philomena-dev · liamwhite · Jun 7, 2026 · Jun 6, 2026 · Jun 6, 2026 · Jun 7, 2026
diff --git a/.dialyzer_ignore.exs b/.dialyzer_ignore.exs
@@ -18,7 +18,5 @@
   {"lib/philomena/static_pages.ex", :call_without_opaque},
   {"lib/philomena/tags.ex", :call_without_opaque},
   {"lib/philomena/topics.ex", :call_without_opaque},
-  {"lib/philomena/users.ex", :call_without_opaque},
-  {"lib/philomena/users/user.ex", :call_without_opaque},
-  {"lib/philomena_web/plugs/content_security_policy_plug.ex", :call_without_opaque}
+  {"lib/philomena/users.ex", :call_without_opaque}
 ]
diff --git a/.dockerignore b/.dockerignore
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/cache@v4
+      - uses: actions/cache@v5
         with:
           path: |
             _build
@@ -18,7 +18,12 @@ jobs:
 
       - run: docker compose pull
       - run: docker compose build
-      - run: ./scripts/philomena.sh test
+      - name: Run tests
+        run: ./scripts/philomena.sh test
+      # Artifacts from docker bind mount are owned by root, but cache action
+      # can only save artifacts running under the default user:
+      - name: Change artifact ownership for cache action
+        run: sudo chown -R $USER $GITHUB_WORKSPACE
 
   typos:
     name: 'Check for spelling errors'

diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile
@@ -27,17 +27,13 @@ RUN apk add \
     openssh
 
 # The default `cargo` and `rust` packages in Alpine repo don't include important
-# rust dev components like `rust-src` (std lib sources), `rustfmt`, `clippy`, etc.
-# In any case, it's much better to use rustup for rust toolchain management.
-# Also, this lives in a separate RUN statement to cache this step separately, as
-# it's quite slow to install.
-RUN --mount=source=./scripts/lib.sh,target=./scripts/lib.sh \
-    --mount=source=./scripts/install/rust.sh,target=./scripts/install/rust.sh \
-    --mount=source=./rust-toolchain.toml,target=./rust-toolchain.toml \
-    ./scripts/install/rust.sh
-
-RUN --mount=source=./scripts,target=./scripts \
-    ./scripts/install/shellcheck.sh \
+# components like `rust-src` (std lib sources), `rustfmt`, and `clippy`.
+# It's also more conventional to use rustup for rust toolchain management.
+COPY scripts scripts
+COPY rust-toolchain.toml rust-toolchain.toml
+
+RUN ./scripts/install/rust.sh \
+    && ./scripts/install/shellcheck.sh \
     && ./scripts/install/typos.sh
 
 # `/shell-history` dir is persisted across container rebuilds/restarts

diff --git a/docker/app/Dockerfile.dockerignore b/docker/app/Dockerfile.dockerignore
@@ -0,0 +1,4 @@
+**
+!docker/app/Dockerfile
+!scripts
+!rust-toolchain.toml
diff --git a/docker/app/run-test b/docker/app/run-test
@@ -13,7 +13,7 @@ mix format --check-formatted
 # if it's not done doing whatever it does yet
 printf "Waiting for OpenSearch"
 
-until wget -qO - opensearch:9200; do
+until wget -qO - http://opensearch:9200; do
   printf "."
   sleep 2
 done

diff --git a/docker/mediaproc/Dockerfile.dockerignore b/docker/mediaproc/Dockerfile.dockerignore
@@ -0,0 +1,5 @@
+**
+!docker/mediaproc/Dockerfile
+!docker/mediaproc/safe-rsvg-convert
+!native/philomena
+native/philomena/target
diff --git a/docker/web/Dockerfile.dockerignore b/docker/web/Dockerfile.dockerignore
@@ -0,0 +1,2 @@
+**
+!docker/web/Dockerfile
diff --git a/mix.exs b/mix.exs
@@ -11,7 +11,11 @@ defmodule Philomena.MixProject do
       start_permanent: Mix.env() == :prod,
       aliases: aliases(),
       deps: deps(),
-      dialyzer: [plt_add_apps: [:ex_unit, :mix]],
+      dialyzer: [
+        list_unused_filters: true,
+        ignore_warnings: ".dialyzer_ignore.exs",
+        plt_add_apps: [:ex_unit, :mix]
+      ],
       docs: [formatters: ["html"]],
       listeners: [Phoenix.CodeReloader]
     ]