From 30d26ed0c16d6df4d41a7a922cc52d9382435f35 Mon Sep 17 00:00:00 2001 From: Shaun Arman Date: Sun, 12 Apr 2026 20:07:20 -0500 Subject: [PATCH] =?UTF-8?q?fix(ci):=20address=20second=20AI=20review=20?= =?UTF-8?q?=E2=80=94=20||=20true,=20ca-certs,=20cache@v4,=20key=20suffixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dockerfiles: - Remove || true from rustup component add in all three Linux images; rust:1.88-slim default profile already includes both components so the command is a clean no-op, not a failure risk — silencing errors served no purpose and only hid potential toolchain issues - Add ca-certificates explicitly to Dockerfile.linux-amd64 and Dockerfile.windows-cross (rust:1.88-slim includes it, but being explicit is consistent with the arm64 fix and future-proofs against base image changes) Workflows: - Upgrade actions/cache@v3 → @v4 across test.yml and auto-tag.yml (v3 deprecated; v4 has parallel uploads and better large-cache support) - Add linux-amd64 suffix to cargo cache keys in test.yml Rust jobs and auto-tag.yml build-linux-amd64 job; all four jobs target the same architecture and now share a cache, benefiting from cross-job hits (registry cache is source tarballs, not compiled artifacts — no pollution risk between targets) Not changed: - alpine:latest + docker-cli in build-images.yml is correct; the reviewer confused DinD with socket passthrough — docker:24-cli also has no daemon, both use the host socket; the builds already proved alpine works - curl|bash for rustup is the official install method; rustup.rs publishes no checksums for the installer script itself --- .docker/Dockerfile.linux-amd64 | 3 ++- .docker/Dockerfile.linux-arm64 | 2 +- .docker/Dockerfile.windows-cross | 1 + .gitea/workflows/auto-tag.yml | 16 ++++++++-------- .gitea/workflows/test.yml | 22 +++++++++++----------- 5 files changed, 23 insertions(+), 21 deletions(-) diff --git a/.docker/Dockerfile.linux-amd64 b/.docker/Dockerfile.linux-amd64 index 922a937a..1dbb3cc5 100644 --- a/.docker/Dockerfile.linux-amd64 +++ b/.docker/Dockerfile.linux-amd64 @@ -8,6 +8,7 @@ FROM rust:1.88-slim RUN apt-get update -qq \ && apt-get install -y -qq --no-install-recommends \ + ca-certificates \ libwebkit2gtk-4.1-dev \ libssl-dev \ libgtk-3-dev \ @@ -24,4 +25,4 @@ RUN apt-get update -qq \ && rm -rf /var/lib/apt/lists/* RUN rustup target add x86_64-unknown-linux-gnu \ - && rustup component add rustfmt clippy || true + && rustup component add rustfmt clippy diff --git a/.docker/Dockerfile.linux-arm64 b/.docker/Dockerfile.linux-arm64 index 20536949..328a33ef 100644 --- a/.docker/Dockerfile.linux-arm64 +++ b/.docker/Dockerfile.linux-arm64 @@ -43,6 +43,6 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \ RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ --default-toolchain 1.88.0 --profile minimal --no-modify-path \ && /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu \ - && (/root/.cargo/bin/rustup component add rustfmt clippy || true) + && /root/.cargo/bin/rustup component add rustfmt clippy ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/.docker/Dockerfile.windows-cross b/.docker/Dockerfile.windows-cross index 879934fb..bbef7507 100644 --- a/.docker/Dockerfile.windows-cross +++ b/.docker/Dockerfile.windows-cross @@ -8,6 +8,7 @@ FROM rust:1.88-slim RUN apt-get update -qq \ && apt-get install -y -qq --no-install-recommends \ + ca-certificates \ mingw-w64 \ curl \ nsis \ diff --git a/.gitea/workflows/auto-tag.yml b/.gitea/workflows/auto-tag.yml index dd48d02c..03680170 100644 --- a/.gitea/workflows/auto-tag.yml +++ b/.gitea/workflows/auto-tag.yml @@ -141,17 +141,17 @@ jobs: git fetch --depth=1 origin "$GITHUB_SHA" git checkout FETCH_HEAD - name: Cache cargo registry - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cargo/registry/index ~/.cargo/registry/cache ~/.cargo/git/db - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} restore-keys: | - ${{ runner.os }}-cargo- + ${{ runner.os }}-cargo-linux-amd64- - name: Cache npm - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -234,7 +234,7 @@ jobs: git fetch --depth=1 origin "$GITHUB_SHA" git checkout FETCH_HEAD - name: Cache cargo registry - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cargo/registry/index @@ -244,7 +244,7 @@ jobs: restore-keys: | ${{ runner.os }}-cargo-windows- - name: Cache npm - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -418,7 +418,7 @@ jobs: git fetch --depth=1 origin "$GITHUB_SHA" git checkout FETCH_HEAD - name: Cache cargo registry - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cargo/registry/index @@ -428,7 +428,7 @@ jobs: restore-keys: | ${{ runner.os }}-cargo-arm64- - name: Cache npm - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index a87baff0..c4347717 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -28,15 +28,15 @@ jobs: fi git checkout FETCH_HEAD - name: Cache cargo registry - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cargo/registry/index ~/.cargo/registry/cache ~/.cargo/git/db - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} restore-keys: | - ${{ runner.os }}-cargo- + ${{ runner.os }}-cargo-linux-amd64- - run: cargo fmt --manifest-path src-tauri/Cargo.toml --check rust-clippy: @@ -63,15 +63,15 @@ jobs: fi git checkout FETCH_HEAD - name: Cache cargo registry - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cargo/registry/index ~/.cargo/registry/cache ~/.cargo/git/db - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} restore-keys: | - ${{ runner.os }}-cargo- + ${{ runner.os }}-cargo-linux-amd64- - run: cargo clippy --locked --manifest-path src-tauri/Cargo.toml -- -D warnings rust-tests: @@ -98,15 +98,15 @@ jobs: fi git checkout FETCH_HEAD - name: Cache cargo registry - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cargo/registry/index ~/.cargo/registry/cache ~/.cargo/git/db - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + key: ${{ runner.os }}-cargo-linux-amd64-${{ hashFiles('**/Cargo.lock') }} restore-keys: | - ${{ runner.os }}-cargo- + ${{ runner.os }}-cargo-linux-amd64- - run: cargo test --locked --manifest-path src-tauri/Cargo.toml -- --test-threads=1 frontend-typecheck: @@ -134,7 +134,7 @@ jobs: fi git checkout FETCH_HEAD - name: Cache npm - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} @@ -168,7 +168,7 @@ jobs: fi git checkout FETCH_HEAD - name: Cache npm - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}