fix(ci): consolidate desktop E2E pipeline and add Rust tests#227
Conversation
Remove fragile cross-workflow artifact dependency where e2e-desktop.yml
downloaded debug binaries from CI's build-desktop-* jobs. When CI skipped
those builds (no desktop file changes), E2E failed with "Artifact not found."
Changes:
- Remove build-desktop-{windows,macos,linux} jobs from ci.yml
- Make e2e-desktop.yml self-contained: builds its own debug binaries
- Add change detection (dorny/paths-filter) to e2e-desktop.yml
- Add cargo-test-{windows,macos,linux} jobs to ci.yml, gated on
cargo-check passing
- Add Rust coverage via cargo-llvm-cov on Linux, uploaded to Codecov
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Entire-Checkpoint: f9f9fd17ec7e
WalkthroughReplace per-OS desktop build jobs with test-and-coverage jobs (cargo-test-*) in CI; add a change-detection job to gate desktop E2E; refactor e2e-desktop to build the desktop binary via cargo, start that binary for tests, and publish coverage. Changes
Sequence Diagram(s)sequenceDiagram
participant GH as "GitHub Actions"
participant Changes as "changes job (path detector)"
participant Runner as "CI Runner"
participant Cargo as "cargo (build/test/coverage)"
participant Services as "Backend / Dependencies (API, DB, IPFS...)"
participant Binary as "Desktop binary (matrix.binary-name)"
participant Tests as "E2E test runner"
participant Codecov as "Codecov"
GH->>Changes: run path detection
Changes-->>GH: outputs.desktop (true/false)
GH->>Runner: start e2e-desktop (if outputs.desktop)
Runner->>Cargo: cargo build/test --features (matrix)
Cargo-->>Binary: produce built binary
Runner->>Services: start backend & support services
Runner->>Binary: launch binary (set BINARY, ensure exec perms)
Runner->>Tests: run E2E tests against services + binary
Tests-->>Runner: emit results + coverage
Runner->>Codecov: upload coverage (if enabled)
Codecov-->>GH: coverage report uploaded
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
The taiki-e/install-action is not on the org's allowed actions list. Install cargo-llvm-cov directly with cargo install + rustup component. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 0ff9e48ac739
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/e2e-desktop.yml (1)
27-44: Consider expanding thedesktopfilter to include E2E harness changes.Changes under
tests/e2e-desktop/**andtools/mock-ipns-routing/**currently won’t trigger this workflow on main pushes, so harness regressions can be missed.♻️ Suggested filter additions
desktop: - 'apps/desktop/src/**' - 'apps/desktop/src-tauri/src/**' - 'apps/desktop/src-tauri/vendor/**' - 'apps/desktop/src-tauri/capabilities/**' - 'apps/desktop/src-tauri/resources/**' - 'apps/desktop/src-tauri/Cargo.toml' - 'apps/desktop/src-tauri/Cargo.lock' - 'apps/desktop/src-tauri/build.rs' - 'apps/desktop/src-tauri/rust-toolchain.toml' - 'apps/desktop/index.html' - 'apps/desktop/vite.config.*' - 'apps/desktop/tsconfig*' + - 'tests/e2e-desktop/**' + - 'tools/mock-ipns-routing/**' - 'packages/crypto/src/**' - 'packages/crypto/tsconfig*' - '.github/workflows/e2e-desktop.yml'🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/e2e-desktop.yml around lines 27 - 44, Update the "desktop" path filter in the workflow's filters block so pushes that change the E2E harness trigger the job: add entries for tests/e2e-desktop/** and tools/mock-ipns-routing/** (and any related harness scripts if applicable) to the desktop filter list in .github/workflows/e2e-desktop.yml so changes to the E2E tests and mock IPNS routing tool will run the workflow.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/e2e-desktop.yml:
- Around line 23-24: The checkout step uses the default behavior which for
workflow_run events checks out the default branch instead of the triggering
commit; update the actions/checkout@v4 step(s) (the lines replacing "uses:
actions/checkout@v4") to pin to the triggering run's commit by setting the ref
to github.event.workflow_run.head_sha (e.g., use ref: ${{
github.event.workflow_run.head_sha }}) and include fetch-depth: 0 to ensure full
history; apply the same change to the other occurrence referenced in the
comment.
---
Nitpick comments:
In @.github/workflows/e2e-desktop.yml:
- Around line 27-44: Update the "desktop" path filter in the workflow's filters
block so pushes that change the E2E harness trigger the job: add entries for
tests/e2e-desktop/** and tools/mock-ipns-routing/** (and any related harness
scripts if applicable) to the desktop filter list in
.github/workflows/e2e-desktop.yml so changes to the E2E tests and mock IPNS
routing tool will run the workflow.
workflow_run events default to the latest default-branch commit, not the commit that triggered the upstream CI. Pin both checkout steps to github.event.workflow_run.head_sha so change detection and builds use the correct code. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 5e0838007b7e
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/ci.yml (1)
570-573: Consider caching the cargo-llvm-cov binary.The current cache configuration (lines 562-568) excludes
~/.cargo/bin, socargo-llvm-covwill be reinstalled on every run. Adding~/.cargo/binto the cache path would speed up subsequent runs.♻️ Proposed cache path update
- uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git + ~/.cargo/bin apps/desktop/src-tauri/target key: linux-cargo-${{ hashFiles('apps/desktop/src-tauri/Cargo.lock') }} restore-keys: linux-cargo-Note: If you add
~/.cargo/binto the cache, consider invalidating the cache key when the installed tool version changes (e.g., by including a hash of tool versions or a manual version suffix).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci.yml around lines 570 - 573, The CI currently installs cargo-llvm-cov every run because the cache paths exclude the Rust cargo bin directory; update the GitHub Actions cache configuration that manages Rust/Cargo (the block around the existing cache paths) to include ~/.cargo/bin so the cargo-llvm-cov binary is persisted, and modify the cache key to include a tool-version token (e.g., a cargo-llvm-cov version string or hash of tool-versions) so cached binaries are invalidated when you intentionally change the installed version; ensure the install step that runs `rustup component add llvm-tools-preview` and `cargo install cargo-llvm-cov --locked` remains but will be skipped when the binary is recovered from ~/.cargo/bin in the cache.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 570-573: The CI currently installs cargo-llvm-cov every run
because the cache paths exclude the Rust cargo bin directory; update the GitHub
Actions cache configuration that manages Rust/Cargo (the block around the
existing cache paths) to include ~/.cargo/bin so the cargo-llvm-cov binary is
persisted, and modify the cache key to include a tool-version token (e.g., a
cargo-llvm-cov version string or hash of tool-versions) so cached binaries are
invalidated when you intentionally change the installed version; ensure the
install step that runs `rustup component add llvm-tools-preview` and `cargo
install cargo-llvm-cov --locked` remains but will be skipped when the binary is
recovered from ~/.cargo/bin in the cache.
cargo-check-macos works without setting PKG_CONFIG_PATH because pkg-config's default search paths include /usr/local/lib/pkgconfig where the fuse.pc symlink lives. Explicitly setting PKG_CONFIG_PATH may override these defaults. Match the working cargo-check-macos job. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 06c223dddb4a
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #227 +/- ##
===========================================
- Coverage 89.68% 46.54% -43.14%
===========================================
Files 43 93 +50
Lines 1483 8142 +6659
Branches 284 582 +298
===========================================
+ Hits 1330 3790 +2460
- Misses 77 4195 +4118
- Partials 76 157 +81
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
The symlink to fuse-t.pc was dangling because the FUSE-T pkgconfig path varies across macOS runner versions. Use cp with a fallback find to locate the actual file, and restore PKG_CONFIG_PATH. cargo-check-macos passed due to cached build script output from prior runs; cargo-test needs to re-run the build script which requires pkg-config to find fuse.pc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 57fed1b04f8e
fuse-t.pc reports Version: 1.0.x (FUSE-T's product version) but fuser's build.rs requires fuse >= 2.6.0 (the libfuse API version). FUSE-T implements the FUSE 2.9 API, so patch the version field in the copied fuse.pc to 2.9.9. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: d998c0e33a58
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 516-530: The cargo-check-macos job must mirror the robust FUSE-T
setup used in cargo-test-macos: copy the same block that finds FUSE-T (use
FUSE_T_PC variable with the fallback find across /Library /usr/local
/opt/homebrew), validate existence, sudo cp to /usr/local/lib/pkgconfig/fuse.pc,
and run the same sudo sed to set "Version: 2.9.9" so fuser's build.rs sees FUSE
2.9; add this identical sequence to the cargo-check-macos job (same variable
names FUSE_T_PC, same cp and sed invocations) to ensure both jobs handle
missing/renamed fuse-t.pc and the version patch consistently.
In @.github/workflows/e2e-desktop.yml:
- Around line 87-92: The macOS "Install FUSE-T (macOS)" step creates a symlink
but doesn't patch the reported FUSE version, causing the fuser crate's build.rs
(which requires fuse >= 2.6.0) to fail; update that step to patch or replace the
pkgconfig file so pkg-config reports a compatible version (e.g., write or modify
fuse.pc to include "Version: 2.6.0" and appropriate Libs/Requires entries)
similar to the version-patch logic used in the cargo-test-macos job, ensuring
the fuser crate's version check passes.
Apply the same find-fallback + version-patch approach to cargo-check-macos (ci.yml) and the e2e-desktop macOS build step. Previously only cargo-test-macos had the fix; the other jobs relied on cached build script output which masked the issue. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 8f3293112f30
The new desktop Rust coverage was being mixed into the default project target, causing a -43% drop. Fix by: - Scoping the default project status to api+crypto flags only - Adding a desktop flag with its own paths and carryforward - Adding a desktop project status with target: auto, threshold: 5% Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: b343f8908680
Adding desktop Rust test coverage caused a -5.8% drop in the aggregate project coverage check. Add the desktop flag to the default status and bump threshold to 6% to accommodate the new flag. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 1dfc03e50560
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
.github/workflows/e2e-desktop.yml (1)
389-390: Avoid passing dev keys on the command line.Passing the dev key via
--dev-keyexposes it in process arguments. Prefer environment-variable injection (or another non-argv channel) if supported by the app.Based on learnings: In PowerShell and Bash test scripts for
tests/e2e-desktop/scripts/, secrets (like TEST_SECRET) should be passed via environment variables, NOT as command-line parameters, to avoid exposure in process listings and shell history.Also applies to: 411-412, 429-431
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/e2e-desktop.yml around lines 389 - 390, The workflow is passing the development key via the command-line flag "--dev-key" to "$BINARY" which exposes the secret in process arguments; instead, set the dev key in the environment (e.g., export/Set-Item env:DEV_KEY or equivalent in the shell/PowerShell runner) and invoke "$BINARY" without the "--dev-key" flag, preserving DESKTOP_PID assignment as before; apply the same change to the other occurrences referenced (the other "$BINARY --dev-key" invocations) and update the tests/e2e-desktop/scripts/ Bash and PowerShell helpers to read DEV_KEY from the environment rather than passing it on argv.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/e2e-desktop.yml:
- Around line 53-58: The workflow's condition allows runs triggered by any
successful upstream workflow_run, enabling PR-originated code to execute with
repository secrets; update the conditional expression that currently checks
github.event_name == 'workflow_run' && github.event.workflow_run.conclusion ==
'success' && needs.changes.outputs.desktop == 'true' to also require
github.event.workflow_run.event == 'push' so only upstream push events can
trigger this path (i.e., add the guard github.event.workflow_run.event == 'push'
into the same AND clause).
In `@codecov.yml`:
- Around line 7-10: The default Codecov status is incorrectly aggregating
desktop coverage because `project.default.flags` includes `desktop`; remove
`desktop` from the `project.default.flags` list in codecov.yml (or move it into
its own status entry) so the default status only reports the intended flags
(e.g., `api`, `crypto`) and create a separate status block that targets the
`desktop` flag if you need a distinct desktop coverage check.
---
Nitpick comments:
In @.github/workflows/e2e-desktop.yml:
- Around line 389-390: The workflow is passing the development key via the
command-line flag "--dev-key" to "$BINARY" which exposes the secret in process
arguments; instead, set the dev key in the environment (e.g., export/Set-Item
env:DEV_KEY or equivalent in the shell/PowerShell runner) and invoke "$BINARY"
without the "--dev-key" flag, preserving DESKTOP_PID assignment as before; apply
the same change to the other occurrences referenced (the other "$BINARY
--dev-key" invocations) and update the tests/e2e-desktop/scripts/ Bash and
PowerShell helpers to read DEV_KEY from the environment rather than passing it
on argv.
macOS: Replace wget with curl for Kubo download — wget is not available on macOS GitHub runners, causing silent download failure and subsequent "command not found" for install.sh. Linux: Fix xvfb-action multi-line run — GabrielBB/xvfb-action@v1 executes each line as a separate xvfb-run invocation, so export and variable assignments fail as standalone commands. Move env vars to step-level env: and wrap commands in a single bash -c invocation. Also adds workflow_run.event == 'push' guard (defense-in-depth from PR #227 that was lost in squash merge). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 87f24f6da360
* fix(ci): fix desktop E2E failures on macOS and Linux macOS: Replace wget with curl for Kubo download — wget is not available on macOS GitHub runners, causing silent download failure and subsequent "command not found" for install.sh. Linux: Fix xvfb-action multi-line run — GabrielBB/xvfb-action@v1 executes each line as a separate xvfb-run invocation, so export and variable assignments fail as standalone commands. Move env vars to step-level env: and wrap commands in a single bash -c invocation. Also adds workflow_run.event == 'push' guard (defense-in-depth from PR #227 that was lost in squash merge). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 87f24f6da360 * fix(ci): use POST for Kubo RPC API readiness check Kubo v0.34.0 requires POST for all RPC API endpoints. The Windows readiness check used Invoke-WebRequest (GET), which got a 405 response causing the catch block to trigger on every iteration. The Unix check worked by accident since curl doesn't fail on 405 without -f. Fix both: add -Method Post for Windows, add -sf -X POST for Unix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 716c24e576cb --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Summary
build-desktop-*→e2e-desktop.ymldownload) that broke when CI skipped builds on non-desktop changese2e-desktop.ymlself-contained: adds change detection, builds its own debug binaries, then runs E2E testscargo-test-{windows,macos,linux}jobs to CI, gated oncargo-checkpassing — runs the existing 8 test files (crypto vectors, sync queue, FUSE cache, file handles, device registry, auth commands, tray status)cargo-llvm-covon Linux, uploaded to Codecov withdesktopflagTest plan
cargo-check-*→cargo-test-*on PRs with desktop changescargo-test-linuxuploads coverage to Codecovchanges.outputs.desktop=false)workflow_dispatchon e2e-desktop → always runs full pipeline🤖 Generated with Claude Code
Summary by CodeRabbit
Tests
E2E