schema/README.md / invopop/jsonschema flow) to produce an updated
registry.json, verify the generated file includes the intended pattern change
and that no other diffs remain, then commit the regenerated file instead of
manual edits to ensure the schema stays auto-generated.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 088ef278-75a0-4460-aa31-25221dab519c

📥 Commits

Reviewing files that changed from the base of the PR and between 788979e and df5b515.

📒 Files selected for processing (2)

• json-schema/registry.json
• pkg/config/registry/github_cli.go

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether schema generation would introduce additional diffs.
# Expected: no diff if generated schema is up to date.
cmdx js
git diff -- json-schema/registry.json

Repository: aquaproj/aqua

Length of output: 99

---

🏁 Script executed:

find . -type f -name "*.md" | head -20 | xargs grep -l "cmdx\|schema" | head -5

Repository: aquaproj/aqua

Length of output: 130

---

🏁 Script executed:

ls -la json-schema/ && head -50 json-schema/registry.json

Repository: aquaproj/aqua

Length of output: 1577

---

🏁 Script executed:

git log --oneline --all -- json-schema/registry.json | head -10

Repository: aquaproj/aqua

Length of output: 690

---

🏁 Script executed:

find . -type f \( -name "cmdx*" -o -name "*command*" -o -name "Makefile" -o -name "package.json" \) | head -20

Repository: aquaproj/aqua

Length of output: 571

---

🏁 Script executed:

cat cmdx.yaml | grep -A 20 "js:"

Repository: aquaproj/aqua

Length of output: 39

---

🏁 Script executed:

git show df5b515 --stat

Repository: aquaproj/aqua

Length of output: 43490

---

🏁 Script executed:

git show df5b515 | head -100

Repository: aquaproj/aqua

Length of output: 3131

---

🏁 Script executed:

cat json-schema/README.md

Repository: aquaproj/aqua

Length of output: 679

---

🏁 Script executed:

sed -n '265,275p' json-schema/registry.json

Repository: aquaproj/aqua

Length of output: 346

---

🏁 Script executed:

git diff HEAD~1 json-schema/registry.json | head -50

Repository: aquaproj/aqua

Length of output: 243

---

Verify that the JSON schema was regenerated before committing.

The json-schema/registry.json file must be generated using cmdx js, not edited manually. Per the project's json-schema/README.md: "Don't edit these files manually." These files are auto-generated from source code via invopop/jsonschema and should never contain manual edits.

Before committing, run cmdx js to regenerate the schema from the source code and verify no additional diffs are introduced.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@json-schema/registry.json` around lines 268 - 272, The registry.json change
appears to be a manual edit; revert any manual edits to
json-schema/registry.json and regenerate the file from source using the
project's generator: run the command `cmdx js` (per json-schema/README.md /
invopop/jsonschema flow) to produce an updated registry.json, verify the
generated file includes the intended pattern change and that no other diffs
remain, then commit the regenerated file instead of manual edits to ensure the
schema stays auto-generated.

[suzuki-shunsuke]

Thank you for the contribution!
But the issue was solved by another approach.
It was the problem of JSON Schema validator rather than JSON Schema itself.

• feat(validate-json-schema): support more formats in ajv registry-action#977
• https://github.com/aquaproj/registry-action/releases/tag/v0.2.4