Skip to content

fix(github): penalize certificate assets as metadata#10158

Merged
jdx merged 2 commits into
jdx:mainfrom
risu729:fix/github-cert-assets-metadata
May 31, 2026
Merged

fix(github): penalize certificate assets as metadata#10158
jdx merged 2 commits into
jdx:mainfrom
risu729:fix/github-cert-assets-metadata

Conversation

@risu729
Copy link
Copy Markdown
Contributor

@risu729 risu729 commented May 31, 2026
edited
Loading

Summary

  • treat .cert and .cer release assets like other metadata/signature files during asset scoring
  • extend the existing metadata penalty test to cover certificate assets

Extracted from #10103 so this metadata scoring fix can land separately from the x86 fallback work. The .cer extension was added from review feedback because it is another common certificate asset extension.

Tests

  • cargo test test_metadata_penalty
  • cargo fmt --check

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds support for recognizing and penalizing .cert certificate files in the asset matcher, ensuring they are not incorrectly prioritized over actual binaries. It also adds corresponding unit tests to verify this behavior. The reviewer suggested also adding .cer as it is another common certificate extension.

Comment thread src/backend/asset_matcher.rs
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 31, 2026
edited
Loading

Greptile Summary

This PR adds .cert and .cer as penalized metadata extensions in the GitHub asset scorer, consistent with the already-penalized .crt, .pem, .key, and .pub entries.

  • Asset penalty logic (asset_matcher.rs ~line 420): .cert and .cer are inserted adjacent to .crt, preserving the existing ordering convention.
  • Test coverage: test_metadata_penalty is extended with both new extensions, each verified to score below the primary tarball asset.

Confidence Score: 5/5

A two-line addition to an extension allowlist with direct test coverage — no functional risk.

The change is a minimal, self-contained addition of two certificate file extensions to an existing penalty list. The logic and placement are consistent with surrounding entries (.crt, .pem, .key), and both new extensions are exercised in the updated test.

No files require special attention.

Important Files Changed

Filename Overview
src/backend/asset_matcher.rs Adds .cert and .cer to the metadata penalty list alongside the existing .crt/.pem entries, with matching test assertions for both new extensions.

Reviews (2): Last reviewed commit: "fix(github): penalize cer assets as meta..." | Re-trigger Greptile

@risu729 risu729 changed the title fix(github): penalize cert assets as metadata fix(github): penalize certificate assets as metadata May 31, 2026
@risu729 risu729 mentioned this pull request May 31, 2026
Merged
@risu729 risu729 marked this pull request as ready for review May 31, 2026 14:41
@jdx jdx merged commit c5edfec into jdx:main May 31, 2026
32 checks passed
@risu729 risu729 deleted the fix/github-cert-assets-metadata branch May 31, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@risu729 @jdx