From 481018e1e3b685b3801f4f28c12af3ea01d72f59 Mon Sep 17 00:00:00 2001 From: le king fu Date: Mon, 13 Apr 2026 20:27:14 -0400 Subject: [PATCH] ci: install libdbus-1-dev for keyring build, drop appimage target (#79) The new token_store module (#78) depends on `sync-secret-service` via `dbus-secret-service`, which in turn links to libdbus-1 at build time through the `dbus` crate. Add `libdbus-1-dev` to: - `check.yml` rust job (alongside the existing webkit/appindicator system deps), so every PR run compiles the keyring backend. - `release.yml` Linux deps step, so tagged builds link correctly. Runtime requires `libdbus-1-3`, which is present on every desktop Linux distro by default, so `.deb` / `.rpm` depends stay unchanged. Also add a non-blocking `cargo audit` step to check.yml to surface advisories across the transitive dep graph (zbus, dbus-secret-service, etc.) without failing unrelated PRs. Drop `appimage` from `bundle.targets` in tauri.conf.json: the release workflow explicitly builds `--bundles deb,rpm` so AppImage was never shipped, and its presence in the config risks a silent fallback to plaintext token storage for anyone running `tauri build` locally without libsecret/libdbus bundled into the AppImage. No behaviour change for CI; follow-up to re-enable AppImage properly would need a linuxdeploy workflow that bundles the backend. Refs #66 Co-Authored-By: Claude Opus 4.6 (1M context) --- .forgejo/workflows/check.yml | 13 ++++++++++++- .forgejo/workflows/release.yml | 2 +- src-tauri/tauri.conf.json | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index 429b486..0de9b04 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -25,7 +25,8 @@ jobs: apt-get update apt-get install -y --no-install-recommends \ curl wget git ca-certificates build-essential pkg-config \ - libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev libssl-dev + libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev libssl-dev \ + libdbus-1-dev # Node.js is required by actions/checkout and actions/cache (they # are JavaScript actions and need `node` in the container PATH). curl -fsSL https://deb.nodesource.com/setup_20.x | bash - @@ -63,6 +64,16 @@ jobs: - name: cargo test run: cargo test --manifest-path src-tauri/Cargo.toml --all-targets + # Informational audit of transitive dependencies. Failure does not + # block the CI (advisories can appear on unrelated crates and stall + # unrelated work); surface them in the job log so we see them on + # every PR run and can react in a follow-up. + - name: cargo audit + continue-on-error: true + run: | + cargo install --locked cargo-audit || true + cargo audit --file src-tauri/Cargo.lock || true + frontend: runs-on: ubuntu container: ubuntu:22.04 diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml index 82618ae..7e76207 100644 --- a/.forgejo/workflows/release.yml +++ b/.forgejo/workflows/release.yml @@ -31,7 +31,7 @@ jobs: - name: Install Linux dependencies run: | - apt-get install -y build-essential libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf jq libssl-dev xdg-utils + apt-get install -y build-essential libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf jq libssl-dev xdg-utils libdbus-1-dev - name: Install Windows cross-compile dependencies run: | diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index 4238cf1..4173fef 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -23,7 +23,7 @@ }, "bundle": { "active": true, - "targets": ["nsis", "deb", "rpm", "appimage"], + "targets": ["nsis", "deb", "rpm"], "icon": [ "icons/32x32.png", "icons/128x128.png",