From c865cb71ca37be255d45b29a216ccf3af9e927f6 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 6 Jun 2026 18:04:26 -0400 Subject: [PATCH 1/7] Add missing scheme to opensearch init delay --- docker/app/run-test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/app/run-test b/docker/app/run-test index ccd69995a..e391828fe 100755 --- a/docker/app/run-test +++ b/docker/app/run-test @@ -13,7 +13,7 @@ mix format --check-formatted # if it's not done doing whatever it does yet printf "Waiting for OpenSearch" -until wget -qO - opensearch:9200; do +until wget -qO - http://opensearch:9200; do printf "." sleep 2 done From 4b47aba06924b56f452942052bc0f6a9e336278f Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 6 Jun 2026 18:23:35 -0400 Subject: [PATCH 2/7] Update cache action to v5 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d043dfa7e..78c481778 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - uses: actions/cache@v4 + - uses: actions/cache@v5 with: path: | _build From f06f07ff880b41f19542397a3d7b6ca9d37da744 Mon Sep 17 00:00:00 2001 From: Liam Date: Sun, 7 Jun 2026 13:12:53 -0400 Subject: [PATCH 3/7] Ensure cache action can gather build artifacts --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78c481778..adb0c54d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,6 +19,7 @@ jobs: - run: docker compose pull - run: docker compose build - run: ./scripts/philomena.sh test + - run: sudo chown -R $USER $GITHUB_WORKSPACE typos: name: 'Check for spelling errors' From 4336fb0c6b70ac510514f764a501a19f5b3fcab6 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 6 Jun 2026 18:17:35 -0400 Subject: [PATCH 4/7] Ignore as much build context as is possible --- .dockerignore | 7 ------- docker/app/Dockerfile.dockerignore | 2 ++ docker/mediaproc/Dockerfile.dockerignore | 5 +++++ docker/web/Dockerfile.dockerignore | 2 ++ 4 files changed, 9 insertions(+), 7 deletions(-) delete mode 100644 .dockerignore create mode 100644 docker/app/Dockerfile.dockerignore create mode 100644 docker/mediaproc/Dockerfile.dockerignore create mode 100644 docker/web/Dockerfile.dockerignore diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index c7e4f9719..000000000 --- a/.dockerignore +++ /dev/null @@ -1,7 +0,0 @@ -_build -.cargo -deps -.elixir_ls -priv/static -native/philomena/target -node_modules diff --git a/docker/app/Dockerfile.dockerignore b/docker/app/Dockerfile.dockerignore new file mode 100644 index 000000000..1bd2543c8 --- /dev/null +++ b/docker/app/Dockerfile.dockerignore @@ -0,0 +1,2 @@ +** +!docker/app/Dockerfile diff --git a/docker/mediaproc/Dockerfile.dockerignore b/docker/mediaproc/Dockerfile.dockerignore new file mode 100644 index 000000000..e29d80b19 --- /dev/null +++ b/docker/mediaproc/Dockerfile.dockerignore @@ -0,0 +1,5 @@ +** +!docker/mediaproc/Dockerfile +!docker/mediaproc/safe-rsvg-convert +!native/philomena +native/philomena/target diff --git a/docker/web/Dockerfile.dockerignore b/docker/web/Dockerfile.dockerignore new file mode 100644 index 000000000..51f0c9fde --- /dev/null +++ b/docker/web/Dockerfile.dockerignore @@ -0,0 +1,2 @@ +** +!docker/web/Dockerfile From c09609f71d145c4f4bce71b28f9295a172b951bc Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 6 Jun 2026 21:23:00 -0400 Subject: [PATCH 5/7] Don't depend on bind mount resources for app container build --- docker/app/Dockerfile | 10 ++++------ docker/app/Dockerfile.dockerignore | 2 ++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile index 2e4b996f5..a7893c3d9 100644 --- a/docker/app/Dockerfile +++ b/docker/app/Dockerfile @@ -31,13 +31,11 @@ RUN apk add \ # In any case, it's much better to use rustup for rust toolchain management. # Also, this lives in a separate RUN statement to cache this step separately, as # it's quite slow to install. -RUN --mount=source=./scripts/lib.sh,target=./scripts/lib.sh \ - --mount=source=./scripts/install/rust.sh,target=./scripts/install/rust.sh \ - --mount=source=./rust-toolchain.toml,target=./rust-toolchain.toml \ - ./scripts/install/rust.sh +COPY scripts scripts +COPY rust-toolchain.toml rust-toolchain.toml -RUN --mount=source=./scripts,target=./scripts \ - ./scripts/install/shellcheck.sh \ +RUN ./scripts/install/rust.sh \ + && ./scripts/install/shellcheck.sh \ && ./scripts/install/typos.sh # `/shell-history` dir is persisted across container rebuilds/restarts diff --git a/docker/app/Dockerfile.dockerignore b/docker/app/Dockerfile.dockerignore index 1bd2543c8..c8be5fce8 100644 --- a/docker/app/Dockerfile.dockerignore +++ b/docker/app/Dockerfile.dockerignore @@ -1,2 +1,4 @@ ** !docker/app/Dockerfile +!scripts +!rust-toolchain.toml From f20837075e4c8c3c1e751e63b0a2494ab79d32a0 Mon Sep 17 00:00:00 2001 From: Liam Date: Sun, 7 Jun 2026 13:23:42 -0400 Subject: [PATCH 6/7] Remove unnecessary dialyzer skips --- .dialyzer_ignore.exs | 4 +--- mix.exs | 6 +++++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.dialyzer_ignore.exs b/.dialyzer_ignore.exs index 4c7626f10..8a34fdef8 100644 --- a/.dialyzer_ignore.exs +++ b/.dialyzer_ignore.exs @@ -18,7 +18,5 @@ {"lib/philomena/static_pages.ex", :call_without_opaque}, {"lib/philomena/tags.ex", :call_without_opaque}, {"lib/philomena/topics.ex", :call_without_opaque}, - {"lib/philomena/users.ex", :call_without_opaque}, - {"lib/philomena/users/user.ex", :call_without_opaque}, - {"lib/philomena_web/plugs/content_security_policy_plug.ex", :call_without_opaque} + {"lib/philomena/users.ex", :call_without_opaque} ] diff --git a/mix.exs b/mix.exs index bb6b46db7..e8e10d517 100644 --- a/mix.exs +++ b/mix.exs @@ -11,7 +11,11 @@ defmodule Philomena.MixProject do start_permanent: Mix.env() == :prod, aliases: aliases(), deps: deps(), - dialyzer: [plt_add_apps: [:ex_unit, :mix]], + dialyzer: [ + list_unused_filters: true, + ignore_warnings: ".dialyzer_ignore.exs", + plt_add_apps: [:ex_unit, :mix] + ], docs: [formatters: ["html"]], listeners: [Phoenix.CodeReloader] ] From ca1713a26b544b208fe3a969ec3bbb39311d332e Mon Sep 17 00:00:00 2001 From: Liam Date: Sun, 7 Jun 2026 13:53:41 -0400 Subject: [PATCH 7/7] Address review comments --- .github/workflows/ci.yml | 8 ++++++-- docker/app/Dockerfile | 6 ++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index adb0c54d9..e42907d47 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,8 +18,12 @@ jobs: - run: docker compose pull - run: docker compose build - - run: ./scripts/philomena.sh test - - run: sudo chown -R $USER $GITHUB_WORKSPACE + - name: Run tests + run: ./scripts/philomena.sh test + # Artifacts from docker bind mount are owned by root, but cache action + # can only save artifacts running under the default user: + - name: Change artifact ownership for cache action + run: sudo chown -R $USER $GITHUB_WORKSPACE typos: name: 'Check for spelling errors' diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile index a7893c3d9..07b5675ec 100644 --- a/docker/app/Dockerfile +++ b/docker/app/Dockerfile @@ -27,10 +27,8 @@ RUN apk add \ openssh # The default `cargo` and `rust` packages in Alpine repo don't include important -# rust dev components like `rust-src` (std lib sources), `rustfmt`, `clippy`, etc. -# In any case, it's much better to use rustup for rust toolchain management. -# Also, this lives in a separate RUN statement to cache this step separately, as -# it's quite slow to install. +# components like `rust-src` (std lib sources), `rustfmt`, and `clippy`. +# It's also more conventional to use rustup for rust toolchain management. COPY scripts scripts COPY rust-toolchain.toml rust-toolchain.toml