sarman/tftsr-devops_investigation
1
0
Fork 0
Code Issues 1 Pull Requests Actions 34 Packages Projects 3 Releases 9 Wiki Activity
16930dca70
tftsr-devops_investigation/.gitea/workflows
History
Shaun Arman 16930dca70 fix(ci): address AI review — rustup idempotency and cargo --locked 
Dockerfiles:
- Merge rustup target add and component add into one chained RUN with
  || true guard, making it safe if rustfmt/clippy are already present
  in the base image's default toolchain profile (rust:1.88-slim default
  profile includes both; the guard is belt-and-suspenders)

test.yml:
- Add --locked to cargo clippy and cargo test to enforce Cargo.lock
  during CI, preventing silent dependency upgrades

Not addressed (accepted/out of scope):
- git in images: already installed in all three Dockerfiles (lines 19,
  13, 15 respectively) — reviewer finding was incorrect
- HTTP registry: accepted risk for air-gapped self-hosted infrastructure
- Image signing (Cosign): no infrastructure in place yet
- Hardcoded registry IP: consistent with project-wide pattern
2026-04-12 20:16:32 -05:00
..
auto-tag.yml perf(ci): use pre-baked images and add cargo/npm caching 2026-04-12 20:16:32 -05:00
build-images.yml fix(ci): remove explicit docker.sock mount — act_runner mounts it automatically 2026-04-05 21:18:11 -05:00
pr-review.yml fix: harden pr-review workflow — secret redaction, log safety, auth header 2026-04-12 18:03:17 -05:00
test.yml fix(ci): address AI review — rustup idempotency and cargo --locked 2026-04-12 20:16:32 -05:00