Directly specify libsodium library paths via SODIUM_LIB_DIR environment
variable instead of relying on pkg-config detection. This is the highest
priority method in libsodium-sys-stable's build.rs and bypasses all
pkg-config/vcpkg logic.
Platform-specific paths:
- Linux x86_64: /usr/lib/x86_64-linux-gnu
- Linux aarch64: /usr/lib/aarch64-linux-gnu
- Windows MinGW: /usr/x86_64-w64-mingw32/lib
Changes:
- test.yml: Add SODIUM_LIB_DIR to all cargo commands
- auto-tag.yml: Add SODIUM_LIB_DIR to all build jobs
This resolves "libsodium not found via pkg-config or vcpkg" by telling
the build script exactly where libsodium is installed.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The test.yml workflow's rust-fmt-check, rust-clippy, and rust-tests
jobs were missing libsodium-dev package installation. With the new
use-pkg-config feature enabled, pkg-config must be able to find
libsodium system libraries.
This resolves "libsodium not found via pkg-config" failures in the
test pipeline.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Resolves intermittent ECONNRESET failures in CI by adding 3-retry loop
with 5s backoff to all npm ci/install steps. Also adds --prefer-offline
and --no-audit flags to reduce registry dependency.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add release-beta.yml: triggers on push to beta, creates
v{CARGO}-beta.N pre-release tags with prerelease: true, builds all
four platforms; tag counter resets when Cargo.toml version bumps
- Add beta to test.yml push triggers so CI runs on direct pushes to
beta (pull_request already covers PRs targeting beta)
- Implement update_channel in AppSettings (state.rs) with serde
default "stable"; wire get/set_update_channel commands to AppState
instead of returning hardcoded stubs
- Implement channel-aware check_app_updates: queries /releases?limit=20
and picks first non-draft release matching the active channel
(stable = !prerelease, beta = prerelease), skipping drafts
- Document two-channel strategy in docs/wiki/CICD-Pipeline.md
Manual steps still required in Gitea UI:
1. Create beta branch from master
2. Apply same branch protection rules as master to beta
3. Set repo default PR target branch to beta
Fix for dbus-1 and webkit build errors:
'Package dbus-1 was not found in the pkg-config search path'
**Problem:**
rustlang/rust:nightly is a minimal image with only rustc/cargo.
Tauri requires system libraries: webkit2gtk, dbus, gtk, ssl, etc.
Without these, cargo build fails with missing pkg-config packages.
**Solution:**
Added system dependency installation step to all Rust jobs:
- libwebkit2gtk-4.1-dev (WebView)
- libdbus-1-dev (D-Bus IPC)
- libgtk-3-dev (GTK UI)
- libayatana-appindicator3-dev (System tray)
- librsvg2-dev (SVG rendering)
- libssl-dev (OpenSSL)
- pkg-config (Build tool)
**Changed Jobs:**
- rust-fmt-check: Added system deps before rustfmt
- rust-clippy: Added system deps before clippy
- rust-tests: Added system deps before tests
**Why Each Job Needs Deps:**
All jobs run 'cargo' commands which trigger dependency builds.
Even 'cargo fmt' can trigger builds if dependencies aren't cached.
System libraries must be present for Tauri crates to compile.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix for pxfm-0.1.29 parse error:
'feature `edition2024` is required'
**Problem:**
The pxfm dependency (via moxcms → image processing) requires edition2024,
which is NOT stabilized even in Rust 1.83 stable. Error:
'edition2024 is not stabilized in this version of Cargo (1.83.0)'
**Solution:**
Switched all CI jobs from rust:1.83-bookworm to rustlang/rust:nightly.
Nightly builds include unstable features like edition2024.
**Changed:**
- rust-fmt-check: rust:1.83 → rustlang/rust:nightly
- rust-clippy: rust:1.83 → rustlang/rust:nightly
- rust-tests: rust:1.83 → rustlang/rust:nightly
**Why Nightly:**
Edition2024 is still unstable in Rust 1.83 (released Oct 2024).
Some dependencies in the image processing chain require it.
Nightly is the only option until edition2024 stabilizes.
**Note:**
Local development may use stable Rust if dependency versions are locked.
CI uses nightly to handle bleeding-edge dependencies.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix for Cargo.toml parse error:
'feature `edition2024` is required'
**Problem:**
The toml crate v1.1.2 requires Rust edition2024 feature, which is not
stabilized in Rust 1.82. This causes cargo to fail with:
'feature `edition2024` is required... requires the nightly release'
**Solution:**
Upgraded all workflow jobs from rust:1.82-bookworm to rust:1.83-bookworm.
Rust 1.83 includes the stabilized edition2024 support.
**Changed:**
- rust-fmt-check: rust:1.82 → rust:1.83
- rust-clippy: rust:1.82 → rust:1.83
- rust-tests: rust:1.82 → rust:1.83
**Note:**
Local development uses whatever rustc is installed (currently 1.83+).
CI now matches this requirement.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix for CI failures in rust:1.82-bookworm container:
- 'cargo-clippy' is not installed
- 'cargo-fmt' is not installed
**Solution:**
Added rustup component installation steps:
- rust-fmt-check job: Install rustfmt before format check
- rust-clippy job: Install clippy before linting
**Why Needed:**
The rust:1.82-bookworm Docker image is a minimal Rust installation.
It includes rustc and cargo, but NOT rustfmt or clippy by default.
These must be explicitly installed with 'rustup component add'.
**Verified Locally:**
- ✅ cargo fmt --check passes
- ✅ cargo clippy -- -D warnings passes (0 warnings)
- ✅ cargo test passes (308 tests)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix for CI failure: 'exec: "node": executable file not found in /Users/sarman/.local/bin:/Users/sarman/.bun/bin:/Users/sarman/.codeium/windsurf/bin:/opt/homebrew/bin:/opt/homebrew/sbin:/Users/sarman/.local/bin:/Users/sarman/.opencode/bin:/Users/sarman/.cargo/bin:/opt/homebrew/opt/gnu-sed/libexec/gnubin:/Library/Frameworks/Python.framework/Versions/3.6/bin:/opt/local/bin:/opt/local/sbin:/usr/local/opt/coreutils/libexec/gnubin:/opt/metasploit-framework/bin:/Users/sarman/git/SQL:/Users/sarman/git/mass-scripts:/Users/sarman/gitpersonal:/Users/sarman/git/scripts:/Users/sarman/git/sysadmin-util:/usr/local/mysql/bin:/opt/bin/:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Library/Apple/usr/bin:/Applications/iTerm.app/Contents/Resources/utilities:/libexec/bin:/Users/sarman/bin/:/Users/sarman/bin/mass_scripts/:/usr/local/Cellar/mysql/5.7.21/bin:/usr/local/mariadb10/bin:/Users/sarman/bin/scripts:/Users/sarman/bin/SQL/:/Users/sarman/bin/bert_scripts/:/Users/sarman/bin/ecw/:/Users/sarman/bin/mass-scripts/:/Users/sarman/bin/nhudson:/Users/sarman/bin/personal/:/Users/sarman/bin/python_learning/:/Users/sarman/bin/svn/:/Users/sarman/sysadmin-util/:/Users/sarman/was_scripts/:/Users/sarman/.lmstudio/bin:/Users/sarman/.lmstudio/bin:/Users/sarman/.claude/plugins/cache/claude-plugins-official/swift-lsp/1.0.0/bin:/Users/sarman/.claude/plugins/cache/claude-plugins-official/rust-analyzer-lsp/1.0.0/bin:/Users/sarman/.claude/plugins/cache/knowledge-work-plugins/productivity/1.3.0/bin:/Users/sarman/.claude/plugins/cache/knowledge-work-plugins/customer-support/1.3.0/bin:/Users/sarman/.claude/plugins/cache/knowledge-work-plugins/product-management/1.2.0/bin:/Users/sarman/.claude/plugins/cache/knowledge-work-plugins/engineering/1.2.0/bin'
**Problem:**
- actions/cache@v4 requires Node.js to be installed
- rust:1.82-bookworm container doesn't include Node.js
- Installing Node.js in every job just for caching is wasteful
**Solution:**
- Removed all actions/cache@v4 steps from test.yml
- Self-hosted Gitea runners have local disk - caching less critical
- Simplifies workflow and removes Node.js dependency from Rust-only jobs
**Changes:**
- Removed cache step from rust-fmt-check job
- Removed cache step from rust-clippy job
- Removed cache step from rust-tests job
- Kept Node.js install only in rust-fmt-check (needs it for npm/version script)
**Verified Locally:**
- ✅ All format checks pass
- ✅ All clippy checks pass (0 warnings)
- ✅ All 308 Rust tests pass
- ✅ All 92 frontend tests pass
- ✅ TypeScript compiles (0 errors)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace custom CI image with public rust image to fix workflow failures.
Add Node.js installation step for rust-fmt-check job.
The custom image (gitea.tftsr.com:3000/sarman/trcaa-linux-amd64:rust1.88-node22)
needs to be built via build-images workflow first.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Quote shell:: argument to fix YAML parsing error at line 121.
The double colon was being interpreted as a YAML mapping value.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Update test workflow with shell module tests.
- Add dedicated shell module test step to .gitea/workflows/test.yml
- Tests run with --test-threads=1 for consistency
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace direct Ollama API calls with liteLLM proxy at
172.0.0.29:11434 using qwen2.5-72b (72B VLLM model). Increase
timeouts to 300s for larger model inference. Reuses existing
OLLAMA_API_KEY secret for liteLLM auth.
Also add push-to-master trigger on test.yml so merges to master
run the full CI suite (previously only pull_request events triggered).
- Remove --locked flag from cargo fmt, clippy, and test commands in CI
- Update build.rs to use Rust 2021 direct variable interpolation in format strings
- Add --locked to fmt, clippy, and test commands in CI
- Remove updateCargoLock() and rely on cargo generate-lockfile
- Add .git directory existence check in update-version.mjs
- Use package.json as dynamic fallback instead of hardcoded 0.2.50
- Ensure execSync uses shell: false explicitly
- Replace npm ci with npm install in CI
- Remove --locked flag from cargo clippy/test
- Add cargo generate-lockfile after version update
- Update update-version.mjs with semver validation
- Add build.rs for Rust-level version injection
- Add build.rs to read version from git describe --tags
- Create update-version.mjs script to sync version across files
- Add get_app_version() command to Rust backend
- Update App.tsx to use custom version command
- Run version update in CI before Rust checks
Dockerfiles:
- Remove || true from rustup component add in all three Linux images;
rust:1.88-slim default profile already includes both components so the
command is a clean no-op, not a failure risk — silencing errors served
no purpose and only hid potential toolchain issues
- Add ca-certificates explicitly to Dockerfile.linux-amd64 and
Dockerfile.windows-cross (rust:1.88-slim includes it, but being
explicit is consistent with the arm64 fix and future-proofs against
base image changes)
Workflows:
- Upgrade actions/cache@v3 → @v4 across test.yml and auto-tag.yml
(v3 deprecated; v4 has parallel uploads and better large-cache support)
- Add linux-amd64 suffix to cargo cache keys in test.yml Rust jobs and
auto-tag.yml build-linux-amd64 job; all four jobs target the same
architecture and now share a cache, benefiting from cross-job hits
(registry cache is source tarballs, not compiled artifacts — no
pollution risk between targets)
Not changed:
- alpine:latest + docker-cli in build-images.yml is correct; the reviewer
confused DinD with socket passthrough — docker:24-cli also has no daemon,
both use the host socket; the builds already proved alpine works
- curl|bash for rustup is the official install method; rustup.rs publishes
no checksums for the installer script itself
Dockerfiles:
- Merge rustup target add and component add into one chained RUN with
|| true guard, making it safe if rustfmt/clippy are already present
in the base image's default toolchain profile (rust:1.88-slim default
profile includes both; the guard is belt-and-suspenders)
test.yml:
- Add --locked to cargo clippy and cargo test to enforce Cargo.lock
during CI, preventing silent dependency upgrades
Not addressed (accepted/out of scope):
- git in images: already installed in all three Dockerfiles (lines 19,
13, 15 respectively) — reviewer finding was incorrect
- HTTP registry: accepted risk for air-gapped self-hosted infrastructure
- Image signing (Cosign): no infrastructure in place yet
- Hardcoded registry IP: consistent with project-wide pattern
Switch all test and release build jobs from raw base images to the
pre-baked images already defined in .docker/ and pushed to the local
Gitea registry. Add actions/cache@v3 for Cargo registry and npm to
eliminate redundant downloads on subsequent runs.
Changes:
- Dockerfile.linux-amd64/arm64: bake in rustfmt and clippy components
- test.yml: rust jobs → trcaa-linux-amd64:rust1.88-node22; drop inline
apt-get and rustup component-add steps; add cargo cache
- test.yml: frontend jobs → add npm cache
- auto-tag.yml: build-linux-amd64 → trcaa-linux-amd64; drop Install
dependencies step and rustup target add
- auto-tag.yml: build-windows-amd64 → trcaa-windows-cross; drop Install
dependencies step and rustup target add
- auto-tag.yml: build-linux-arm64 → trcaa-linux-arm64 (ubuntu:22.04-based);
drop ~40-line Install dependencies step, . "$HOME/.cargo/env", and
rustup target add (all pre-baked in image ENV PATH)
- All build jobs: add cargo and npm cache steps
- docs/wiki/CICD-Pipeline.md: document pre-baked images, cache keys,
and insecure-registries daemon prerequisite
Expected savings: ~70% faster PR test suite (~1.5 min vs ~5 min),
~72% faster release builds (~7 min vs ~25 min) after cache warms up.
NOTE: Trigger build-images.yml via workflow_dispatch before merging
to ensure images contain rustfmt/clippy before workflow changes land.
- Add --test-threads=1 flag to all Rust test commands
- Update .gitea/workflows/test.yml to use serial test execution
- Update AGENTS.md to reflect the serial test requirement
Environment variable modifications in Rust tests cause race conditions
when tests run in parallel because std::env is shared global state.
build-linux-arm64: switch from QEMU-emulated linux-arm64 runner to cross-compile
on linux-amd64 using aarch64-linux-gnu toolchain. Removes the uname -m arch guard
that was causing the job to exit immediately (QEMU reports x86_64 as kernel arch),
and fixes the artifact path to the explicit target directory.
All build jobs: replace `cargo install tauri-cli --locked` with `npx tauri build`,
using the pre-compiled @tauri-apps/cli binary from devDependencies. Eliminates the
20-30 min Tauri CLI recompilation on every run.
wiki-sync: move from test.yml to auto-tag.yml. test.yml only fires on pull_request
events so the `if: github.ref == 'refs/heads/master'` guard was never true and the
wiki was never updated. auto-tag.yml triggers on push to master, so wiki sync now
runs on every merge.
Update releaseWorkflowCrossPlatformArtifacts.test.ts to match the new workflow.
Avoid duplicate Test workflow executions by removing push triggers and keeping pull_request validation as the single gate. Also fix remaining clippy format string violations in integration modules to keep rust-clippy passing.
Made-with: Cursor
Avoid rerunning the full test workflow on direct master pushes while keeping pull request validation intact. Update the CI/CD wiki page to reflect the new trigger behavior.
Made-with: Cursor
- Updated wiki-sync job to use secrets.Wiki for authentication
- Simplified clone/push logic with token-based auth
- Wiki push will now succeed with proper credentials
- Bumped version to 0.2.8
The workflow now uses the 'Wiki' secret created in Gitea Actions
to authenticate wiki repository pushes. This fixes the authentication
issue that was preventing automatic wiki synchronization.
- Added wiki-sync job to .gitea/workflows/test.yml
- Runs only on pushes to master branch
- Automatically copies docs/wiki/*.md to Gogs wiki repository
- Supports token-based authentication via secrets.GITHUB_TOKEN
- Handles wiki initialization if repository doesn't exist
- Bumped version to 0.2.7
Wiki sync will now automatically update the Gogs wiki at
https://gogs.tftsr.com/sarman/tftsr-devops_investigation/wiki
whenever docs/wiki/ files are modified on master.
rust:1.88-slim has an empty package cache. apt-get install git
was failing with 'Unable to locate package git'.
Add apt-get update -qq before every apt-get install in checkout steps.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
actions/checkout@v4 requires Node.js which is not in rust:1.88-slim.
Replace with direct git init+fetch+checkout using the Gitea instance URL.
Also fix release.yml: each build job creates the release (idempotent)
and uploads its own artifacts inline via Gitea API.
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
