Stop tracking the generated demo certificate#48
Conversation
The committed testdata/demo/certs.pem has baked-in dates, so over time its "expiring" leaf becomes expired and the demo (and demo.gif) no longer shows the expiring-soon state. Untrack it, ignore it, and regenerate it from gen_demo_certs.go as a prerequisite of the test/run/demo targets so it is always fresh.
|
Warning Review limit reached
More reviews will be available in 21 minutes and 30 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request removes the committed demo certificate chain and introduces a Makefile target to generate it dynamically, adding the generated file to .gitignore. The review feedback recommends generating these certificates dynamically within the Go test suite itself to support direct go test invocations, and suggests updating the clean target to remove the generated certificate file.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Make the file-based parse test self-sufficient under a plain `go test` by building a chain into a temp dir when the generated demo file is absent, and remove testdata/demo/certs.pem in `make clean`.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request removes the committed demo certificate chain file and introduces a mechanism to dynamically generate it via a new demo-certs Makefile target, which is now integrated into the test and run workflows. Additionally, the test suite is updated to dynamically generate a fallback certificate chain if the demo file is missing. A review comment suggests simplifying the fallback logic in TestParseCertificatesFromFile by passing the generated PEM bytes directly to ParseCertificates instead of writing them to a temporary file.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
ParseCertificates takes []byte, so skip the temp-file round-trip and hand it the generated PEM directly.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request removes the committed static demo certificate chain to prevent baked-in dates from going stale. Instead, it introduces a make demo-certs target to generate them dynamically, integrates this generation into the Makefile test and run targets, and updates the gitignore. Additionally, TestParseCertificatesFromFile is updated to fall back to a dynamically generated chain if the demo file is missing. A review comment suggests improving this fallback logic by also checking if the read file is empty, ensuring robust test execution.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
An empty (e.g. half-generated) certs.pem reads without error but yields no certificates; treat zero-length data the same as a missing file.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request removes the committed demo certificate chain file (testdata/demo/certs.pem) to prevent baked-in dates from going stale, and instead generates it dynamically. A new demo-certs target is added to the Makefile, and the .gitignore and clean targets are updated accordingly. Additionally, pkg/certificate/certificate_test.go is updated to fall back to a dynamically generated test chain if the demo certificate file is missing or empty, ensuring that go test still works without running the Makefile target. There are no review comments, so no additional feedback is provided.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
The committed
testdata/demo/certs.pemhas baked-in validity dates. Over time itsexpiring.y509.demoleaf passes its NotAfter and the demo shows it as Expired instead of the intended expiring-soon (▲) state — so the demo, anddemo.gif, drift out of sync with what the tool is meant to show.testdata/demo/certs.pemand add it to.gitignore.demo-certstarget (go run scripts/gen_demo_certs.go) and maketest,test-json,test-coverage,run, anddemodepend on it, so the chain is always regenerated fresh.The generator recipe is silenced (
@) so it doesn't pollute themake test-jsonoutput CI redirects to a report. The file-based test already skips gracefully if the chain is missing, but it now always runs against a freshly generated chain.This was surfaced while diagnosing a demo where the
expiringleaf showed as expired: the tool was correct, the committed fixture was just stale.