ci: replace docker .rpm builds with cargo zigbuild#1471
Merged
Conversation
Contributor
WalkthroughThis PR updates the packaging workflows for moq-cli, moq-gst, moq-relay, and moq-token-cli to apply consistent templating behavior. Both Debian and RPM packaging steps now render nfpm configuration files using 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
kixelated
force-pushed
the
claude/nfpm-env-template
branch
from
72a25b9 to
4b26f34
Compare
kixelated
changed the title
The .rpm packaging steps used to rebuild each crate inside an
AlmaLinux 9 container (moq-cli/relay/token-cli) or Debian 12 + AlmaLinux 9
containers (moq-gst), purely to link against an older glibc. The
docker path was slow (~7-15 min per matrix entry, no cargo cache, fresh
rustup install), fragile (curl-minimal/dnf conflicts, network flakiness),
and easy to break invisibly because the build dies before the cargo
compile even starts.
Replace it with cargo-zigbuild against a glibc-pinned target
(`<triple>.2.34`). One cargo build per arch yields a single binary that
satisfies Debian 12+, Ubuntu 22.04+, RHEL/Rocky/Alma 9+ and Fedora.
The .deb and .rpm steps now point nfpm at the same artifact instead of
producing a separate rpm-build copy. Drops ~150 lines of workflow YAML
and the docker dependency.
For moq-gst the deb and rpm jobs collapse into a single `package` job
that runs once per arch on ubuntu-24.04 (which ships GStreamer 1.24,
satisfying gstreamer-rs 0.23's >= 1.22 headers requirement). The
resulting .so still dynamic-links to the host's libgstreamer-1.0.so.0,
matching the existing nfpm depends of gst >= 1.22.
Wiring:
- `cargo-zigbuild` and `zig` added to the .#packaging derivation so
CI and local `nix develop` users share the same toolchain.
- `gettext` (envsubst) joins the derivation. The release workflows
render nfpm.yaml templates with envsubst before invoking nfpm pkg,
because nfpm's ${VAR}/{{ .Env.VAR }} expansion is only honored for
a small allow-list of top-level fields and never for contents[].src.
- nfpm.yaml `libc6` depends drop from >= 2.35/2.36 to >= 2.34 to
match the zigbuild floor.
https://claude.ai/code/session_015J5tVAQ7ESjBhnzdeXfhgX
kixelated
force-pushed
the
claude/nfpm-env-template
branch
from
b14e44f to
18664d0
Compare
kixelated
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two fixes folded together to get the release workflows actually green:
envsubstpre-rendering beforenfpm pkg. nfpm's${VAR}expansion only fires on a small allow-list of top-level fields (name,arch,version); forcontents[].srcandcontents[].dstthe value flows straight into the glob handler, which treats${BINARY_PATH}as a literal pattern and fails withglob failed: ${BINARY_PATH}: no matching files.{{ .Env.VAR }}doesn't help either: nfpm's templating doc lists the same restricted field set. Each.deb/.rpmstep now doesenvsubst '$VERSION $ARCH ...' < nfpm.yaml > /tmp/nfpm.yamlbefore invoking nfpm.cargo zigbuildin place of the AlmaLinux 9 / Debian 12 docker rebuilds. The previousPackage .rpm(andPackage .debfor moq-gst) reinstalled Rust inside a container on every run just to link against an older glibc. That path was slow (~7-15 min, no cargo cache), fragile (hitcurl-minimalvscurldnf conflicts, exit-127 surprises), and easy to break invisibly. Replaced withcargo zigbuild --target <triple>.2.34, which produces one binary covering Debian 12+, Ubuntu 22.04+, and RHEL/Rocky/Alma 9+. The.deband.rpmsteps now point nfpm at the same artifact.For moq-gst the deb and rpm jobs collapse into one
packagejob per arch onubuntu-24.04(ships GStreamer 1.24, satisfies gstreamer-rs 0.23's>= 1.22headers requirement). The resulting.sostill dynamic-links to the host'slibgstreamer-1.0.so.0, matching the existing nfpm>= 1.22depends.Wiring
cargo-zigbuild,zig, andgettextadded to the.#packagingderivation so CI and localnix developusers share the toolchain.libc6depends drop from>= 2.35/>= 2.36to>= 2.34to match the zigbuild floor.Net diff
9 files, +89 / -153 (Docker block removal more than pays for the new lines).
Test plan
yaml.safe_loadparses cleanly on all touched workflow and nfpm.yaml files..deband.rpmend-to-end for moq-cli, moq-relay, moq-token-cli (moq-gst's workflow has no PR dry-run, so its fix is exercised only on the nextmoq-gst-v*tag).https://claude.ai/code/session_015J5tVAQ7ESjBhnzdeXfhgX