All pull requests

feat(verity): land cosign + SBOM signatures for every release#2016

Openln-dev7wants to merge 6 commits intomainfromfeat/verity-3017
LNLNcommented 2w ago

Summary

feat(verity): land cosign + SBOM signatures for every release — addresses the regression surfaced in verity after the recent feat work landed on main.

Why

  • The previous behavior on main short-circuited the safe path under load; this PR restores the intended contract.
  • Adds a guard so the regression cannot resurface silently in staging.
  • Drive-by: removes dead-code call sites the linter was warning about.

Scope

  • Files touched: 2 across the core module + tests.
  • No public API change; ABI is preserved.
  • CI: all green on the matrix runs.

Labels: bug

LNLNcommented 1w ago

Could we add a regression test for the partial-bucket case? I'm happy to push it on top if you'd prefer.

KWKwame Okoyecommented 1w ago

Left a few small nits inline. Otherwise the shape is exactly what we discussed in the design doc.

KWKwame Okoyecommented 1w ago

Confirmed the contract on the staging cluster — x-quorum is propagated end-to-end. Holding approval until I see the metric in Grafana.

KWKwame Okoyecommented 1w ago

Rebased against main and force-pushed; CI is happy. Re-requesting review.

KWKwame Okoyecommented 1w ago

I think we can drop the legacy double-buffered drain once this lands — happy to do it as a follow-up.

KWKwame Okoyecommented 1w ago

LGTM modulo the comment I left on the changelog entry.

All checks have passed1 neutral, 1 skipped, 3 successful checks
No conflicts with base branchMerging can be performed automatically.
You can also merge this with the command line. View command line instructions.Still in progress? Convert to draft

Add a comment

M↓Markdown is supported