Skip to content

Create pipeline to validate DBX JSON certificate references #225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Flickdm merged 2 commits into from
Jun 16, 2025
Merged

Create pipeline to validate DBX JSON certificate references #225

Flickdm merged 2 commits into from
Jun 16, 2025

Conversation

Copy link
Contributor

Copilot AI commented Jun 16, 2025
edited
Loading

This PR implements a validation pipeline to ensure that DBX JSON files reference certificate files that actually exist in the PreSignedObjects/DBX/Certificates folder.

Problem

When new DBX JSON files are created, the internal certificate names referenced in the JSON don't always match the external filenames in the Certificates folder, and there was no validation to catch these mismatches. For example, the current dbx_info_msft_06_10_25.json references WindowsProduction2011.cer but the actual file is named MicWinProPCA2011_2011-10-19.der.

Solution

Added a new validation script and CI pipeline step that:

  1. Finds the latest DBX JSON file - Automatically locates dbx_info_msft_<date>.json files
  2. Validates certificate references - Checks that all certificates listed in the "certificates" array actually exist in the Certificates folder
  3. Provides clear error messages - Shows exactly which certificates are missing and lists available files for debugging
  4. Handles edge cases - Gracefully handles missing certificates sections, malformed JSON, etc.

Changes Made

New Files

  • scripts/validate_dbx_references.py - Main validation script with CLI interface
  • scripts/test_validate_dbx_references.py - Comprehensive unit tests (7 test cases)

CI Integration

  • Added validation step to .github/workflows/prepare-binaries.yml after unit tests
  • Pipeline will now fail on PR/release if certificate references are invalid

Other

  • Fixed .gitignore to properly exclude __pycache__ directories
  • Removed accidentally committed cache files

Testing

# Current mismatch is detected
$ python scripts/validate_dbx_references.py PreSignedObjects/DBX
ERROR: Certificate file 'WindowsProduction2011.cer' referenced in JSON but not found in PreSignedObjects/DBX/Certificates
INFO: Available certificate files:
INFO:   - MicWinProPCA2011_2011-10-19.der

# All unit tests pass
$ pytest scripts/test_validate_dbx_references.py
7 passed in 0.01s

The validation script successfully detects the existing mismatch and will prevent similar issues in the future through automated CI checks.

Fixes #224.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] [Feature]: Create pipeline to ensure that the Json files reference contents in thePreSignedObjects/DBX folder Create pipeline to validate DBX JSON certificate references Jun 16, 2025
Copilot AI requested a review from Flickdm June 16, 2025 06:57
@Flickdm
Copy link
Member

Flickdm commented Jun 16, 2025

This will require that PR #223 goes in first as currently the Pipeline is failing

@Flickdm Flickdm marked this pull request as ready for review June 16, 2025 07:01
Copilot AI and others added 2 commits June 16, 2025 10:51
@Flickdm
Initial analysis and planning for DBX certificate validation pipeline
b2a4496 
Co-authored-by: Flickdm <8979761+Flickdm@users.noreply.github.com>
@Flickdm
Implement DBX certificate validation pipeline with tests and CI integ…
8c8332f 
…ration

Co-authored-by: Flickdm <8979761+Flickdm@users.noreply.github.com>
apop5
apop5 reviewed Jun 16, 2025
View reviewed changes
Copilot finished work on behalf of apop5 June 16, 2025 18:24
@Flickdm Flickdm merged commit 3f69ef4 into main Jun 16, 2025
3 checks passed
@Flickdm Flickdm deleted the copilot/fix-224 branch June 16, 2025 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apop5 apop5 apop5 approved these changes

+2 more reviewers

@Flickdm Flickdm Flickdm approved these changes

@VivianNK VivianNK VivianNK approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Flickdm Flickdm

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature]: Create pipeline to ensure that the Json files reference contents in thePreSignedObjects/DBX folder

4 participants

@Flickdm @VivianNK @apop5