fix(ci): fix desktop E2E failures on macOS and Linux#228
Conversation
macOS: Replace wget with curl for Kubo download — wget is not available on macOS GitHub runners, causing silent download failure and subsequent "command not found" for install.sh. Linux: Fix xvfb-action multi-line run — GabrielBB/xvfb-action@v1 executes each line as a separate xvfb-run invocation, so export and variable assignments fail as standalone commands. Move env vars to step-level env: and wrap commands in a single bash -c invocation. Also adds workflow_run.event == 'push' guard (defense-in-depth from PR #227 that was lost in squash merge). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 87f24f6da360
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (1)
WalkthroughThe e2e-desktop GitHub Actions workflow was updated to narrow job trigger logic, replace wget with curl for IPFS Kubo downloads, and restructure the Linux test step with environment variables and a bash script block for consistency across platforms. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/e2e-desktop.yml (1)
176-178: Consider adding hash verification for Kubo download.The Windows WinFsp installation (lines 126-129) validates the download hash before installation. For consistency and supply chain security, consider adding similar verification for the Kubo tarball:
EXPECTED_HASH="<sha256-hash-from-kubo-releases>" ACTUAL_HASH=$(sha256sum "kubo_${KUBO_VERSION}_${ARCH}.tar.gz" | cut -d' ' -f1) if [ "$ACTUAL_HASH" != "$EXPECTED_HASH" ]; then echo "Kubo tarball hash mismatch" >&2 exit 1 fiThis is optional since the download URL uses HTTPS from the official distribution site, but hash verification provides defense-in-depth against compromised mirrors or CDN issues.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/e2e-desktop.yml around lines 176 - 178, Add SHA-256 verification after downloading the Kubo tarball and before extraction/installation: compute the actual hash of "kubo_${KUBO_VERSION}_${ARCH}.tar.gz" (using sha256sum or shasum -a 256), compare it to an EXPECTED_HASH sourced from the Kubo release metadata (or an environment variable), and if they differ print an error and exit non‑zero; place this check between the curl download line and the tar -xzf line so the tar extraction and sudo ./kubo/install.sh only run when the hash matches.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/e2e-desktop.yml:
- Around line 176-178: Add SHA-256 verification after downloading the Kubo
tarball and before extraction/installation: compute the actual hash of
"kubo_${KUBO_VERSION}_${ARCH}.tar.gz" (using sha256sum or shasum -a 256),
compare it to an EXPECTED_HASH sourced from the Kubo release metadata (or an
environment variable), and if they differ print an error and exit non‑zero;
place this check between the curl download line and the tar -xzf line so the tar
extraction and sudo ./kubo/install.sh only run when the hash matches.
Kubo v0.34.0 requires POST for all RPC API endpoints. The Windows readiness check used Invoke-WebRequest (GET), which got a 405 response causing the catch block to trigger on every iteration. The Unix check worked by accident since curl doesn't fail on 405 without -f. Fix both: add -Method Post for Windows, add -sf -X POST for Unix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Entire-Checkpoint: 716c24e576cb
Summary
wgetwithcurlfor Kubo (IPFS) download —wgetis not available on macOS GitHub runners, causing silent download failure andcommand not foundforinstall.shGabrielBB/xvfb-action@v1multi-linerun— the action executes each line as a separatexvfb-runinvocation, soexportand variable assignments fail as standalone commands. Moved env vars to step-levelenv:and wrapped commands in a singlebash -cinvocationworkflow_run.event == 'push'guard (defense-in-depth from PR fix(ci): consolidate desktop E2E pipeline and add Rust tests #227 lost in squash merge)Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit
Tests
Chores