Comparing a365cba30e..30d26ed0c1 - tftsr-devops_investigation - Gitea: Git with a cup of tea

sarman/tftsr-devops_investigation

Author	SHA1	Message	Date
Shaun Arman	30d26ed0c1	fix(ci): address second AI review — \|\| true, ca-certs, cache@v4, key suffixes All checks were successful Test / frontend-typecheck (pull_request) Successful in 2m35s Details Test / frontend-tests (pull_request) Successful in 2m39s Details PR Review Automation / review (pull_request) Successful in 2m49s Details Test / rust-clippy (pull_request) Successful in 4m7s Details Test / rust-fmt-check (pull_request) Successful in 13s Details Test / rust-tests (pull_request) Successful in 3m37s Details Dockerfiles: - Remove \|\| true from rustup component add in all three Linux images; rust:1.88-slim default profile already includes both components so the command is a clean no-op, not a failure risk — silencing errors served no purpose and only hid potential toolchain issues - Add ca-certificates explicitly to Dockerfile.linux-amd64 and Dockerfile.windows-cross (rust:1.88-slim includes it, but being explicit is consistent with the arm64 fix and future-proofs against base image changes) Workflows: - Upgrade actions/cache@v3 → @v4 across test.yml and auto-tag.yml (v3 deprecated; v4 has parallel uploads and better large-cache support) - Add linux-amd64 suffix to cargo cache keys in test.yml Rust jobs and auto-tag.yml build-linux-amd64 job; all four jobs target the same architecture and now share a cache, benefiting from cross-job hits (registry cache is source tarballs, not compiled artifacts — no pollution risk between targets) Not changed: - alpine:latest + docker-cli in build-images.yml is correct; the reviewer confused DinD with socket passthrough — docker:24-cli also has no daemon, both use the host socket; the builds already proved alpine works - curl\|bash for rustup is the official install method; rustup.rs publishes no checksums for the installer script itself	2026-04-12 20:07:20 -05:00
Shaun Arman	397cef383d	fix(ci): resolve test.yml failures — Cargo.lock, updated test assertions All checks were successful Test / rust-fmt-check (pull_request) Successful in 11s Details Test / frontend-typecheck (pull_request) Successful in 1m11s Details Test / frontend-tests (pull_request) Successful in 1m16s Details PR Review Automation / review (pull_request) Successful in 3m29s Details Test / rust-clippy (pull_request) Successful in 4m2s Details Test / rust-tests (pull_request) Successful in 5m21s Details Cargo.lock: - Commit the pre-existing version bump (0.1.0 → 0.2.50) so cargo --locked does not fail in CI; Cargo.toml already at 0.2.50 releaseWorkflowCrossPlatformArtifacts.test.ts: - Update test that previously checked for ubuntu:22.04 / ports mirror inline in auto-tag.yml; that setup moved to the pre-baked trcaa-linux-arm64 image so the test now verifies the image reference and cross-compile env vars instead ciDockerBuilders.test.ts: - Update test that checked for docker:24-cli; changed to alpine:latest + docker-cli to avoid act_runner v0.3.1 duplicate socket mount bug; negative assertion on docker:24-cli retained	2026-04-12 19:59:41 -05:00
Shaun Arman	84dd6d57c3	fix(docker): add ca-certificates to arm64 base image step 1 Some checks failed Test / rust-fmt-check (pull_request) Successful in 11s Details Test / frontend-typecheck (pull_request) Successful in 1m29s Details PR Review Automation / review (pull_request) Successful in 3m49s Details Test / rust-tests (pull_request) Failing after 14s Details Test / rust-clippy (pull_request) Failing after 18s Details Test / frontend-tests (pull_request) Failing after 1m12s Details ubuntu:22.04 minimal does not guarantee ca-certificates is present before the multiarch apt operations in Step 2. curl in Step 3 then fails with error 77 (CURLE_SSL_CACERT_BADFILE) when fetching the nodesource setup script over HTTPS.	2026-04-12 19:42:08 -05:00
Shaun Arman	7323c93463	docs(docker): expand rebuild trigger comments to include OpenSSL and Tauri CLI Some checks failed Test / rust-fmt-check (pull_request) Failing after 0s Details Test / rust-clippy (pull_request) Failing after 0s Details Test / rust-tests (pull_request) Failing after 0s Details Test / frontend-tests (pull_request) Failing after 1m19s Details Test / frontend-typecheck (pull_request) Successful in 1m26s Details PR Review Automation / review (pull_request) Successful in 2m55s Details	2026-04-12 18:54:57 -05:00
Shaun Arman	1d0f420042	fix(ci): replace docker:24-cli with alpine + docker-cli in build-images Some checks failed Test / rust-clippy (pull_request) Failing after 1s Details Test / frontend-typecheck (pull_request) Successful in 1m29s Details Test / rust-tests (pull_request) Failing after 1s Details Test / frontend-tests (pull_request) Failing after 1m21s Details PR Review Automation / review (pull_request) Successful in 3m55s Details Test / rust-fmt-check (pull_request) Failing after 1s Details act_runner v0.3.1 has special-case handling for images named docker:*: it automatically adds /var/run/docker.sock to the container's bind mounts. The runner's own global config already mounts the socket, so the two entries collide and the container fails to start with "Duplicate mount point: /var/run/docker.sock". Fix: use alpine:latest (no special handling) and install docker-cli via apk alongside git in each Checkout step. The docker socket is still available via the runner's global bind — we just stop triggering the duplicate.	2026-04-12 18:30:15 -05:00
Shaun Arman	f59559327e	fix(ci): address AI review — rustup idempotency and cargo --locked Some checks failed Test / rust-fmt-check (pull_request) Failing after 0s Details PR Review Automation / review (pull_request) Successful in 4m19s Details Test / rust-clippy (pull_request) Failing after 2s Details Test / frontend-typecheck (pull_request) Successful in 1m45s Details Test / rust-tests (pull_request) Failing after 1s Details Test / frontend-tests (pull_request) Failing after 1m35s Details Dockerfiles: - Merge rustup target add and component add into one chained RUN with \|\| true guard, making it safe if rustfmt/clippy are already present in the base image's default toolchain profile (rust:1.88-slim default profile includes both; the guard is belt-and-suspenders) test.yml: - Add --locked to cargo clippy and cargo test to enforce Cargo.lock during CI, preventing silent dependency upgrades Not addressed (accepted/out of scope): - git in images: already installed in all three Dockerfiles (lines 19, 13, 15 respectively) — reviewer finding was incorrect - HTTP registry: accepted risk for air-gapped self-hosted infrastructure - Image signing (Cosign): no infrastructure in place yet - Hardcoded registry IP: consistent with project-wide pattern	2026-04-12 18:28:07 -05:00
Shaun Arman	f1461a0d7e	perf(ci): use pre-baked images and add cargo/npm caching Some checks failed Test / rust-fmt-check (pull_request) Failing after 1s Details Test / frontend-typecheck (pull_request) Successful in 2m47s Details Test / rust-clippy (pull_request) Failing after 1s Details Test / rust-tests (pull_request) Failing after 0s Details PR Review Automation / review (pull_request) Successful in 3m25s Details Test / frontend-tests (pull_request) Failing after 1m33s Details Switch all test and release build jobs from raw base images to the pre-baked images already defined in .docker/ and pushed to the local Gitea registry. Add actions/cache@v3 for Cargo registry and npm to eliminate redundant downloads on subsequent runs. Changes: - Dockerfile.linux-amd64/arm64: bake in rustfmt and clippy components - test.yml: rust jobs → trcaa-linux-amd64:rust1.88-node22; drop inline apt-get and rustup component-add steps; add cargo cache - test.yml: frontend jobs → add npm cache - auto-tag.yml: build-linux-amd64 → trcaa-linux-amd64; drop Install dependencies step and rustup target add - auto-tag.yml: build-windows-amd64 → trcaa-windows-cross; drop Install dependencies step and rustup target add - auto-tag.yml: build-linux-arm64 → trcaa-linux-arm64 (ubuntu:22.04-based); drop ~40-line Install dependencies step, . "$HOME/.cargo/env", and rustup target add (all pre-baked in image ENV PATH) - All build jobs: add cargo and npm cache steps - docs/wiki/CICD-Pipeline.md: document pre-baked images, cache keys, and insecure-registries daemon prerequisite Expected savings: ~70% faster PR test suite (~1.5 min vs ~5 min), ~72% faster release builds (~7 min vs ~25 min) after cache warms up. NOTE: Trigger build-images.yml via workflow_dispatch before merging to ensure images contain rustfmt/clippy before workflow changes land.	2026-04-12 18:17:35 -05:00

Diff Content Not Available