What happened:
The unit test TestGetPrivateKeyPEM in pkg/router/jwt_test.go randomly fails in CI pipelines (such as the test-coverage check job) even when there are no changes to the JWT or router logic.

The test fails at the assertion assert.Equal(t, manager.privateKey, privateKey) with a diff showing key component byte slices (specifically dQ or Dp) mismatching in length. For example, the original key's precomputed dQ has a length of 128 bytes, but the parsed key's dQ has a length of 127 bytes.

What you expected to happen:
The unit tests should be reliable and deterministic. The test should succeed as long as the generated and parsed RSA keys are mathematically identical (i.e. possess the same E, N, D, and Primes), regardless of minor byte slice formatting or precomputation padding details during ASN.1 serialization/deserialization.

How to reproduce it (as minimally and precisely as possible):
Since the test relies on random key generation (rsa.GenerateKey), it fails sporadically. You can reproduce it locally by running the test in a loop:

for i in {1..200}; do go test -v -run TestGetPrivateKeyPEM ./pkg/router/... || exit 1; done