Conversation
Add pstramp to the asset lockfile with SHA256 checksums for reproducible builds. Previously the desktop release workflow fetched the latest release without version pinning or checksum verification.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3c737f032c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| [[tools]] | ||
| name = "pstramp" | ||
| group = "desktop" |
There was a problem hiding this comment.
Adding group = "desktop" here causes parse_tools_for_group() to fail for all existing callers because ToolGroup in app/arcbox-docker-tools/src/lockfile.rs only includes Docker and Kubernetes, and the parser deserializes the full [[tools]] array before filtering. In this state, docker/kubernetes flows (for example CLI setup and daemon ensure_docker_tools) will error with an unknown enum variant instead of loading their own tool entries.
Useful? React with 👍 / 👎.
Summary
desktoptool groupPreviously the desktop release workflow fetched the latest pstramp release without version pinning or integrity checks.
Closes ABXD-91