funman300/Ferrous-Solitaire
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 29 Wiki Activity

fix(ci): remove Quaternions registry auth; add canvas WASM drift guard

Browse Source 
Dockerfile:
- Drop --mount=type=secret,id=cargo_token: the Quaternions private
  registry has been migrated to the public Cargo.io path so the build
  secret is no longer needed. Removes the requirement for CI_TOKEN to
  carry registry credentials.

CI workflow (docker-build.yml):
- Add solitaire_wasm/** and solitaire_web/** to the push-trigger paths
  so changes to either WASM crate actually fire the build job.
- Add wasm drift check for solitaire_wasm artifacts (solitaire_wasm.js,
  solitaire_wasm_bg.wasm) — exits 1 if solitaire_wasm/ or solitaire_core/
  changed without updating the committed pkg files.
- Add hard canvas drift check: solitaire_web/ changes MUST update
  canvas_bg.wasm or the deploy gets a stale Bevy binary.
- Add advisory notice for solitaire_engine/ / solitaire_core/ changes
  that omit a canvas_bg.wasm rebuild (non-blocking; formatting commits
  should not fail CI).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
funman300
2026-06-02 12:20:56 -07:00
parent 64f975ed6d
commit 9ff0585454
2 changed files with 47 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
solitaire_server/Dockerfile
+3 -8
View File
@@ -34,11 +34,8 @@ RUN for crate in solitaire_core solitaire_sync solitaire_data solitaire_engine \
echo "fn main() {}" > solitaire_app/src/main.rs && \
echo "fn main() {}" > solitaire_assetgen/src/main.rs
# The Quaternions registry requires authentication. CI passes CI_TOKEN as a
# build secret so it never appears in image layers or docker history.
RUN --mount=type=secret,id=cargo_token,required=true \
CARGO_REGISTRIES_QUATERNIONS_TOKEN="Bearer $(cat /run/secrets/cargo_token)" \
cargo fetch --locked
# Registry config comes from .cargo/config.toml copied above.
RUN cargo fetch --locked
# Now copy real source and build in release mode.
COPY solitaire_core/src ./solitaire_core/src
@@ -51,9 +48,7 @@ COPY solitaire_server/migrations ./solitaire_server/migrations
COPY .sqlx ./.sqlx
ENV SQLX_OFFLINE=true
RUN --mount=type=secret,id=cargo_token,required=true \
CARGO_REGISTRIES_QUATERNIONS_TOKEN="Bearer $(cat /run/secrets/cargo_token)" \
cargo build --release --locked -p solitaire_server --bin solitaire_server
RUN cargo build --release --locked -p solitaire_server --bin solitaire_server
# --- Runtime stage ---
FROM debian:bookworm-slim