Dockerfiles:
- Merge rustup target add and component add into one chained RUN with
|| true guard, making it safe if rustfmt/clippy are already present
in the base image's default toolchain profile (rust:1.88-slim default
profile includes both; the guard is belt-and-suspenders)
test.yml:
- Add --locked to cargo clippy and cargo test to enforce Cargo.lock
during CI, preventing silent dependency upgrades
Not addressed (accepted/out of scope):
- git in images: already installed in all three Dockerfiles (lines 19,
13, 15 respectively) — reviewer finding was incorrect
- HTTP registry: accepted risk for air-gapped self-hosted infrastructure
- Image signing (Cosign): no infrastructure in place yet
- Hardcoded registry IP: consistent with project-wide pattern
Switch all test and release build jobs from raw base images to the
pre-baked images already defined in .docker/ and pushed to the local
Gitea registry. Add actions/cache@v3 for Cargo registry and npm to
eliminate redundant downloads on subsequent runs.
Changes:
- Dockerfile.linux-amd64/arm64: bake in rustfmt and clippy components
- test.yml: rust jobs → trcaa-linux-amd64:rust1.88-node22; drop inline
apt-get and rustup component-add steps; add cargo cache
- test.yml: frontend jobs → add npm cache
- auto-tag.yml: build-linux-amd64 → trcaa-linux-amd64; drop Install
dependencies step and rustup target add
- auto-tag.yml: build-windows-amd64 → trcaa-windows-cross; drop Install
dependencies step and rustup target add
- auto-tag.yml: build-linux-arm64 → trcaa-linux-arm64 (ubuntu:22.04-based);
drop ~40-line Install dependencies step, . "$HOME/.cargo/env", and
rustup target add (all pre-baked in image ENV PATH)
- All build jobs: add cargo and npm cache steps
- docs/wiki/CICD-Pipeline.md: document pre-baked images, cache keys,
and insecure-registries daemon prerequisite
Expected savings: ~70% faster PR test suite (~1.5 min vs ~5 min),
~72% faster release builds (~7 min vs ~25 min) after cache warms up.
NOTE: Trigger build-images.yml via workflow_dispatch before merging
to ensure images contain rustfmt/clippy before workflow changes land.
Add three Dockerfiles under .docker/ and a build-images.yml workflow that
pushes them to the local Gitea container registry (172.0.0.29:3000).
Each image pre-installs all system deps, Node.js 22, and the Rust cross-
compilation target so release builds can skip apt-get entirely:
trcaa-linux-amd64:rust1.88-node22 — webkit2gtk, gtk3, all Tauri deps
trcaa-windows-cross:rust1.88-node22 — mingw-w64, nsis, Windows target
trcaa-linux-arm64:rust1.88-node22 — arm64 multiarch dev libs, Rust 1.88
build-images.yml triggers automatically when .docker/ changes on master
and supports workflow_dispatch for manual/first-time builds.
auto-tag.yml is NOT changed in this commit — switch it to use the new
images in the follow-up PR (after images are pushed to the registry).
One-time server setup required before first use:
echo '{"insecure-registries":["172.0.0.29:3000"]}' \
| sudo tee /etc/docker/daemon.json && sudo systemctl restart docker
