From c80b1189636930f7147e03c9b2b068ebe69a9712 Mon Sep 17 00:00:00 2001 From: Chummy Date: Mon, 16 Feb 2026 04:03:29 +0800 Subject: [PATCH] fix(docker): pin builder to bookworm to avoid glibc runtime mismatch * fix(docker): pin builder to bookworm for glibc compatibility * ci: skip rust lint on non-Rust PRs and allow 0BSD * ci: pin actionlint action to existing release tag * ci: make docs-only matcher shellcheck-clean --------- Co-authored-by: chumyin --- .github/workflows/ci.yml | 46 ++++++++++++++++++++++----- .github/workflows/workflow-sanity.yml | 2 +- Dockerfile | 4 ++- deny.toml | 1 + 4 files changed, 43 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 93136e3..86583b2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,14 +53,18 @@ jobs: docs_only=true while IFS= read -r file; do [ -z "$file" ] && continue - case "$file" in - docs/*|*.md|*.mdx|LICENSE|.github/ISSUE_TEMPLATE/*|.github/pull_request_template.md) - ;; - *) - docs_only=false - break - ;; - esac + + if [[ "$file" == docs/* ]] \ + || [[ "$file" == *.md ]] \ + || [[ "$file" == *.mdx ]] \ + || [[ "$file" == "LICENSE" ]] \ + || [[ "$file" == .github/ISSUE_TEMPLATE/* ]] \ + || [[ "$file" == .github/pull_request_template.md ]]; then + continue + fi + + docs_only=false + break done <<< "$CHANGED" echo "docs_only=$docs_only" >> "$GITHUB_OUTPUT" @@ -73,12 +77,38 @@ jobs: timeout-minutes: 20 steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 + - name: Detect Rust source changes + id: rust_changes + shell: bash + run: | + set -euo pipefail + + if [ "${{ github.event_name }}" = "pull_request" ]; then + BASE="${{ github.event.pull_request.base.sha }}" + CHANGED="$(git diff --name-only "$BASE" HEAD -- '*.rs' || true)" + else + CHANGED="$(git diff --name-only "${{ github.event.before }}" HEAD -- '*.rs' || true)" + fi + + if [ -z "$CHANGED" ]; then + echo "has_rust_changes=false" >> "$GITHUB_OUTPUT" + exit 0 + fi + + echo "has_rust_changes=true" >> "$GITHUB_OUTPUT" - name: Run rustfmt + if: steps.rust_changes.outputs.has_rust_changes == 'true' run: cargo fmt --all -- --check - name: Run clippy + if: steps.rust_changes.outputs.has_rust_changes == 'true' run: cargo clippy --all-targets -- -D warnings + - name: Skip rust lint (no Rust changes) + if: steps.rust_changes.outputs.has_rust_changes != 'true' + run: echo "No Rust source changes detected; skipping rustfmt and clippy." test: name: Test diff --git a/.github/workflows/workflow-sanity.yml b/.github/workflows/workflow-sanity.yml index 7c1391d..fda65d4 100644 --- a/.github/workflows/workflow-sanity.yml +++ b/.github/workflows/workflow-sanity.yml @@ -60,4 +60,4 @@ jobs: uses: actions/checkout@v4 - name: Lint GitHub workflows - uses: rhysd/actionlint@v1 + uses: rhysd/actionlint@v1.7.11 diff --git a/Dockerfile b/Dockerfile index d475b28..f26aed5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ # syntax=docker/dockerfile:1 # ── Stage 1: Build ──────────────────────────────────────────── -FROM rust:1.93-slim AS builder +# Keep builder and release on Debian 12 to avoid GLIBC ABI drift +# (`rust:1.93-slim` now tracks Debian 13 and can require newer glibc than distroless Debian 12). +FROM rust:1.93-slim-bookworm AS builder WORKDIR /app diff --git a/deny.toml b/deny.toml index 93bd114..e289a26 100644 --- a/deny.toml +++ b/deny.toml @@ -19,6 +19,7 @@ allow = [ "Zlib", "MPL-2.0", "CDLA-Permissive-2.0", + "0BSD", ] unused-allowed-license = "allow"