fix: harden CI cargo downloads
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
import { readFileSync } from "node:fs";
|
||||
|
||||
function assertCondition(condition: unknown, message: string, detail: unknown = {}): void {
|
||||
if (!condition) throw new Error(`${message}: ${JSON.stringify(detail)}`);
|
||||
}
|
||||
|
||||
const dockerfile = readFileSync("src/components/backend-core/Dockerfile", "utf8");
|
||||
const d601Pipeline = readFileSync("src/components/microservices/k3sctl-adapter/k3s/ci/unidesk-ci.pipeline.yaml", "utf8");
|
||||
const g14Pipeline = readFileSync("src/components/microservices/k3sctl-adapter/k3s/ci/unidesk-ci.pipeline.g14.yaml", "utf8");
|
||||
|
||||
for (const name of [
|
||||
"CARGO_HTTP_TIMEOUT",
|
||||
"CARGO_HTTP_LOW_SPEED_LIMIT",
|
||||
"CARGO_NET_RETRY",
|
||||
"CARGO_HTTP_MULTIPLEXING",
|
||||
"CARGO_REGISTRIES_CRATES_IO_PROTOCOL",
|
||||
]) {
|
||||
assertCondition(dockerfile.includes(`ARG ${name}=`), `backend-core Dockerfile must accept ${name}`, { name });
|
||||
assertCondition(dockerfile.includes(`${name}=${`$\{${name}\}`}`), `backend-core Dockerfile must export ${name}`, { name });
|
||||
assertCondition(d601Pipeline.includes(`--build-arg ${name}=`), `D601 CI pipeline must pass ${name}`, { name });
|
||||
assertCondition(g14Pipeline.includes(`--build-arg ${name}=`), `G14 CI pipeline must pass ${name}`, { name });
|
||||
}
|
||||
|
||||
assertCondition(
|
||||
dockerfile.includes("CARGO_HTTP_LOW_SPEED_LIMIT=1") && dockerfile.includes("CARGO_HTTP_TIMEOUT=180"),
|
||||
"backend-core Dockerfile must raise Cargo low-speed tolerance for proxied CI builds",
|
||||
dockerfile,
|
||||
);
|
||||
|
||||
console.log(JSON.stringify({
|
||||
ok: true,
|
||||
checks: [
|
||||
"backend-core Dockerfile accepts Cargo HTTP/retry build args",
|
||||
"D601/G14 CI pipelines pass Cargo HTTP/retry build args",
|
||||
"backend-core CI build tolerates slow proxied crates.io downloads",
|
||||
],
|
||||
}));
|
||||
@@ -2,7 +2,17 @@
|
||||
FROM rust:1-bookworm AS build
|
||||
WORKDIR /app/src/components/backend-core
|
||||
ARG CARGO_BUILD_JOBS=1
|
||||
ENV CARGO_BUILD_JOBS=${CARGO_BUILD_JOBS}
|
||||
ARG CARGO_HTTP_TIMEOUT=180
|
||||
ARG CARGO_HTTP_LOW_SPEED_LIMIT=1
|
||||
ARG CARGO_NET_RETRY=5
|
||||
ARG CARGO_HTTP_MULTIPLEXING=false
|
||||
ARG CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
|
||||
ENV CARGO_BUILD_JOBS=${CARGO_BUILD_JOBS} \
|
||||
CARGO_HTTP_TIMEOUT=${CARGO_HTTP_TIMEOUT} \
|
||||
CARGO_HTTP_LOW_SPEED_LIMIT=${CARGO_HTTP_LOW_SPEED_LIMIT} \
|
||||
CARGO_NET_RETRY=${CARGO_NET_RETRY} \
|
||||
CARGO_HTTP_MULTIPLEXING=${CARGO_HTTP_MULTIPLEXING} \
|
||||
CARGO_REGISTRIES_CRATES_IO_PROTOCOL=${CARGO_REGISTRIES_CRATES_IO_PROTOCOL}
|
||||
COPY src/components/backend-core/Cargo.toml ./Cargo.toml
|
||||
COPY src/components/backend-core/Cargo.lock ./Cargo.lock
|
||||
RUN mkdir -p src \
|
||||
|
||||
@@ -448,6 +448,11 @@ spec:
|
||||
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
|
||||
--build-arg CARGO_HTTP_TIMEOUT=180 \
|
||||
--build-arg CARGO_HTTP_LOW_SPEED_LIMIT=1 \
|
||||
--build-arg CARGO_NET_RETRY=5 \
|
||||
--build-arg CARGO_HTTP_MULTIPLEXING=false \
|
||||
--build-arg CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
|
||||
--label "unidesk.ai/service-id=backend-core" \
|
||||
--label "unidesk.ai/source-repo=$(params.repo-url)" \
|
||||
--label "unidesk.ai/source-commit=$commit" \
|
||||
@@ -716,6 +721,11 @@ spec:
|
||||
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
|
||||
--build-arg CARGO_HTTP_TIMEOUT=180 \
|
||||
--build-arg CARGO_HTTP_LOW_SPEED_LIMIT=1 \
|
||||
--build-arg CARGO_NET_RETRY=5 \
|
||||
--build-arg CARGO_HTTP_MULTIPLEXING=false \
|
||||
--build-arg CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
|
||||
--label "unidesk.ai/service-id=$service_id" \
|
||||
--label "unidesk.ai/source-repo=$(params.repo-url)" \
|
||||
--label "unidesk.ai/source-commit=$commit" \
|
||||
|
||||
@@ -448,6 +448,11 @@ spec:
|
||||
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
|
||||
--build-arg CARGO_HTTP_TIMEOUT=180 \
|
||||
--build-arg CARGO_HTTP_LOW_SPEED_LIMIT=1 \
|
||||
--build-arg CARGO_NET_RETRY=5 \
|
||||
--build-arg CARGO_HTTP_MULTIPLEXING=false \
|
||||
--build-arg CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
|
||||
--label "unidesk.ai/service-id=backend-core" \
|
||||
--label "unidesk.ai/source-repo=$(params.repo-url)" \
|
||||
--label "unidesk.ai/source-commit=$commit" \
|
||||
@@ -716,6 +721,11 @@ spec:
|
||||
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
|
||||
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
|
||||
--build-arg CARGO_HTTP_TIMEOUT=180 \
|
||||
--build-arg CARGO_HTTP_LOW_SPEED_LIMIT=1 \
|
||||
--build-arg CARGO_NET_RETRY=5 \
|
||||
--build-arg CARGO_HTTP_MULTIPLEXING=false \
|
||||
--build-arg CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
|
||||
--label "unidesk.ai/service-id=$service_id" \
|
||||
--label "unidesk.ai/source-repo=$(params.repo-url)" \
|
||||
--label "unidesk.ai/source-commit=$commit" \
|
||||
|
||||
Reference in New Issue
Block a user