diff --git a/.github/actions/setup-tauri-v2/action.yml b/.github/actions/setup-tauri-v2/action.yml index 133f244f7..07d29c1fe 100644 --- a/.github/actions/setup-tauri-v2/action.yml +++ b/.github/actions/setup-tauri-v2/action.yml @@ -59,7 +59,7 @@ runs: id: cache-webview2-installer with: path: WebView2Installer.exe - key: ${{ runner.os }}-${{ runner.arch }}-webview2-offline-installer + key: webview2-offline-installer - name: Download WebView2 bootstrapper if: ${{ runner.os == 'Windows' && steps.cache-webview2-installer.outputs.cache-hit != 'true' && inputs.runtime == 'true' }} # This is the "Evergreen" bootstrapper from Microsoft diff --git a/.github/workflows/_integration_tests.yml b/.github/workflows/_integration_tests.yml index 3db4b8bdb..b130b7e6e 100644 --- a/.github/workflows/_integration_tests.yml +++ b/.github/workflows/_integration_tests.yml @@ -148,13 +148,13 @@ jobs: - name: Add 50ms simulated API latency run: | - docker compose exec -T -u root api sh -c 'apk add --no-cache iproute2-tc' + docker compose exec -T -u root api sh -c 'apk add --update --no-cache iproute2-tc' docker compose exec -T -u root api sh -c 'tc qdisc add dev eth0 root netem delay 50ms' - name: Add 10ms simulated gateway latency run: | # compatibility test images won't have the `tc` command - docker compose exec -T gateway sh -c 'apk add --no-cache iproute2-tc' + docker compose exec -T gateway sh -c 'apk add --update --no-cache iproute2-tc' docker compose exec -T gateway sh -c 'tc qdisc add dev eth0 root netem delay 10ms' - run: ./scripts/tests/${{ matrix.test.name }}.sh diff --git a/.github/workflows/_swift.yml b/.github/workflows/_swift.yml index 153a7b956..1283ad9af 100644 --- a/.github/workflows/_swift.yml +++ b/.github/workflows/_swift.yml @@ -68,12 +68,6 @@ jobs: with: targets: ${{ matrix.rust-targets }} sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }} - - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - name: Restore Swift DerivedData Cache - id: cache - with: - path: ~/Library/Developer/Xcode/DerivedData - key: ${{ runner.os }}-${{ hashFiles('swift/*', 'rust/**/*.rs', 'rust/**/*.toml', 'rust/**/*.lock}') }} - run: ${{ matrix.build-script }} env: IOS_APP_PROVISIONING_PROFILE: "${{ secrets.APPLE_IOS_APP_PROVISIONING_PROFILE }}" @@ -145,11 +139,3 @@ jobs: sentry-cli debug-files upload --log-level info --project apple-client --include-sources ${{ runner.temp }} sentry-cli debug-files upload --log-level info --project apple-client --include-sources ./rust/target - - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 - if: ${{ steps.cache.outputs.cache-hit != 'true'}} - name: Save Swift DerivedData Cache - with: - path: ~/Library/Developer/Xcode/DerivedData - # Swift benefits heavily from build cache, so aggressively write a new one - # on each build on `main` and attempt to restore it in PR builds with broader restore-key. - key: ${{ steps.cache.outputs.cache-primary-key }} diff --git a/rust/Dockerfile b/rust/Dockerfile index e15a8f09e..e662a1fa6 100644 --- a/rust/Dockerfile +++ b/rust/Dockerfile @@ -13,12 +13,12 @@ ENV LANG=C.UTF-8 \ WORKDIR /bin ## curl is needed to run tests (`main` runs CI against `release` images) and `firezone-relay` needs `curl` in its entry script. -RUN apk add --no-cache curl +RUN apk add --no-cache --update curl # Gateway specific runtime base image FROM runtime_base AS runtime_firezone-gateway ## iptables are needed only by gateway for masquerading -RUN apk add --no-cache iptables ip6tables +RUN apk add --no-cache --update iptables ip6tables COPY ./docker-init-gateway.sh ./docker-init.sh # Relay specific runtime base image @@ -46,7 +46,7 @@ CMD ${PACKAGE} # Build an image for GitHub Actions which includes debug asserts and more test utilities FROM runtime AS debug -RUN apk add --no-cache iperf3 bind-tools iproute2 jq procps iptables +RUN apk add --no-cache --update iperf3 bind-tools iproute2 jq procps iptables ## Build first with `cargo build --target ${TARGET} -p ${PACKAGE} && mv /target/${TARGET}/debug/${PACKAGE} .` ARG PACKAGE diff --git a/rust/Dockerfile.xdp-tools b/rust/Dockerfile.xdp-tools index d3325a1a3..7a2837284 100644 --- a/rust/Dockerfile.xdp-tools +++ b/rust/Dockerfile.xdp-tools @@ -10,7 +10,7 @@ FROM alpine:latest -RUN apk add --no-cache \ +RUN apk add --no-cache --update \ git \ clang \ pkgconfig \ diff --git a/scripts/tests/direct-download-packet-loss.sh b/scripts/tests/direct-download-packet-loss.sh index 9322e65b9..1252324b4 100755 --- a/scripts/tests/direct-download-packet-loss.sh +++ b/scripts/tests/direct-download-packet-loss.sh @@ -2,7 +2,7 @@ source "./scripts/tests/lib.sh" -client apk add --no-cache iproute2 +client apk add --no-cache --update iproute2 client tc qdisc add dev eth0 root netem loss 20% client sh -c "curl --fail --output download.file http://download.httpbin/bytes?num=10000000" & diff --git a/scripts/tests/lib.sh b/scripts/tests/lib.sh index 5b71e2fdf..4162548c6 100755 --- a/scripts/tests/lib.sh +++ b/scripts/tests/lib.sh @@ -20,7 +20,7 @@ function relay2() { function install_iptables_drop_rules() { # Install `iptables` to have it available in the compatibility tests - client apk add iptables + client apk add --update --no-cache iptables # Execute within the client container because doing so from the host is not reliable in CI. client iptables -A OUTPUT -d 172.28.0.105 -j DROP diff --git a/scripts/tests/tcp-dns.sh b/scripts/tests/tcp-dns.sh index 656644f7c..25c05a059 100755 --- a/scripts/tests/tcp-dns.sh +++ b/scripts/tests/tcp-dns.sh @@ -2,7 +2,7 @@ source "./scripts/tests/lib.sh" -client sh -c "apk add bind-tools" # The compat tests run using the production image which doesn't have `dig`. +client sh -c "apk add --update --no-cache bind-tools" # The compat tests run using the production image which doesn't have `dig`. echo "Resolving DNS resource over TCP with search domain" client sh -c "dig +search +tcp dns"