chore: Bump playground version

[nasdf]

Relevant issue(s)

Resolves: #4666

Description

This PR bumps the embedded playground to the latest version which includes style fixes and security updates for a few packages.

Tasks

• I made sure the code is well commented, particularly hard-to-understand areas.
• I made sure the repository-held documentation is changed accordingly.
• I made sure the pull request title adheres to the conventional commit style (the subset used in the project can be found in tools/configs/chglog/config.yml).
• I made sure to discuss its limitations such as threats to validity, vulnerability to mistake and misuse, robustness to invalidation of assumptions, resource requirements, ...

How has this been tested?

Manually tested playground.

Specify the platform(s) on which this was tested:

• MacOS

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated download URLs in two platform-specific playground asset download scripts from release tag v1.0.0 to v1.0.1. The underlying download, extraction, and error handling logic remains unchanged.

Changes

Cohort / File(s)	Summary
Playground Download Scripts tools/scripts/download_playground.ps1, tools/scripts/download_playground.sh	Updated release version tag from v1.0.0 to v1.0.1 in download URLs for defradb-playground assets across both Windows PowerShell and Unix shell scripts.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can get early access to new features in CodeRabbit.

Enable the early_access setting to enable early access features such as new models, tools, and more.

[coderabbitai]

🧹 Nitpick comments (2)

tools/scripts/download_playground.ps1 (1)

5-24: Consider adding integrity verification.

While the error handling is already solid, consider adding SHA256 checksum verification to validate the downloaded artifact's integrity and prevent tampering or corruption.

🔒 Example implementation with checksum verification

 # Download static assets from: `github.com/sourcenetwork/defradb-playground`.
 #
 # Bump the release tag in the URL below to change versions.
 
-$url = "https://github.com/sourcenetwork/defradb-playground/releases/download/v1.0.1/dist.tar.gz"
+$version = "v1.0.1"
+$url = "https://github.com/sourcenetwork/defradb-playground/releases/download/${version}/dist.tar.gz"
+$checksumUrl = "${url}.sha256"
 $tarFile = "dist.tar.gz"
 
 try {
     # Download the file
     Write-Host "Downloading playground assets..."
     Invoke-WebRequest -Uri $url -OutFile $tarFile -ErrorAction Stop
+    
+    # Download and verify checksum if available
+    try {
+        Write-Host "Downloading checksum..."
+        Invoke-WebRequest -Uri $checksumUrl -OutFile "${tarFile}.sha256" -ErrorAction Stop
+        
+        Write-Host "Verifying integrity..."
+        $expectedHash = (Get-Content "${tarFile}.sha256" -Raw).Split()[0]
+        $actualHash = (Get-FileHash -Path $tarFile -Algorithm SHA256).Hash
+        
+        if ($expectedHash -ne $actualHash) {
+            throw "Checksum verification failed!"
+        }
+        Remove-Item "${tarFile}.sha256"
+    } catch {
+        Write-Warning "Checksum verification skipped (not available or failed): $_"
+    }
 
     # Extract the tar.gz file
     Write-Host "Extracting assets..."
     tar -xzf $tarFile
 
     # Clean up the downloaded archive
     Remove-Item $tarFile
 
     Write-Host "Download complete!"
 } catch {
     Write-Error "Failed to download or extract playground assets: $_"
     exit 1
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tools/scripts/download_playground.ps1` around lines 5 - 24, Add SHA256
integrity verification for the downloaded artifact by introducing an expected
hash variable (e.g., $expectedHash) and after Invoke-WebRequest compute the file
hash with Get-FileHash (or similar) for $tarFile, compare the computed hash to
$expectedHash, and if they differ log a clear error and exit before calling tar
or Remove-Item; ensure the try/catch around Invoke-WebRequest and extraction
also reports both expected and actual hashes on failure so Invoke-WebRequest,
$tarFile, tar, and Remove-Item are only used after successful verification.

tools/scripts/download_playground.sh (1)

7-7: Consider adding integrity verification and improved error handling.

While not blocking for this version bump, consider these improvements for better security and user experience:

1. Checksum verification: Validate the downloaded artifact's integrity using SHA256 checksums to prevent tampering or corruption.
2. Error messages: Add explicit error messages when the download fails, similar to the PowerShell script's error handling.

🔒 Example implementation with checksums and error handling

 #!/usr/bin/env bash
 
 # Download static assets from: `github.com/sourcenetwork/defradb-playground`.
 #
 # Bump the release tag in the URL below to change versions.
 
-curl -fsSL https://github.com/sourcenetwork/defradb-playground/releases/download/v1.0.1/dist.tar.gz | tar xzf -
+set -e
+
+VERSION="v1.0.1"
+URL="https://github.com/sourcenetwork/defradb-playground/releases/download/${VERSION}/dist.tar.gz"
+CHECKSUM_URL="${URL}.sha256"
+
+echo "Downloading playground assets..."
+if ! curl -fsSL "$URL" -o dist.tar.gz; then
+  echo "Error: Failed to download playground assets from $URL" >&2
+  exit 1
+fi
+
+# Optional: Verify checksum if available
+if curl -fsSL "$CHECKSUM_URL" -o dist.tar.gz.sha256 2>/dev/null; then
+  echo "Verifying checksum..."
+  shasum -a 256 -c dist.tar.gz.sha256 || exit 1
+  rm dist.tar.gz.sha256
+fi
+
+echo "Extracting assets..."
+tar xzf dist.tar.gz && rm dist.tar.gz
+
+echo "Download complete!"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tools/scripts/download_playground.sh` at line 7, The curl+tar pipeline in
download_playground.sh (the line using "curl -fsSL
https://github.com/sourcenetwork/defradb-playground/releases/download/v1.0.1/dist.tar.gz
| tar xzf -") should be hardened: download the artifact to a temporary file
instead of streaming, then fetch or embed a SHA256 checksum and verify it with
sha256sum (or shasum -a 256) before extracting; add explicit error checks after
each step (download, checksum verification, extraction) that print a clear error
message to stderr and exit non‑zero on failure, mirroring the PowerShell
script's behavior. Ensure temporary files are cleaned up on exit/failure and use
unique filenames so the new flow clearly replaces the original curl|tar
pipeline.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@tools/scripts/download_playground.ps1`:
- Around line 5-24: Add SHA256 integrity verification for the downloaded
artifact by introducing an expected hash variable (e.g., $expectedHash) and
after Invoke-WebRequest compute the file hash with Get-FileHash (or similar) for
$tarFile, compare the computed hash to $expectedHash, and if they differ log a
clear error and exit before calling tar or Remove-Item; ensure the try/catch
around Invoke-WebRequest and extraction also reports both expected and actual
hashes on failure so Invoke-WebRequest, $tarFile, tar, and Remove-Item are only
used after successful verification.

In `@tools/scripts/download_playground.sh`:
- Line 7: The curl+tar pipeline in download_playground.sh (the line using "curl
-fsSL
https://github.com/sourcenetwork/defradb-playground/releases/download/v1.0.1/dist.tar.gz
| tar xzf -") should be hardened: download the artifact to a temporary file
instead of streaming, then fetch or embed a SHA256 checksum and verify it with
sha256sum (or shasum -a 256) before extracting; add explicit error checks after
each step (download, checksum verification, extraction) that print a clear error
message to stderr and exit non‑zero on failure, mirroring the PowerShell
script's behavior. Ensure temporary files are cleaned up on exit/failure and use
unique filenames so the new flow clearly replaces the original curl|tar
pipeline.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9c23ac9b-0e45-497c-9b41-48d71632257a

📥 Commits

Reviewing files that changed from the base of the PR and between 4480bfd and d782139.

📒 Files selected for processing (2)

• tools/scripts/download_playground.ps1
• tools/scripts/download_playground.sh

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (48)

• GitHub Check: Test coverage job (go, file, gql)
• GitHub Check: Test coverage job (cli, file, collection-save)
• GitHub Check: Test coverage job (cli, memory, gql)
• GitHub Check: Test coverage job (go, memory, collection-named)
• GitHub Check: Test coverage job (c, memory, gql)
• GitHub Check: Test coverage job (c, file, collection-named)
• GitHub Check: Test coverage job (cli, memory, collection-save)
• GitHub Check: Test coverage job (c, file, collection-save)
• GitHub Check: Test coverage job (c, memory, collection-named)
• GitHub Check: Test coverage job (http, memory, collection-named)
• GitHub Check: Test coverage job (c, memory, collection-save)
• GitHub Check: Test coverage job (go, memory, collection-save)
• GitHub Check: Test coverage job (cli, file, gql)
• GitHub Check: Test coverage job (http, memory, collection-save)
• GitHub Check: Test coverage job (cli, file, collection-named)
• GitHub Check: Test coverage job (cli, memory, collection-named)
• GitHub Check: Test coverage job (c, file, gql)
• GitHub Check: Test coverage job (http, file, collection-named)
• GitHub Check: Test coverage job (go, memory, gql)
• GitHub Check: Test coverage job (go, file, collection-named)
• GitHub Check: Test coverage job (http, file, collection-save)
• GitHub Check: Test coverage job (http, memory, gql)
• GitHub Check: Test coverage job (http, file, gql)
• GitHub Check: Test coverage job (go, file, collection-save)
• GitHub Check: Test coverage document acp job (c, source-hub)
• GitHub Check: Test coverage document acp job (cli, source-hub)
• GitHub Check: Test coverage secondary index job
• GitHub Check: Test coverage encryption job
• GitHub Check: Test macos job
• GitHub Check: Test coverage document acp job (go, source-hub)
• GitHub Check: Test coverage leveldb job
• GitHub Check: Test coverage lens job (wazero)
• GitHub Check: Test coverage telemetry job
• GitHub Check: Test coverage document acp job (http, source-hub)
• GitHub Check: Test coverage view job
• GitHub Check: Test coverage JS job
• GitHub Check: Check mocks job
• GitHub Check: Check wizard health job
• GitHub Check: Check data format changes job
• GitHub Check: Test NPX/JS build job
• GitHub Check: Test Limited Resource job
• GitHub Check: Lint GoLang job
• GitHub Check: Check vulnerabilities job
• GitHub Check: Validate containerfile job
• GitHub Check: Start binary job
• GitHub Check: Build dependencies job
• GitHub Check: Check cli documentation job
• GitHub Check: Check http documentation job

🔇 Additional comments (2)

tools/scripts/download_playground.sh (1)

7-7: v1.0.1 release verified as accessible.

The v1.0.1 release and dist.tar.gz artifact have been confirmed to exist and are accessible for download (HTTP 200 response).

tools/scripts/download_playground.ps1 (1)

5-5: The v1.0.1 release exists and the artifact is accessible.

The dist.tar.gz artifact is available for download at the specified URL in the PowerShell script.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.82%. Comparing base (1476ff0) to head (7342c1f).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #4637      +/-   ##
===========================================
+ Coverage    76.81%   76.82%   +0.01%     
===========================================
  Files          529      529              
  Lines        42793    42793              
===========================================
+ Hits         32869    32872       +3     
+ Misses        7416     7415       -1     
+ Partials      2508     2506       -2     

Flag	Coverage Δ
all-tests	76.82% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 9 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1476ff0...7342c1f. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fredcarle]

LGTM. Please create an issue and link it to the PR. It helps with tracking.