1
0
Fork 0
mirror of https://github.com/imjasonh/krust synced 2026-07-08 14:55:35 +00:00
Commit graph

64 commits

Author SHA1 Message Date
Claude
508913e07e
Fix zigbuild detection: use cargo zigbuild --help
cargo-zigbuild --version doesn't work reliably in all PATH configs.
Use cargo zigbuild --help instead, which uses cargo's subcommand
discovery to find the cargo-zigbuild binary. Also verify zigbuild
actually works in CI after installation.

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-18 20:46:09 +00:00
Claude
eb296df008
Fix CI: symlink python-zig to zig for cargo-zigbuild
The ziglang pip package installs as python-zig, not zig.
cargo-zigbuild needs zig in PATH, so create a symlink.

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-18 20:36:12 +00:00
Claude
eea19c3dcb
Fix CI: skip integration tests gracefully when tools unavailable
Integration tests now skip instead of panicking when Docker or
cargo-zigbuild aren't available. Also removed redundant make test-e2e
step from CI since make test already includes e2e tests.

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-18 20:07:25 +00:00
Claude
7a7ef3fd44
Require cargo-zigbuild, remove cross-linker fallback
- Make zigbuild a hard requirement instead of optional with fallback
- Remove configure_cross_linker and all system linker detection logic
- Remove apt-get install of system cross-linkers from CI
- Remove unused `which` dependency
- Fail fast with clear install instructions if zigbuild is missing

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-17 22:31:32 +00:00
Claude
06ea1a1b3e
Fix CI: use --break-system-packages for pip, cache zigbuild, keep apt fallback
- Ubuntu 24.04 blocks bare pip install (PEP 668), add --break-system-packages
- Move cache steps before cargo install so zigbuild binary can be cached
- Cache cargo-zigbuild binary separately, skip install if already cached
- Keep apt system cross-linkers as fallback alongside zigbuild

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-17 21:09:45 +00:00
Claude
3366c5b69d
Fix CI: use pip install ziglang for reliable zig installation
The snap install was unreliable and the apt fallback used a
non-existent package name. pip install ziglang is the recommended
way to install zig in CI environments.

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-17 20:46:44 +00:00
Claude
bb76a120c3
Use cargo-zigbuild for cross-compilation, add build caching
- Integrate cargo-zigbuild as the default build backend, falling back
  to cargo build with best-effort linker detection if not installed
- Auto-install rustup targets when missing (rustup target add)
- Use persistent target/krust/ directory instead of temp dirs so
  incremental compilation works across runs
- Remove .cargo/config.toml from repo (add to .gitignore) since
  zigbuild handles cross-linker configuration
- Improve error messages: suggest cargo-zigbuild when linker not found
- Simplify CI to use zigbuild instead of per-target system linkers
- Simplify Makefile by removing setup-cross-compile/verify targets
- Update README and CLAUDE.md to reflect new approach

https://claude.ai/code/session_01EcsZDNeWn56wFqryb4Wq7r
2026-03-17 20:33:41 +00:00
Jason Hall
31e5c5a5a3
Merge branch 'main' into dependabot/github_actions/dtolnay/rust-toolchain-f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 2026-03-17 15:46:51 -04:00
Jason Hall
42375d9ede
Merge pull request #70 from imjasonh/dependabot/github_actions/actions/checkout-6.0.2
chore(deps): Bump actions/checkout from 5.0.0 to 6.0.2
2026-03-17 15:45:27 -04:00
dependabot[bot]
58c11fed7f
chore(deps): Bump actions/cache from 4.3.0 to 5.0.3
Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](0057852bfa...cdf6c1fa76)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-02 08:26:12 +00:00
dependabot[bot]
998a99188e
chore(deps): Bump actions/checkout from 5.0.0 to 6.0.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...de0fac2e45)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-26 08:27:34 +00:00
dependabot[bot]
9cece8229c
chore(deps): Bump dtolnay/rust-toolchain
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from 6d653acede28d24f02e3cd41383119e8b1b35921 to f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](6d653acede...f7ccc83f9e)

---
updated-dependencies:
- dependency-name: dtolnay/rust-toolchain
  dependency-version: f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-22 08:18:59 +00:00
Jason Hall
de64beadf7 also delete release.yaml
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-10-15 19:33:22 -04:00
Jason Hall
66bdad3daa next attempt at release
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-10-15 18:59:18 -04:00
Jason Hall
1c84596a6b next attempt at release
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-10-15 18:47:56 -04:00
Jason Hall
a4603c99e5 add release workflow
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-10-15 18:25:43 -04:00
Jason Hall
c0d62918c2
Disable cargo-tarpaulin in CI workflow
Comment out cargo-tarpaulin installation and execution due to CI failure.
2025-10-15 15:52:26 -04:00
Jason Hall
e6f85be66d simplify ci
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-10-15 15:24:48 -04:00
Jason Hall
d6d8e15afc
Disable fail-fast in CI workflow 2025-10-15 15:07:03 -04:00
Jason Hall
c69d6e13f7
Include run-built-image step for Ubuntu
Add step to run built image for Ubuntu in CI workflow
2025-10-15 15:06:32 -04:00
Jason Hall
ce4fb911a7 small updates
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-10-15 14:59:48 -04:00
Jason Hall
eee45d6dbd
Merge pull request #35 from imjasonh/dependabot/github_actions/actions/checkout-5.0.0
chore(deps): Bump actions/checkout from 4.2.2 to 5.0.0
2025-10-14 21:36:56 -04:00
Jason Hall
f6964b6341
Merge pull request #40 from imjasonh/dependabot/github_actions/actions/cache-4.3.0
chore(deps): Bump actions/cache from 4.2.4 to 4.3.0
2025-10-14 21:34:08 -04:00
Jason Hall
2375e9140d
Merge branch 'main' into dependabot/github_actions/actions/checkout-5.0.0 2025-10-14 21:33:28 -04:00
dependabot[bot]
b0a67e6543
chore(deps): Bump actions/cache from 4.2.4 to 4.3.0
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](0400d5f644...0057852bfa)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-09-29 10:11:08 +00:00
dependabot[bot]
3cd8b5712a
chore(deps): Bump dtolnay/rust-toolchain
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to 6d653acede28d24f02e3cd41383119e8b1b35921.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](b3b07ba8b4...6d653acede)

---
updated-dependencies:
- dependency-name: dtolnay/rust-toolchain
  dependency-version: 6d653acede28d24f02e3cd41383119e8b1b35921
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-09-22 08:46:31 +00:00
dependabot[bot]
d6fad728d1
chore(deps): Bump actions/checkout from 4.2.2 to 5.0.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](11bd71901b...08c6903cd8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-08-25 14:48:23 +00:00
dependabot[bot]
0d4b6b41b4
chore(deps): Bump actions/cache from 4.2.3 to 4.2.4
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](5a3ec84eff...0400d5f644)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-08-11 13:23:03 +00:00
Jason Hall
05a1a1915f
fix: restrict cross-compilation test to x86_64 runners only
- Only run make run-built-image on ubuntu-latest (x86_64) runners
- ARM64 runners cannot cross-compile for x86_64 due to linker architecture mismatch
- Prevents 'file in wrong format' errors when ARM64 musl-gcc tries to link x86_64 objects

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:58:43 -04:00
Jason Hall
c678342a5b
fix: use correct musl linker name in CI
- Change from x86_64-linux-musl-gcc to musl-gcc (provided by musl-tools package)
- Keep aarch64-linux-gnu-gcc for ARM64 cross-compilation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:53:53 -04:00
Jason Hall
635f680dd5
fix: update CI cross-compilation config and remove local config
- Move cross-compilation setup to CI workflow for better portability
- Remove local .cargo/config.toml to avoid conflicts
- Add cross-compilation config directly in CI test matrix
- Re-enable make run-built-image in main test job

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:47:20 -04:00
Jason Hall
7d8093a4f8
fix: add dedicated integration job for cross-compilation tests
- Restore integration job with CI-compatible linker configuration
- Use aarch64-linux-gnu-gcc instead of aarch64-linux-musl-gcc for CI
- Enable make run-built-image test in dedicated ubuntu-latest environment

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:43:03 -04:00
Jason Hall
a70fc36ef1
debug: enable run-built-image to investigate cross-compilation issues
Temporarily enable run-built-image in CI to see what specific
cross-compilation tools are missing in the ubuntu environment.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:30:10 -04:00
Jason Hall
9d40a2683d
Comment out failing e2e test for now, save progress
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-08 20:25:15 -04:00
Jason Hall
9edb878ca5
ci: make builds and tests always verbose for better debugging
- Update Makefile to use --verbose flag by default for build and test targets
- Simplify CI workflow to use standard make targets instead of verbose variants
- Improve debugging visibility in CI by showing detailed cargo output

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:06:14 -04:00
Jason Hall
5444d76d83
ci: enhance workflow with matrix testing and ARM support
- Add matrix testing across ubuntu-latest and ubuntu-24.04-arm
- Test both stable and beta Rust toolchains
- Add comprehensive caching for cargo registry, index, and build
- Include cross-compilation verification steps
- Use make targets for consistent build and test execution

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:04:56 -04:00
Jason Hall
5ff754c574
fix: simplify CI workflow to resolve linker issues
Remove complex cross-compilation setup that was causing linker
errors. The simplified approach should work with the available
system linkers and musl-tools package.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 20:02:07 -04:00
Jason Hall
dc09631004
fix: restore --image flag support for backward compatibility
Restore support for the --image flag that was accidentally removed
in the previous refactoring. This ensures all existing tests and
workflows continue to work while maintaining the digest-only approach.

- Restore image reference parsing with tag/digest stripping
- Maintain backward compatibility with existing CLI interface
- All integration tests now pass

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 19:57:06 -04:00
Jason Hall
6228bce97b
fix: remove automatic image tagging, make it optional
Images are now pushed by digest only by default, with optional tagging
via the new --tag flag. This addresses issue #27 by ensuring:

- No automatic :latest tags are applied during build
- Platform-specific images are never tagged for external use
- Only manifest lists can receive tags when explicitly requested
- Default behavior outputs digest-only references for reproducibility

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 19:42:00 -04:00
Jason Hall
f91d156266
refactor: Add make targets for cross-compilation setup
- Add setup-cross-compile target to create cargo config
- Add verify-cross-compile target to check setup
- Update CI to use make verify-cross-compile
- Simplifies CI workflow and centralizes cross-compile logic

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 12:05:07 -04:00
Jason Hall
e15bd1df8c
refactor: Centralize test flags and commands in Makefile
- Add TEST_FLAGS variable for single-threaded test execution
- Create verbose targets for CI usage
- Update pre-commit hooks to use make targets
- Update CI workflow to use make targets
- This ensures consistency between local and CI test execution

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 12:02:29 -04:00
Jason Hall
c5b7bc1236
fix: Run tests single-threaded to avoid env var race conditions
- Update pre-commit hooks to use --test-threads=1
- Update CI workflow to run tests single-threaded
- This prevents test failures due to concurrent environment variable modifications

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 11:59:26 -04:00
Jason Hall
ccd4f829ac
run CI as parallel as possible
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-08 08:49:37 -04:00
Jason Hall
d7a8533116
fix: Use correct path for alpine-base example in CI
Instead of changing directories, pass the path directly to krust.
This ensures the command runs from the correct working directory
where the krust binary is located.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 08:45:06 -04:00
Jason Hall
c1d0f4f129
Merge pull request #7 from imjasonh/feat/supply-chain-security
feat: Add supply chain security improvements
2025-06-08 01:02:26 -04:00
Jason Hall
577c4152fe
fix: Add missing toolchain parameter to fmt and clippy jobs
The dtolnay/rust-toolchain action requires an explicit toolchain
parameter when pinned to a specific SHA.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 00:53:34 -04:00
Jason Hall
bd515ce3e2
feat: Add supply chain security improvements
- Pin all GitHub Actions to specific commit SHAs for immutability
- Add cargo-audit job to CI pipeline for vulnerability scanning
- Create SECURITY.md with vulnerability reporting guidelines
- Add Dependabot configuration for automated dependency updates
  - Weekly updates for both Cargo and GitHub Actions
  - Grouped patch and minor updates for Cargo dependencies
- Update job dependencies to run security checks before integration tests

This improves the project's security posture by:
1. Preventing action hijacking through SHA pinning
2. Catching known vulnerabilities early with cargo-audit
3. Providing clear security reporting channels
4. Automating dependency updates to reduce security debt

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 00:48:19 -04:00
Jason Hall
d3e2b881bb
Update .github/workflows/ci.yml 2025-06-08 00:43:30 -04:00
Jason Hall
532198dd5a
chore: Add alpine-base example for multi-platform testing
- Add example/alpine-base project that uses Alpine Linux as base image
- Update CI extended-platforms job to use the example directory
- Simplifies CI configuration by moving test project to examples

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-06-08 00:40:32 -04:00
Jason Hall
4f5f7fc644
run jobs as concurrently as possible
Signed-off-by: Jason Hall <jason@chainguard.dev>
2025-06-08 00:24:44 -04:00