The new token_store module (#78) depends on `sync-secret-service` via
`dbus-secret-service`, which in turn links to libdbus-1 at build time
through the `dbus` crate. Add `libdbus-1-dev` to:
- `check.yml` rust job (alongside the existing webkit/appindicator
system deps), so every PR run compiles the keyring backend.
- `release.yml` Linux deps step, so tagged builds link correctly.
Runtime requires `libdbus-1-3`, which is present on every desktop
Linux distro by default, so `.deb` / `.rpm` depends stay unchanged.
Also add a non-blocking `cargo audit` step to check.yml to surface
advisories across the transitive dep graph (zbus, dbus-secret-service,
etc.) without failing unrelated PRs.
Drop `appimage` from `bundle.targets` in tauri.conf.json: the release
workflow explicitly builds `--bundles deb,rpm` so AppImage was never
shipped, and its presence in the config risks a silent fallback to
plaintext token storage for anyone running `tauri build` locally
without libsecret/libdbus bundled into the AppImage. No behaviour
change for CI; follow-up to re-enable AppImage properly would need a
linuxdeploy workflow that bundles the backend.
Refs #66
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
actions/checkout@v4 and actions/cache@v4 are JavaScript actions and
require `node` in the container PATH. The rust job in check.yml only
installed system libs and the Rust toolchain, so the post-checkout
cleanup failed with `exec: "node": executable file not found in $PATH`
on every Forgejo run.
The frontend job already installed Node, which is why it succeeded.
The GitHub mirror is unaffected because ubuntu-latest ships with Node
preinstalled.
Validated against the failed run https://git.lacompagniemaximus.com/maximus/Simpl-Resultat/actions/runs/122
Adds .forgejo/workflows/check.yml (and a GitHub mirror) that runs on
every branch push (except main) and on every PR targeting main.
Two parallel jobs:
- rust: cargo check + cargo test, with cargo registry/git/target caches
keyed on Cargo.lock. Installs the minimal Rust toolchain and the
webkit2gtk system deps that the tauri build script needs.
- frontend: npm ci + npm run build (tsc + vite) + npm test (vitest),
with the npm cache keyed on package-lock.json.
The Forgejo workflow uses the ubuntu:22.04 container pattern from
release.yml. The GitHub mirror uses native runners (ubuntu-latest)
since the GitHub mirror exists for portability and uses GitHub-native
actions.
Documents the new workflow in CLAUDE.md alongside release.yml so future
contributors know what CI runs before merge.
