Recently GitHub actions seems to have installed a buggy version of
compose that [fails with
`fatalError`](https://github.com/firezone/firezone/actions/runs/15181224905/job/42691214402?pr=9203)
on this line `docker compose up -d relay-1 relay-2 --no-build`.
Since those point to the same underlying image, I speculate that
separating these out will temporary alleviate this issue for us.
Tauri's `deb` and `rpm` bundler have support for configuring maintainer
scripts. We can therefore just use those instead of tearing apart the
`deb` file that it creates and rebuilding it ourselves.
Our `rpm` packaging is currently completely broken as well. I couldn't
get it to work on CentOS 9 at all due to missing dependencies, likely
introduced by our move to Tauri v2. It installs fine on CentOS 10
though, assuming that the user has the EPEL repository installed which
provides the WebView dependency. I extended the docs to reflect this.
Hence, with this PR, we drop support for CentOS 9 and now require CentOS
10. This allows us to remove a lot of cruft from our bundling process
and instead entirely rely on the Tauri provided bundler.
Lastly, for consistency with other platforms, the name of the
application in places like app drawers has been changed from "Firezone
Client" to just "Firezone".
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
We already use `vite` as a bundling tool but only to rollup some of the
pre-built files. This setup (and therefore our buildscripts) can be
massively simplified by instructing `vite` to also build our TypeScript
code and compile tailwind.
This makes it much easier to develop locally because one only needs to
run `pnpm vite build --watch` to keep everything up to date.
Our link checker `lychee` doesn't appear to de-duplicate requests to the
same URL which causes 429 errors with GitHub. To workaround this, we
reduce the concurrency to 1 and activate `lychee`'s cache. This cache is
just a file on disk. We don't need to actually save this in GitHub
actions' cache because all we want is for lychee to not make a request
to same URL again in the same session.
Related: https://github.com/lycheeverse/lychee-action/issues/289
Running `clippy` first is more useful because it provides better
feedback around compile-errors. When working with cross-platform code,
it is often the case that one needs to push to CI to ensure everything
builds. Therefore, getting fast feedback is important.
GitHub's Windows runners are very slow. In order to not prolong CI runs
too much, we set the number of _additional_ proptest cases for Windows
to 0. This means we still run all the regression seeds that we've
accumulated in `proptest-regressions/tests.txt` and simply don't
generate any new ones on top of it.
This is also a good benchmark to ensure that our regression seeds cover
all cases that we are testing further down below using the coverage
grepping.
Related: #8948
By default, proptest runs all regression cases + 256 new ones. Given
that we run the tests on 3 different operating systems in various
versions each and that on each PR, we are likely hitting enough
different cases to detect any bugs.
Related: #8948
These take a long time and there is not really any benefit. We already
run smoke-tests on both Windows and Linux runners which ensures that the
GUI and IPC service compile and start. In addition, we run clippy across
the entire Rust codebase.
The only thing that doesn't get tested in CI if we remove this is the
bundling of the applications. This however rarely changes and one can
always trigger the Tauri workflow manually for a PR to see if certain
changes are working.
Related: #8948
The debug build is good enough if one wants to test a particular PR on a
real device. When necessary, a release build can be trigger explicitly
for a particular branch.
Related: #8948
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4.2.1 to 4.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: implement new <code>artifact-ids</code> input by <a
href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li>
<li>Fix workflow example for downloading by artifact ID by <a
href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/402">actions/download-artifact#402</a></li>
<li>Prep for v4.3.0 release by <a
href="https://github.com/robherley"><code>@robherley</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/404">actions/download-artifact#404</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/GrantBirki"><code>@GrantBirki</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/401">actions/download-artifact#401</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0">https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d3f86a106a"><code>d3f86a1</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/404">#404</a>
from actions/robherley/v4.3.0</li>
<li><a
href="fc02353415"><code>fc02353</code></a>
prep for v4.3.0 release</li>
<li><a
href="77454371a4"><code>7745437</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/402">#402</a>
from actions/joshmgross/download-by-id-example</li>
<li><a
href="84fc7a0a35"><code>84fc7a0</code></a>
Remove path filters from Check dist workflow</li>
<li><a
href="67f2bc382f"><code>67f2bc3</code></a>
Fix workflow example for downloading by artifact ID</li>
<li><a
href="8ea3c2c174"><code>8ea3c2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/401">#401</a>
from actions/download-by-id</li>
<li><a
href="d219c630f6"><code>d219c63</code></a>
add supporting unit tests for artifact downloads with ids</li>
<li><a
href="54124fbd88"><code>54124fb</code></a>
revert <code>getArtifact()</code> changes - for now we have to list and
filter by artifa...</li>
<li><a
href="b83057b90d"><code>b83057b</code></a>
bundle</li>
<li><a
href="171183c7dc"><code>171183c</code></a>
use the same <code>artifactClient.getArtifact</code> structure as seen
above in `isSingl...</li>
<li>Additional commits viewable in <a
href="95815c38cf...d3f86a106a">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[taiki-e/install-action](https://github.com/taiki-e/install-action) from
2.49.50 to 2.50.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.50.4</h2>
<ul>
<li>
<p>Update <code>typos@latest</code> to 1.31.2.</p>
</li>
<li>
<p>Update <code>osv-scanner@latest</code> to 2.0.2.</p>
</li>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.95.</p>
</li>
</ul>
<h2>2.50.3</h2>
<ul>
<li>Update <code>cargo-zigbuild@latest</code> to 0.20.0.</li>
</ul>
<h2>2.50.2</h2>
<ul>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.4.</p>
</li>
<li>
<p>Update <code>syft@latest</code> to 1.23.1.</p>
</li>
</ul>
<h2>2.50.1</h2>
<ul>
<li>
<p>Update <code>syft@latest</code> to 1.23.0.</p>
</li>
<li>
<p>Update <code>cargo-semver-checks@latest</code> to 0.41.0.</p>
</li>
</ul>
<h2>2.50.0</h2>
<ul>
<li>
<p>Support <code>taplo</code>. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/944">#944</a>,
thanks <a
href="https://github.com/vivienm"><code>@vivienm</code></a>)</p>
</li>
<li>
<p>Update <code>wasmtime@latest</code> to 32.0.0.</p>
</li>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.133.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<h2>[2.50.4] - 2025-05-01</h2>
<ul>
<li>
<p>Update <code>typos@latest</code> to 1.31.2.</p>
</li>
<li>
<p>Update <code>osv-scanner@latest</code> to 2.0.2.</p>
</li>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.95.</p>
</li>
</ul>
<h2>[2.50.3] - 2025-04-26</h2>
<ul>
<li>Update <code>cargo-zigbuild@latest</code> to 0.20.0.</li>
</ul>
<h2>[2.50.2] - 2025-04-26</h2>
<ul>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.4.</p>
</li>
<li>
<p>Update <code>syft@latest</code> to 1.23.1.</p>
</li>
</ul>
<h2>[2.50.1] - 2025-04-25</h2>
<ul>
<li>
<p>Update <code>syft@latest</code> to 1.23.0.</p>
</li>
<li>
<p>Update <code>cargo-semver-checks@latest</code> to 0.41.0.</p>
</li>
</ul>
<h2>[2.50.0] - 2025-04-21</h2>
<ul>
<li>
<p>Support <code>taplo</code>. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/944">#944</a>,
thanks <a
href="https://github.com/vivienm"><code>@vivienm</code></a>)</p>
</li>
<li>
<p>Update <code>wasmtime@latest</code> to 32.0.0.</p>
</li>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.133.</p>
</li>
</ul>
<h2>[2.49.50] - 2025-04-16</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.9.1.</li>
</ul>
<h2>[2.49.49] - 2025-04-13</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="33734a1186"><code>33734a1</code></a>
Release 2.50.4</li>
<li><a
href="014b96a1bb"><code>014b96a</code></a>
Update <code>typos@latest</code> to 1.31.2</li>
<li><a
href="35a81c61b8"><code>35a81c6</code></a>
Update <code>osv-scanner@latest</code> to 2.0.2</li>
<li><a
href="f3c9944420"><code>f3c9944</code></a>
Update <code>cargo-nextest@latest</code> to 0.9.95</li>
<li><a
href="ab3728c7ba"><code>ab3728c</code></a>
Release 2.50.3</li>
<li><a
href="6d5ef845d7"><code>6d5ef84</code></a>
Update <code>cargo-zigbuild@latest</code> to 0.20.0</li>
<li><a
href="52d0e7adc5"><code>52d0e7a</code></a>
Release 2.50.2</li>
<li><a
href="a69f86f003"><code>a69f86f</code></a>
Update <code>cargo-lambda@latest</code> to 1.8.4</li>
<li><a
href="b790d400b3"><code>b790d40</code></a>
Update <code>syft@latest</code> to 1.23.1</li>
<li><a
href="067268f3aa"><code>067268f</code></a>
Release 2.50.1</li>
<li>Additional commits viewable in <a
href="09dc018eee...33734a1186">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This tunnel throughput benchmark isn't a very useful benchmark and it is
very flaky. Remove it entirely until we can replace it with something
more robust and useful.
Resolves: #8172
Firezone's control plane is a realtime, distributed system that relies
on a broadcast/subscribe system to function. In many cases, these events
are broadcasted whenever relevant data in the DB changes, such as an
actor losing access to a policy, a membership being deleted, and so
forth.
Today, this is handled in the application layer, typically happening at
the place where the relevant DB call is made (i.e. in an
`after_commit`). While this approach has worked thus far, it has several
issues:
1. We have no guarantee that the DB change will issue a broadcast. If
the application is deployed or the process crashes after the DB changes
are made but before the broadcast happens, we will have potentially
failed to update any connected clients or gateways with the changes.
2. We have no guarantee that the order of DB updates will be maintained
in order for broadcasts. In other words, app server A could win its DB
operation against app server B, but then proceed to lose being the first
to broadcast.
3. If the cluster is in a bad state where broadcasts may return an error
(i.e. https://github.com/firezone/firezone/issues/8660), we will never
retry the broadcast.
To fix the above issues, we introduce a WAL logical decoder that process
the event stream one message at a time and performs any needed work.
Serializability is guaranteed since we only process the WAL in a single,
cluster-global process, `ReplicationConnection`. Durability is also
guaranteed since we only ACK WAL segments after we've successfully
ingested the event.
This means we will only advance the position of our WAL stream after
successfully broadcasting the event.
This PR only introduces the WAL stream processing system but does not
introduce any changes to our current broadcasting behavior - that's
saved for another PR.
When working on the Rust code of Firezone from a MacOS computer, it is
useful to have pretty much all of the code at least compile to ensure
detect problems early. Eventually, once we target features like a
headless MacOS client, some of these stubs will actually be filled in an
be functional.
Turns out that the standard `pgoutput` plugin shipped with Postgres will
do everything we need it to, and there are good examples of prior art
decoding its binary output in Elixir (in production).
So to avoid adding a dependency on `wal2json` here, we'll go with that.
In order to develop and test WAL replication, we need the wal2json
module installed in our dev postgres image. The module itself builds
very quickly, but I thought it would be better to have this
automatically built and pushed as part of a nightly job so that CI and
developers can make use of it.
In #8795 we added an additional path to the artifact upload which
appeared to have broken it. The action cannot seem to handle multiple
direct paths that lead to files. It tries to but fails:
```
Multiple search paths detected. Calculating the least common ancestor of all paths
The least common ancestor is /Users/runner/work/firezone/firezone/"/Users/runner/work/_temp. This will be the root directory of the artifact
Warning: No files were found with the provided path: "/Users/runner/work/_temp/firezone-macos-client-1.4.12.dmg"
"/Users/runner/work/_temp/firezone-macos-client-1.4.12.pkg". No artifacts will be uploaded.
```
Source:
https://github.com/firezone/firezone/actions/runs/14571295945/job/40868936348#step:7:31
Splitting this step into two and creating one artifact each fixes this
as can be seen in the following job (which I triggered for this PR):
https://github.com/firezone/firezone/actions/runs/14572176039/job/40871304453
Bumps
[taiki-e/install-action](https://github.com/taiki-e/install-action) from
2.49.46 to 2.49.50.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.49.50</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.9.1.</li>
</ul>
<h2>2.49.49</h2>
<ul>
<li>Update <code>release-plz@latest</code> to 0.3.132.</li>
</ul>
<h2>2.49.48</h2>
<ul>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.131.</p>
</li>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.94.</p>
</li>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.3.</p>
</li>
</ul>
<h2>2.49.47</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.9.0.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<ul>
<li>Update <code>release-plz@latest</code> to 0.3.133.</li>
</ul>
<h2>[2.49.50] - 2025-04-16</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.9.1.</li>
</ul>
<h2>[2.49.49] - 2025-04-13</h2>
<ul>
<li>Update <code>release-plz@latest</code> to 0.3.132.</li>
</ul>
<h2>[2.49.48] - 2025-04-11</h2>
<ul>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.131.</p>
</li>
<li>
<p>Update <code>cargo-nextest@latest</code> to 0.9.94.</p>
</li>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.3.</p>
</li>
</ul>
<h2>[2.49.47] - 2025-04-09</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.9.0.</li>
</ul>
<h2>[2.49.46] - 2025-04-08</h2>
<ul>
<li>
<p>Update <code>espup@latest</code> to 0.15.0.</p>
</li>
<li>
<p>Update <code>trunk@latest</code> to 0.21.13.</p>
</li>
</ul>
<h2>[2.49.45] - 2025-04-06</h2>
<ul>
<li>
<p>Update <code>knope@latest</code> to 0.19.2.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.12.3.</p>
</li>
</ul>
<h2>[2.49.44] - 2025-04-03</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.8.24.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="09dc018eee"><code>09dc018</code></a>
Release 2.49.50</li>
<li><a
href="2cd02413f6"><code>2cd0241</code></a>
Update <code>grcov@latest</code> to 0.9.1</li>
<li><a
href="be7c31b674"><code>be7c31b</code></a>
Release 2.49.49</li>
<li><a
href="a5bc3ba681"><code>a5bc3ba</code></a>
Update <code>release-plz@latest</code> to 0.3.132</li>
<li><a
href="5e434d4644"><code>5e434d4</code></a>
Release 2.49.48</li>
<li><a
href="e4c4a414ab"><code>e4c4a41</code></a>
Update <code>release-plz@latest</code> to 0.3.131</li>
<li><a
href="80a9f78f16"><code>80a9f78</code></a>
Update <code>cargo-nextest@latest</code> to 0.9.94</li>
<li><a
href="7722c176d5"><code>7722c17</code></a>
Update <code>cargo-lambda@latest</code> to 1.8.3</li>
<li><a
href="a48a50298f"><code>a48a502</code></a>
Release 2.49.47</li>
<li><a
href="63533c4988"><code>63533c4</code></a>
Update <code>grcov@latest</code> to 0.9.0</li>
<li>See full diff in <a
href="2db346588e...09dc018eee">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Microsoft Intune's DMG provisioner currently fails unexpectedly when
trying to provision our published DMG file with the error:
> The DMG file couldn't be mounted for installation. Check the DMG file
if the error persists. (0x87D30139)
I ran the following verification commands locally, which all passed:
```
hdiutil verify -verbose <dmg>
hdiutil imageinfo -verbose <dmg>
hdiutil hfsanalyze -verbose <dmg>
hdiutil checksum -type SHA256 -verbose <dmg>
hdiutil info -verbose
hdiutil pmap -verbose <dmg>
```
So the issue appears to be most likely that Intune doens't like the
`/Applications` shortcut in the DMG. This is a UX feature to make it
easy to drag the application the /Applications folder upon opening the
DMG.
So we're publishing an PKG in addition to the DMG, which should be a
more reliable artifact for MDMs to use.
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
When testing certain PRs, it's helpful to have signed release builds for
various platforms.
These can be built by manually triggering their respective workflow from
the GitHub UI. In these cases, we want to upload the artifacts to the
workflow run, but _not_ upload the artifacts to the release.
We only want to upload artifacts to the release if the `github.ref_name`
is `main`.
We no longer have multiple versions of `tauri-winrt-notification` in our
dependency tree and can therefore remove this exclusion rule.
To ensure that we don't forget to update these in the future, we now
deny the `unnecessary-skip` lint that warns us when we have one of those
entries.
Windows runners are very slow on GitHub actions. The Rust tests on
Windows are regularly the last CI job to finish. In order to speed up
overall CI runtime, reduce the number of cases we run on Windows to
1000. It doesn't really matter which OS we run these on as the proptests
are entirely platform-agnostic. We just need to get a good amount of
testcases in on each CI run.
Bumps
[taiki-e/install-action](https://github.com/taiki-e/install-action) from
2.49.40 to 2.49.46.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's
releases</a>.</em></p>
<blockquote>
<h2>2.49.46</h2>
<ul>
<li>
<p>Update <code>espup@latest</code> to 0.15.0.</p>
</li>
<li>
<p>Update <code>trunk@latest</code> to 0.21.13.</p>
</li>
</ul>
<h2>2.49.45</h2>
<ul>
<li>
<p>Update <code>knope@latest</code> to 0.19.2.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.12.3.</p>
</li>
</ul>
<h2>2.49.44</h2>
<ul>
<li>
<p>Update <code>grcov@latest</code> to 0.8.24.</p>
</li>
<li>
<p>Update <code>osv-scanner@latest</code> to 2.0.1.</p>
</li>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.130.</p>
</li>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.1.</p>
</li>
<li>
<p>Downgrade <code>cargo-spellcheck@latest</code> to 0.15.1. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/932">#932</a>)</p>
</li>
</ul>
<h2>2.49.43</h2>
<ul>
<li>Update <code>syft@latest</code> to 1.22.0.</li>
</ul>
<h2>2.49.42</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.8.23.</li>
</ul>
<h2>2.49.41</h2>
<ul>
<li>Update <code>mdbook@latest</code> to 0.4.48.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>This project adheres to <a href="https://semver.org">Semantic
Versioning</a>.</p>
<!-- raw HTML omitted -->
<h2>[Unreleased]</h2>
<h2>[2.49.46] - 2025-04-08</h2>
<ul>
<li>
<p>Update <code>espup@latest</code> to 0.15.0.</p>
</li>
<li>
<p>Update <code>trunk@latest</code> to 0.21.13.</p>
</li>
</ul>
<h2>[2.49.45] - 2025-04-06</h2>
<ul>
<li>
<p>Update <code>knope@latest</code> to 0.19.2.</p>
</li>
<li>
<p>Update <code>cargo-binstall@latest</code> to 1.12.3.</p>
</li>
</ul>
<h2>[2.49.44] - 2025-04-03</h2>
<ul>
<li>
<p>Update <code>grcov@latest</code> to 0.8.24.</p>
</li>
<li>
<p>Update <code>osv-scanner@latest</code> to 2.0.1.</p>
</li>
<li>
<p>Update <code>release-plz@latest</code> to 0.3.130.</p>
</li>
<li>
<p>Update <code>cargo-lambda@latest</code> to 1.8.1.</p>
</li>
<li>
<p>Downgrade <code>cargo-spellcheck@latest</code> to 0.15.1. (<a
href="https://redirect.github.com/taiki-e/install-action/pull/932">#932</a>)</p>
</li>
</ul>
<h2>[2.49.43] - 2025-04-01</h2>
<ul>
<li>Update <code>syft@latest</code> to 1.22.0.</li>
</ul>
<h2>[2.49.42] - 2025-04-01</h2>
<ul>
<li>Update <code>grcov@latest</code> to 0.8.23.</li>
</ul>
<h2>[2.49.41] - 2025-04-01</h2>
<ul>
<li>Update <code>mdbook@latest</code> to 0.4.48.</li>
</ul>
<h2>[2.49.40] - 2025-03-31</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2db346588e"><code>2db3465</code></a>
Release 2.49.46</li>
<li><a
href="a214674956"><code>a214674</code></a>
Update <code>espup@latest</code> to 0.15.0</li>
<li><a
href="bba517d299"><code>bba517d</code></a>
Update <code>trunk@latest</code> to 0.21.13</li>
<li><a
href="d4635f2de6"><code>d4635f2</code></a>
Release 2.49.45</li>
<li><a
href="fcc9c5e18c"><code>fcc9c5e</code></a>
Update <code>knope@latest</code> to 0.19.2</li>
<li><a
href="256c1d84e7"><code>256c1d8</code></a>
Update <code>cargo-binstall@latest</code> to 1.12.3</li>
<li><a
href="57554aa960"><code>57554aa</code></a>
Update knope manifest</li>
<li><a
href="f1390fd0d8"><code>f1390fd</code></a>
Release 2.49.44</li>
<li><a
href="537312ee19"><code>537312e</code></a>
codegen: Exclude versions not released on crates.io from candidate for
"latest"</li>
<li><a
href="95bd642ae8"><code>95bd642</code></a>
Revert "codegen: Mark cargo-lambda 1.8.1 as broken"</li>
<li>Additional commits viewable in <a
href="daa3c1f1f9...2db346588e">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
