From 4fedfa58126e5137bd331810276a9f949dc65c28 Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Sun, 3 May 2026 19:02:44 +0000 Subject: [PATCH] ci: fix Phase 4 post-push unused-symbol failures MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI on commit 53c1d24 (Phase 4 gofmt fix) failed golangci-lint's 'unused' linter on internal/service/acme_phase4_test.go: the stubRenewalPolicies type + its Get method were defined for a future RenewalInfo happy-path test that I never actually wrote — only the disabled + bad-cert-id negatives. The dead-code carried forward because go vet doesn't catch unused-but-exported-shape, and the package-private use never materialized. Fix: delete the stubRenewalPolicies type + its method + the adjacent stub-comment that referenced a similarly-imagined stubIssuerConn that was never written either. The tests I have (RotateAccountKey happy + duplicate, RevokeCert kid + jwk paths + already-revoked + reason-clamping, RenewalInfo disabled + bad-cert-id) all still pass — they don't reference the removed type. The window-math is exercised directly in internal/api/acme/phase4_test.go::TestComputeRenewalWindow_*; the service-layer policy-lookup wiring is read at handler smoke time in Phase 5. Confirmed: 'gofmt -l .' clean; 'go vet ./internal/service/' clean; 'go test -short -count=1 ./internal/service/' green. Pre-commit verification gate updated implicitly: future Phase commits should spot-check unused-shape via grep against the test file (every stub* helper should have ≥3 references, matching the live helpers' usage profile). --- internal/service/acme_phase4_test.go | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/internal/service/acme_phase4_test.go b/internal/service/acme_phase4_test.go index ad12c45..8cca19d 100644 --- a/internal/service/acme_phase4_test.go +++ b/internal/service/acme_phase4_test.go @@ -168,22 +168,10 @@ func (s *stubCertRepo) Get(ctx context.Context, id string) (*domain.ManagedCerti return nil, errors.New("not found") } -// stubIssuerConn is a no-op IssuerConnector for firstAvailableIssuer(). -// We don't need the connector itself to do anything; just that -// firstAvailableIssuer returns ok=true. - -// stubRenewalPolicies is a minimal RenewalPolicyLookup. -type stubRenewalPolicies struct { - pol *domain.RenewalPolicy -} - -func (s *stubRenewalPolicies) Get(ctx context.Context, id string) (*domain.RenewalPolicy, error) { - if s.pol != nil && s.pol.ID == id { - return s.pol, nil - } - return nil, errors.New("not found") -} - +// generateRevocationFixture builds a self-signed leaf cert + the +// matching managed-certificate + version domain rows the RevokeCert +// tests below feed into the stubCertRepo. The cert is signed under its +// own key so the jwk-path tests can present a verifying JWK. func generateRevocationFixture(t *testing.T) (cert *domain.ManagedCertificate, version *domain.CertificateVersion, der []byte, certPriv *ecdsa.PrivateKey) { t.Helper() priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)