sarman/tftsr-devops_investigation
1
0
Fork 0
Code Issues 1 Pull Requests Actions 34 Packages Projects 3 Releases 9 Wiki Activity

fix(ci): address AI review — rustup idempotency and cargo --locked
Some checks failed
Test / rust-fmt-check (pull_request) Failing after 0s
Details
PR Review Automation / review (pull_request) Successful in 4m19s
Details
Test / rust-clippy (pull_request) Failing after 2s
Details
Test / frontend-typecheck (pull_request) Successful in 1m45s
Details
Test / rust-tests (pull_request) Failing after 1s
Details
Test / frontend-tests (pull_request) Failing after 1m35s
Details

Browse Source 
Dockerfiles:
- Merge rustup target add and component add into one chained RUN with
  || true guard, making it safe if rustfmt/clippy are already present
  in the base image's default toolchain profile (rust:1.88-slim default
  profile includes both; the guard is belt-and-suspenders)

test.yml:
- Add --locked to cargo clippy and cargo test to enforce Cargo.lock
  during CI, preventing silent dependency upgrades

Not addressed (accepted/out of scope):
- git in images: already installed in all three Dockerfiles (lines 19,
  13, 15 respectively) — reviewer finding was incorrect
- HTTP registry: accepted risk for air-gapped self-hosted infrastructure
- Image signing (Cosign): no infrastructure in place yet
- Hardcoded registry IP: consistent with project-wide pattern
This commit is contained in:
Shaun Arman 2026-04-12 18:28:07 -05:00
parent f1461a0d7e
commit f59559327e
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.docker/Dockerfile.linux-amd64
View File

@ -21,5 +21,5 @@ RUN apt-get update -qq \
&& apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/*
RUN rustup target add x86_64-unknown-linux-gnu
RUN rustup component add rustfmt clippy
RUN rustup target add x86_64-unknown-linux-gnu \
&& rustup component add rustfmt clippy || true

2
.docker/Dockerfile.linux-arm64
View File

@ -41,6 +41,6 @@ RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
--default-toolchain 1.88.0 --profile minimal --no-modify-path \
&& /root/.cargo/bin/rustup target add aarch64-unknown-linux-gnu \
&& /root/.cargo/bin/rustup component add rustfmt clippy
&& (/root/.cargo/bin/rustup component add rustfmt clippy || true)
ENV PATH="/root/.cargo/bin:${PATH}"

4
.gitea/workflows/test.yml
View File

@ -72,7 +72,7 @@ jobs:
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- run: cargo clippy --manifest-path src-tauri/Cargo.toml -- -D warnings
- run: cargo clippy --locked --manifest-path src-tauri/Cargo.toml -- -D warnings
rust-tests:
runs-on: ubuntu-latest
@ -107,7 +107,7 @@ jobs:
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- run: cargo test --manifest-path src-tauri/Cargo.toml -- --test-threads=1
- run: cargo test --locked --manifest-path src-tauri/Cargo.toml -- --test-threads=1
frontend-typecheck:
runs-on: ubuntu-latest