Skip to content

fix(wfctl): preserve registry download checksums#853

Merged
intel352 merged 2 commits into
mainfrom
fix/registry-sync-checksums
Jun 3, 2026
Merged

fix(wfctl): preserve registry download checksums#853
intel352 merged 2 commits into
mainfrom
fix/registry-sync-checksums

Conversation

@intel352
Copy link
Copy Markdown
Contributor

@intel352 intel352 commented Jun 3, 2026

Summary

  • read release checksums.txt during wfctl plugin registry-sync
  • include sha256 in generated downloads entries when checksum data is available
  • keep checksum files optional so plugins without checksums still sync

Verification

Copilot AI review requested due to automatic review settings June 3, 2026 09:53
Copilot AI reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances wfctl plugin registry-sync to optionally read checksums.txt from GitHub releases and, when available, include sha256 values in generated downloads entries in registry manifests—improving downstream install integrity verification while remaining compatible with plugins that don’t publish checksums.

Changes:

  • Extend release asset metadata to include an optional sha256 field and plumb it into manifest downloads entries during --fix.
  • Add support code to download and parse checksums.txt from a release (best-effort / optional).
  • Add unit tests for parsing release checksums and for emitting sha256 in applyFix output.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
cmd/wfctl/plugin_registry_sync.go Adds sha256 support to release downloads and introduces checksums.txt download + parsing for registry-sync.
cmd/wfctl/plugin_registry_sync_test.go Adds tests covering checksums parsing and ensuring applyFix writes sha256 when provided.

Comment thread cmd/wfctl/plugin_registry_sync.go
Comment thread cmd/wfctl/plugin_registry_sync.go Outdated
Comment thread cmd/wfctl/plugin_registry_sync.go
Comment thread cmd/wfctl/plugin_registry_sync.go
@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 3, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 53.42466% with 34 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
cmd/wfctl/plugin_registry_sync.go 53.42% 29 Missing and 5 partials ⚠️

📢 Thoughts on this report? Let us know!

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 3, 2026
edited
Loading

⏱ Benchmark Results

No significant performance regressions detected.

benchstat comparison (baseline → PR) 
## benchstat: baseline → PR
baseline-bench.txt:304: parsing iteration count: invalid syntax
baseline-bench.txt:339869: parsing iteration count: invalid syntax
baseline-bench.txt:646059: parsing iteration count: invalid syntax
baseline-bench.txt:962590: parsing iteration count: invalid syntax
baseline-bench.txt:1293104: parsing iteration count: invalid syntax
baseline-bench.txt:1590186: parsing iteration count: invalid syntax
benchmark-results.txt:304: parsing iteration count: invalid syntax
benchmark-results.txt:330326: parsing iteration count: invalid syntax
benchmark-results.txt:607230: parsing iteration count: invalid syntax
benchmark-results.txt:938134: parsing iteration count: invalid syntax
benchmark-results.txt:1228046: parsing iteration count: invalid syntax
benchmark-results.txt:1482309: parsing iteration count: invalid syntax
goos: linux
goarch: amd64
pkg: github.com/GoCodeAlone/workflow/dynamic
cpu: AMD EPYC 9V74 80-Core Processor                
                            │ baseline-bench.txt │       benchmark-results.txt        │
                            │       sec/op       │    sec/op     vs base              │
InterpreterCreation-4               7.996m ± 63%   9.555m ± 68%       ~ (p=0.394 n=6)
ComponentLoad-4                     3.483m ±  8%   3.511m ±  1%       ~ (p=0.240 n=6)
ComponentExecute-4                  1.810µ ±  3%   1.827µ ±  1%       ~ (p=0.485 n=6)
PoolContention/workers-1-4          1.018µ ±  1%   1.029µ ±  1%  +1.13% (p=0.002 n=6)
PoolContention/workers-2-4          1.022µ ±  1%   1.026µ ±  2%       ~ (p=0.604 n=6)
PoolContention/workers-4-4          1.033µ ±  1%   1.046µ ±  3%  +1.21% (p=0.048 n=6)
PoolContention/workers-8-4          1.028µ ±  5%   1.025µ ±  3%       ~ (p=0.855 n=6)
PoolContention/workers-16-4         1.025µ ±  2%   1.010µ ±  1%  -1.42% (p=0.011 n=6)
ComponentLifecycle-4                3.602m ±  1%   3.541m ±  1%  -1.71% (p=0.002 n=6)
SourceValidation-4                  2.072µ ±  1%   2.105µ ±  1%  +1.59% (p=0.004 n=6)
RegistryConcurrent-4                734.9n ±  2%   777.7n ±  4%  +5.82% (p=0.002 n=6)
LoaderLoadFromString-4              3.648m ±  2%   3.594m ±  1%       ~ (p=0.093 n=6)
geomean                             17.98µ         18.35µ        +2.06%

                            │ baseline-bench.txt │        benchmark-results.txt         │
                            │        B/op        │     B/op      vs base                │
InterpreterCreation-4               2.027Mi ± 0%   2.027Mi ± 0%       ~ (p=0.589 n=6)
ComponentLoad-4                     2.180Mi ± 0%   2.180Mi ± 0%       ~ (p=0.799 n=6)
ComponentExecute-4                  1.203Ki ± 0%   1.203Ki ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-1-4          1.203Ki ± 0%   1.203Ki ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-2-4          1.203Ki ± 0%   1.203Ki ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-4-4          1.203Ki ± 0%   1.203Ki ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-8-4          1.203Ki ± 0%   1.203Ki ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-16-4         1.203Ki ± 0%   1.203Ki ± 0%       ~ (p=1.000 n=6) ¹
ComponentLifecycle-4                2.183Mi ± 0%   2.183Mi ± 0%  +0.00% (p=0.004 n=6)
SourceValidation-4                  1.984Ki ± 0%   1.984Ki ± 0%       ~ (p=1.000 n=6) ¹
RegistryConcurrent-4                1.133Ki ± 0%   1.133Ki ± 0%       ~ (p=1.000 n=6) ¹
LoaderLoadFromString-4              2.182Mi ± 0%   2.182Mi ± 0%       ~ (p=0.978 n=6)
geomean                             15.25Ki        15.25Ki       +0.00%
¹ all samples are equal

                            │ baseline-bench.txt │        benchmark-results.txt        │
                            │     allocs/op      │  allocs/op   vs base                │
InterpreterCreation-4                15.68k ± 0%   15.68k ± 0%       ~ (p=1.000 n=6)
ComponentLoad-4                      18.02k ± 0%   18.02k ± 0%       ~ (p=1.000 n=6)
ComponentExecute-4                    25.00 ± 0%    25.00 ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-1-4            25.00 ± 0%    25.00 ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-2-4            25.00 ± 0%    25.00 ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-4-4            25.00 ± 0%    25.00 ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-8-4            25.00 ± 0%    25.00 ± 0%       ~ (p=1.000 n=6) ¹
PoolContention/workers-16-4           25.00 ± 0%    25.00 ± 0%       ~ (p=1.000 n=6) ¹
ComponentLifecycle-4                 18.07k ± 0%   18.07k ± 0%       ~ (p=1.000 n=6) ¹
SourceValidation-4                    32.00 ± 0%    32.00 ± 0%       ~ (p=1.000 n=6) ¹
RegistryConcurrent-4                  2.000 ± 0%    2.000 ± 0%       ~ (p=1.000 n=6) ¹
LoaderLoadFromString-4               18.06k ± 0%   18.06k ± 0%       ~ (p=1.000 n=6) ¹
geomean                               183.3         183.3       +0.00%
¹ all samples are equal

pkg: github.com/GoCodeAlone/workflow/middleware
                                  │ baseline-bench.txt │       benchmark-results.txt       │
                                  │       sec/op       │   sec/op     vs base              │
CircuitBreakerDetection-4                  300.2n ± 4%   297.7n ± 7%       ~ (p=0.699 n=6)
CircuitBreakerExecution_Success-4          22.67n ± 0%   22.67n ± 0%       ~ (p=0.803 n=6)
CircuitBreakerExecution_Failure-4          71.02n ± 5%   71.16n ± 0%       ~ (p=0.370 n=6)
geomean                                    78.47n        78.31n       -0.21%

                                  │ baseline-bench.txt │       benchmark-results.txt        │
                                  │        B/op        │    B/op     vs base                │
CircuitBreakerDetection-4                 144.0 ± 0%     144.0 ± 0%       ~ (p=1.000 n=6) ¹
CircuitBreakerExecution_Success-4         0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
CircuitBreakerExecution_Failure-4         0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                              ²               +0.00%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

                                  │ baseline-bench.txt │       benchmark-results.txt        │
                                  │     allocs/op      │ allocs/op   vs base                │
CircuitBreakerDetection-4                 1.000 ± 0%     1.000 ± 0%       ~ (p=1.000 n=6) ¹
CircuitBreakerExecution_Success-4         0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
CircuitBreakerExecution_Failure-4         0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                              ²               +0.00%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/module
                                 │ baseline-bench.txt │       benchmark-results.txt        │
                                 │       sec/op       │    sec/op     vs base              │
IaCStateBackend_InProcess-4              298.1n ± 23%   296.7n ±  1%  -0.49% (p=0.022 n=6)
IaCStateBackend_GRPC-4                   10.18m ±  1%   10.44m ± 14%  +2.50% (p=0.002 n=6)
JQTransform_Simple-4                     656.5n ± 37%   693.7n ± 27%       ~ (p=0.180 n=6)
JQTransform_ObjectConstruction-4         1.518µ ±  1%   1.493µ ±  2%  -1.68% (p=0.002 n=6)
JQTransform_ArraySelect-4                3.541µ ±  1%   3.653µ ±  4%       ~ (p=0.139 n=6)
JQTransform_Complex-4                    42.39µ ±  2%   43.31µ ±  1%  +2.17% (p=0.004 n=6)
JQTransform_Throughput-4                 1.864µ ±  1%   1.839µ ±  3%  -1.34% (p=0.024 n=6)
SSEPublishDelivery-4                     64.00n ±  3%   63.91n ±  1%       ~ (p=0.372 n=6)
geomean                                  3.906µ         3.953µ        +1.21%

                                 │ baseline-bench.txt │         benchmark-results.txt         │
                                 │        B/op        │     B/op       vs base                │
IaCStateBackend_InProcess-4             416.0 ±  0%       416.0 ±  0%       ~ (p=1.000 n=6) ¹
IaCStateBackend_GRPC-4                5.785Mi ± 13%     5.806Mi ± 15%       ~ (p=0.589 n=6)
JQTransform_Simple-4                  1.273Ki ±  0%     1.273Ki ±  0%       ~ (p=1.000 n=6) ¹
JQTransform_ObjectConstruction-4      1.773Ki ±  0%     1.773Ki ±  0%       ~ (p=1.000 n=6) ¹
JQTransform_ArraySelect-4             2.625Ki ±  0%     2.625Ki ±  0%       ~ (p=1.000 n=6) ¹
JQTransform_Complex-4                 16.31Ki ±  0%     16.31Ki ±  0%       ~ (p=1.000 n=6) ¹
JQTransform_Throughput-4              1.984Ki ±  0%     1.984Ki ±  0%       ~ (p=1.000 n=6) ¹
SSEPublishDelivery-4                    0.000 ±  0%       0.000 ±  0%       ~ (p=1.000 n=6) ¹
geomean                                             ²                  +0.05%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

                                 │ baseline-bench.txt │        benchmark-results.txt        │
                                 │     allocs/op      │  allocs/op   vs base                │
IaCStateBackend_InProcess-4              2.000 ± 0%      2.000 ± 0%       ~ (p=1.000 n=6) ¹
IaCStateBackend_GRPC-4                  6.865k ± 0%     6.873k ± 0%       ~ (p=0.063 n=6)
JQTransform_Simple-4                     10.00 ± 0%      10.00 ± 0%       ~ (p=1.000 n=6) ¹
JQTransform_ObjectConstruction-4         15.00 ± 0%      15.00 ± 0%       ~ (p=1.000 n=6) ¹
JQTransform_ArraySelect-4                30.00 ± 0%      30.00 ± 0%       ~ (p=1.000 n=6) ¹
JQTransform_Complex-4                    328.0 ± 0%      328.0 ± 0%       ~ (p=1.000 n=6) ¹
JQTransform_Throughput-4                 17.00 ± 0%      17.00 ± 0%       ~ (p=1.000 n=6) ¹
SSEPublishDelivery-4                     0.000 ± 0%      0.000 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                             ²                +0.01%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/schema
                                    │ baseline-bench.txt │       benchmark-results.txt       │
                                    │       sec/op       │   sec/op     vs base              │
SchemaValidation_Simple-4                    1.102µ ± 3%   1.089µ ± 7%       ~ (p=0.558 n=6)
SchemaValidation_AllFields-4                 1.627µ ± 6%   1.647µ ± 2%       ~ (p=0.848 n=6)
SchemaValidation_FormatValidation-4          1.567µ ± 1%   1.605µ ± 6%  +2.39% (p=0.004 n=6)
SchemaValidation_ManySchemas-4               1.597µ ± 3%   1.620µ ± 1%       ~ (p=0.132 n=6)
geomean                                      1.455µ        1.469µ       +0.95%

                                    │ baseline-bench.txt │       benchmark-results.txt        │
                                    │        B/op        │    B/op     vs base                │
SchemaValidation_Simple-4                   0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
SchemaValidation_AllFields-4                0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
SchemaValidation_FormatValidation-4         0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
SchemaValidation_ManySchemas-4              0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                                ²               +0.00%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

                                    │ baseline-bench.txt │       benchmark-results.txt        │
                                    │     allocs/op      │ allocs/op   vs base                │
SchemaValidation_Simple-4                   0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
SchemaValidation_AllFields-4                0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
SchemaValidation_FormatValidation-4         0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
SchemaValidation_ManySchemas-4              0.000 ± 0%     0.000 ± 0%       ~ (p=1.000 n=6) ¹
geomean                                                ²               +0.00%               ²
¹ all samples are equal
² summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/store
                                   │ baseline-bench.txt │       benchmark-results.txt        │
                                   │       sec/op       │    sec/op     vs base              │
EventStoreAppend_InMemory-4                1.143µ ± 15%   1.088µ ± 16%       ~ (p=0.310 n=6)
EventStoreAppend_SQLite-4                  1.059m ±  6%   1.014m ±  4%  -4.26% (p=0.015 n=6)
GetTimeline_InMemory/events-10-4           14.27µ ±  4%   13.50µ ±  5%  -5.39% (p=0.009 n=6)
GetTimeline_InMemory/events-50-4           77.27µ ± 23%   75.04µ ± 24%       ~ (p=0.240 n=6)
GetTimeline_InMemory/events-100-4          120.2µ ±  0%   115.0µ ±  1%  -4.35% (p=0.002 n=6)
GetTimeline_InMemory/events-500-4          614.6µ ±  1%   591.4µ ±  2%  -3.77% (p=0.002 n=6)
GetTimeline_InMemory/events-1000-4         1.249m ±  1%   1.209m ±  0%  -3.17% (p=0.002 n=6)
GetTimeline_SQLite/events-10-4             61.47µ ±  1%   61.38µ ±  3%       ~ (p=0.589 n=6)
GetTimeline_SQLite/events-50-4             200.0µ ±  3%   201.5µ ±  1%       ~ (p=0.180 n=6)
GetTimeline_SQLite/events-100-4            370.7µ ±  1%   374.2µ ±  0%  +0.95% (p=0.009 n=6)
GetTimeline_SQLite/events-500-4            1.715m ±  1%   1.737m ±  0%  +1.29% (p=0.009 n=6)
GetTimeline_SQLite/events-1000-4           3.407m ±  2%   3.443m ±  1%       ~ (p=0.093 n=6)
geomean                                    196.3µ         192.2µ        -2.09%

                                   │ baseline-bench.txt │        benchmark-results.txt         │
                                   │        B/op        │     B/op      vs base                │
EventStoreAppend_InMemory-4                  797.0 ± 6%     752.5 ± 7%       ~ (p=0.082 n=6)
EventStoreAppend_SQLite-4                  1.985Ki ± 1%   1.982Ki ± 2%       ~ (p=0.242 n=6)
GetTimeline_InMemory/events-10-4           7.953Ki ± 0%   7.953Ki ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-50-4           46.62Ki ± 0%   46.62Ki ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-100-4          94.48Ki ± 0%   94.48Ki ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-500-4          472.8Ki ± 0%   472.8Ki ± 0%       ~ (p=0.545 n=6)
GetTimeline_InMemory/events-1000-4         944.3Ki ± 0%   944.3Ki ± 0%       ~ (p=0.636 n=6)
GetTimeline_SQLite/events-10-4             16.74Ki ± 0%   16.74Ki ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-50-4             87.14Ki ± 0%   87.14Ki ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-100-4            175.4Ki ± 0%   175.4Ki ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-500-4            846.1Ki ± 0%   846.1Ki ± 0%       ~ (p=0.545 n=6)
GetTimeline_SQLite/events-1000-4           1.639Mi ± 0%   1.639Mi ± 0%       ~ (p=1.000 n=6)
geomean                                    67.40Ki        67.07Ki       -0.49%
¹ all samples are equal

                                   │ baseline-bench.txt │        benchmark-results.txt        │
                                   │     allocs/op      │  allocs/op   vs base                │
EventStoreAppend_InMemory-4                  7.000 ± 0%    7.000 ± 0%       ~ (p=1.000 n=6) ¹
EventStoreAppend_SQLite-4                    53.00 ± 0%    53.00 ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-10-4             125.0 ± 0%    125.0 ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-50-4             653.0 ± 0%    653.0 ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-100-4           1.306k ± 0%   1.306k ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-500-4           6.514k ± 0%   6.514k ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_InMemory/events-1000-4          13.02k ± 0%   13.02k ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-10-4               382.0 ± 0%    382.0 ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-50-4              1.852k ± 0%   1.852k ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-100-4             3.681k ± 0%   3.681k ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-500-4             18.54k ± 0%   18.54k ± 0%       ~ (p=1.000 n=6) ¹
GetTimeline_SQLite/events-1000-4            37.29k ± 0%   37.29k ± 0%       ~ (p=1.000 n=6) ¹
geomean                                     1.162k        1.162k       +0.00%
¹ all samples are equal

Benchmarks run with go test -bench=. -benchmem -count=6.
Regressions ≥ 20% are flagged. Results compared via benchstat.

@intel352 intel352 merged commit 9054059 into main Jun 3, 2026
21 checks passed
@intel352 intel352 deleted the fix/registry-sync-checksums branch June 3, 2026 10:18
@intel352 intel352 mentioned this pull request Jun 3, 2026
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@intel352