Maven central deploy gpg expires#3029
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThe Maven publish workflow now checks the imported GPG key’s expiry date. It parses ChangesGPG Key Expiry Validation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~5 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/maven-publish.yml:
- Around line 28-29: The expiry extraction in the workflow’s GPG key check is
too brittle: the current `EXPIRY` parsing in the publish step can capture a
trailing bracket and the pipeline can fail before the empty-expiry branch is
reached. Update the parsing logic in the maven-publish workflow step that
computes `EXPIRY` so it safely strips the bracketed value from `gpg
--list-secret-keys`, and make the command substitution tolerant of
no-match/no-expiry cases before the `date` comparison runs.
- Around line 28-30: The EXPIRY assignment in the Maven publish workflow is
aborting early when the `grep` in the shell pipeline finds no match, so the
no-expiry branch is never reached. Update the shell logic around the
`EXPIRY=$(gpg --list-secret-keys --keyid-format LONG ...)` block to tolerate a
no-match result from `grep -oP '(?<=expires: )\S+'`, using a non-failing
fallback so the `if [ -z "$EXPIRY" ]` path can still execute as intended.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: e9452d83-2cb9-4936-93f8-845d501662e5
📒 Files selected for processing (1)
.github/workflows/maven-publish.yml
|
This pull request needs "/ok-to-test" from an authorized committer. |
…' into maven-central-deploy-gpg-expires
Summary by CodeRabbit