From b340b22f0c23fb4a858afbe5abd1092993664ef2 Mon Sep 17 00:00:00 2001 From: Mohan <86064887+binarybaron@users.noreply.github.com> Date: Thu, 18 Sep 2025 15:19:24 -0400 Subject: [PATCH 1/4] fix(asb, asb-controller): install root certificates in docker image (#569) Co-authored-by: binarybaron --- swap-asb/Dockerfile | 8 ++++++++ swap-controller/Dockerfile | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/swap-asb/Dockerfile b/swap-asb/Dockerfile index f9bbcea6..e5eaf535 100644 --- a/swap-asb/Dockerfile +++ b/swap-asb/Dockerfile @@ -93,6 +93,14 @@ RUN cargo build --release --locked -vv -p swap-controller --bin=asb-controller # Latest Ubuntu 24.04 image as of Tue, 05 Aug 2025 15:34:08 GMT FROM ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061 AS runner +# Install native root certificates +ENV DEBIAN_FRONTEND=noninteractive +RUN --mount=type=cache,target=/var/cache/apt \ + --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y ca-certificates && \ + update-ca-certificates + COPY --from=builder /target/release/asb /bin/asb COPY --from=builder /target/release/asb-controller /bin/asb-controller diff --git a/swap-controller/Dockerfile b/swap-controller/Dockerfile index fa3df2d1..04bb1a95 100644 --- a/swap-controller/Dockerfile +++ b/swap-controller/Dockerfile @@ -12,6 +12,14 @@ RUN cargo build --locked --bin asb-controller --release # Latest Debian Bookworm image as of Tue, 05 Aug 2025 15:34:08 GMT FROM debian:bookworm@sha256:b6507e340c43553136f5078284c8c68d86ec8262b1724dde73c325e8d3dcdeba AS runner +# Install native root certificates +ENV DEBIAN_FRONTEND=noninteractive +RUN --mount=type=cache,target=/var/cache/apt \ + --mount=type=cache,target=/var/lib/apt \ + apt-get update && \ + apt-get install -y ca-certificates && \ + update-ca-certificates + COPY --from=builder /build/target/release/asb-controller /usr/local/bin/asb-controller ENTRYPOINT ["/usr/local/bin/asb-controller"] \ No newline at end of file From 0271abf42a80522d926153102f2da9c237014ff5 Mon Sep 17 00:00:00 2001 From: binarybaron Date: Thu, 18 Sep 2025 17:51:45 -0400 Subject: [PATCH 2/4] fix(ci): try to use posix thread and add custom gcc to path --- .../setup-build-environment/action.yml | 42 ++++++++++++++++++- .../ubuntu_build_x86_86-w64-mingw32-gcc.sh | 2 + 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup-build-environment/action.yml b/.github/actions/setup-build-environment/action.yml index 8e2fd613..17e473a7 100644 --- a/.github/actions/setup-build-environment/action.yml +++ b/.github/actions/setup-build-environment/action.yml @@ -43,6 +43,22 @@ runs: sudo apt update; sudo apt install -y ${{ env.DEPS_GUI_UBUNTU_SPECIFIC }} ${{ env.DEPS_TAURI_LINUX }} ${{ env.DEPS_BUILD_LINUX }} git + - name: Prefer MinGW POSIX threading (Ubuntu cross -> Windows) + if: contains(inputs.host, 'ubuntu') && contains(inputs.target, 'windows') + shell: bash + run: | + # Ensure the system MinGW toolchain uses POSIX threads (not win32) + # This helps any tools that still come from apt (e.g., windres) and is harmless otherwise. + set -euxo pipefail + if command -v update-alternatives >/dev/null 2>&1; then + if [ -x "/usr/bin/x86_64-w64-mingw32-g++-posix" ]; then + sudo update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix || true + fi + if [ -x "/usr/bin/x86_64-w64-mingw32-gcc-posix" ]; then + sudo update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix || true + fi + fi + - name: Install build dependencies (macos) if: contains(inputs.host, 'macos') shell: bash @@ -81,7 +97,8 @@ runs: - name: Install dprint globally shell: bash - run: npm install --global dprint@0.50 # Use npm instead of cargo binstall because the binstall version uses musl which doesn't work + # Use npm instead of cargo binstall because the binstall version uses musl which doesn't work + run: npm install --global dprint@0.50 - name: Install sqlx-cli globally uses: taiki-e/install-action@v2 @@ -104,4 +121,27 @@ runs: if: contains(inputs.target, 'windows') shell: bash run: | + set -euxo pipefail just prepare-windows-build + + # Persist toolchain dir to later steps + if [ -z "${MINGW_TOOLCHAIN_DIR:-}" ]; then + echo "ERROR: MINGW_TOOLCHAIN_DIR was not set by the build script." >&2 + exit 1 + fi + + echo "MINGW_TOOLCHAIN_DIR=$MINGW_TOOLCHAIN_DIR" >> "$GITHUB_ENV" + + TOOLCHAIN_DIR="$MINGW_TOOLCHAIN_DIR" + if [ ! -d "$TOOLCHAIN_DIR" ]; then + echo "ERROR: Custom MinGW toolchain not found at $TOOLCHAIN_DIR" >&2 + echo "The gcc build step should have created it. Check logs for 'prepare-windows-build'." >&2 + exit 1 + fi + + echo "$TOOLCHAIN_DIR" >> "$GITHUB_PATH" + echo "CC_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-gcc" >> "$GITHUB_ENV" + echo "CXX_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-g++" >> "$GITHUB_ENV" + echo "AR_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-ar" >> "$GITHUB_ENV" + echo "RANLIB_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-ranlib" >> "$GITHUB_ENV" + echo "CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER=$TOOLCHAIN_DIR/x86_64-w64-mingw32-g++" >> "$GITHUB_ENV" \ No newline at end of file diff --git a/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh b/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh index 3e922417..de04c8fe 100755 --- a/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh +++ b/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh @@ -405,4 +405,6 @@ setup_path verify_installation +export MINGW_TOOLCHAIN_DIR="$PREFIX/bin" + echo "Done" From fa78936aa68d4fb5be23091bfe5849e1537b2dbb Mon Sep 17 00:00:00 2001 From: binarybaron Date: Thu, 18 Sep 2025 18:34:51 -0400 Subject: [PATCH 3/4] fix(ci): correctly add custom gcc to GITHUB_PATH and GITHUB_ENV --- .../setup-build-environment/action.yml | 40 +++++++------------ .../ubuntu_build_x86_86-w64-mingw32-gcc.sh | 19 ++++++--- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/.github/actions/setup-build-environment/action.yml b/.github/actions/setup-build-environment/action.yml index 17e473a7..f3e889ba 100644 --- a/.github/actions/setup-build-environment/action.yml +++ b/.github/actions/setup-build-environment/action.yml @@ -47,17 +47,13 @@ runs: if: contains(inputs.host, 'ubuntu') && contains(inputs.target, 'windows') shell: bash run: | - # Ensure the system MinGW toolchain uses POSIX threads (not win32) - # This helps any tools that still come from apt (e.g., windres) and is harmless otherwise. set -euxo pipefail - if command -v update-alternatives >/dev/null 2>&1; then - if [ -x "/usr/bin/x86_64-w64-mingw32-g++-posix" ]; then - sudo update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix || true - fi - if [ -x "/usr/bin/x86_64-w64-mingw32-gcc-posix" ]; then - sudo update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix || true - fi - fi + + # Ensure the system MinGW toolchain uses POSIX threads (not win32) + # This shouldn't necessarily be needed, because we compile our own gcc with POSIX threads + # but we will still keep it here + sudo update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix + sudo update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix - name: Install build dependencies (macos) if: contains(inputs.host, 'macos') @@ -124,24 +120,18 @@ runs: set -euxo pipefail just prepare-windows-build - # Persist toolchain dir to later steps + # The script should set MINGW_TOOLCHAIN_DIR to the /bin directory of the toolchain if [ -z "${MINGW_TOOLCHAIN_DIR:-}" ]; then echo "ERROR: MINGW_TOOLCHAIN_DIR was not set by the build script." >&2 exit 1 fi - - echo "MINGW_TOOLCHAIN_DIR=$MINGW_TOOLCHAIN_DIR" >> "$GITHUB_ENV" - TOOLCHAIN_DIR="$MINGW_TOOLCHAIN_DIR" - if [ ! -d "$TOOLCHAIN_DIR" ]; then - echo "ERROR: Custom MinGW toolchain not found at $TOOLCHAIN_DIR" >&2 - echo "The gcc build step should have created it. Check logs for 'prepare-windows-build'." >&2 - exit 1 - fi + # Add the compiler to PATH + echo "$MINGW_TOOLCHAIN_DIR" >> "$GITHUB_PATH" - echo "$TOOLCHAIN_DIR" >> "$GITHUB_PATH" - echo "CC_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-gcc" >> "$GITHUB_ENV" - echo "CXX_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-g++" >> "$GITHUB_ENV" - echo "AR_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-ar" >> "$GITHUB_ENV" - echo "RANLIB_x86_64_pc_windows_gnu=$TOOLCHAIN_DIR/x86_64-w64-mingw32-ranlib" >> "$GITHUB_ENV" - echo "CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER=$TOOLCHAIN_DIR/x86_64-w64-mingw32-g++" >> "$GITHUB_ENV" \ No newline at end of file + # Set the compiler environment variables to make cargo use the custom compiler + echo "CC_x86_64_pc_windows_gnu=$MINGW_TOOLCHAIN_DIR/x86_64-w64-mingw32-gcc" >> "$GITHUB_ENV" + echo "CXX_x86_64_pc_windows_gnu=$MINGW_TOOLCHAIN_DIR/x86_64-w64-mingw32-g++" >> "$GITHUB_ENV" + echo "AR_x86_64_pc_windows_gnu=$MINGW_TOOLCHAIN_DIR/x86_64-w64-mingw32-ar" >> "$GITHUB_ENV" + echo "RANLIB_x86_64_pc_windows_gnu=$MINGW_TOOLCHAIN_DIR/x86_64-w64-mingw32-ranlib" >> "$GITHUB_ENV" + echo "CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER=$MINGW_TOOLCHAIN_DIR/x86_64-w64-mingw32-g++" >> "$GITHUB_ENV" \ No newline at end of file diff --git a/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh b/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh index de04c8fe..0f6e026c 100755 --- a/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh +++ b/dev_scripts/ubuntu_build_x86_86-w64-mingw32-gcc.sh @@ -296,16 +296,27 @@ copy_dlls() { } setup_path() { + export MINGW_TOOLCHAIN_DIR="$PREFIX/bin" + # Add to PATH only if not already present if [[ ":$PATH:" != *":$PREFIX/bin:"* ]]; then - export PATH="$PREFIX/bin:$PATH" + export PATH="$MINGW_TOOLCHAIN_DIR:$PATH" fi - # add path to bashrc + # When running in GitHub Actions, export the toolchain dir for later steps + if [ -n "${GITHUB_ENV:-}" ]; then + echo "MINGW_TOOLCHAIN_DIR=$MINGW_TOOLCHAIN_DIR" >> "$GITHUB_ENV" + fi + + # Also add to GITHUB_PATH for GitHub Actions + if [ -n "${GITHUB_PATH:-}" ]; then + echo "$PREFIX/bin" >> "$GITHUB_PATH" + fi + + # Add path to .bashrc if ! grep -q "export PATH=\"$PREFIX/bin:\$PATH\"" ~/.bashrc; then echo "export PATH=\"$PREFIX/bin:\$PATH\"" >> ~/.bashrc fi - } verify_installation() { @@ -405,6 +416,4 @@ setup_path verify_installation -export MINGW_TOOLCHAIN_DIR="$PREFIX/bin" - echo "Done" From 3d85d1567148acc56e2add1be4d3ef0ca8e288cd Mon Sep 17 00:00:00 2001 From: binarybaron Date: Thu, 18 Sep 2025 19:12:50 -0400 Subject: [PATCH 4/4] fix(ci): add custom gcc to path in its own github action step --- .github/actions/setup-build-environment/action.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup-build-environment/action.yml b/.github/actions/setup-build-environment/action.yml index f3e889ba..e45bc064 100644 --- a/.github/actions/setup-build-environment/action.yml +++ b/.github/actions/setup-build-environment/action.yml @@ -120,7 +120,13 @@ runs: set -euxo pipefail just prepare-windows-build - # The script should set MINGW_TOOLCHAIN_DIR to the /bin directory of the toolchain + - name: Prepare Windows build by adding gcc to PATH + if: contains(inputs.target, 'windows') + shell: bash + run: | + set -euxo pipefail + + # The step above should set MINGW_TOOLCHAIN_DIR to the /bin directory of the toolchain if [ -z "${MINGW_TOOLCHAIN_DIR:-}" ]; then echo "ERROR: MINGW_TOOLCHAIN_DIR was not set by the build script." >&2 exit 1