Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oxipng/9.1.4 package update #42760

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

oxipng/9.1.4 package update #42760

wants to merge 2 commits into from
+2 −6

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Feb 14, 2025

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Feb 14, 2025
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Feb 14, 2025

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

Since no specific error message is shown in the build output, and the build appears to complete successfully (indicated by "wrote packages/x86_64/oxipng-9.1.4-r0.apk"), I'll analyze potential issues with the Melange YAML file and suggest improvements for robustness:

• Error Category: Configuration
• Failure Point: No immediate failure, but potential reliability concerns
• Root Cause Analysis: The YAML file could benefit from additional build requirements and test coverage

• Suggested Fix:

package:
  name: oxipng
  version: "9.1.4"
  epoch: 0
  description: Multithreaded PNG optimizer written in Rust
  copyright:
    - license: MIT
  dependencies:
    runtime:
      - glibc
      - libgcc
      - libm

environment:
  contents:
    packages:
      - rust-1.84
      - cargo-auditable
      - build-base
  environment:
    RUSTFLAGS: "-C linker=/usr/local/bin/gcc"
    CARGO_HOME: "/tmp/cargo"
    CARGO_NET_OFFLINE: "true"

pipeline:
  - uses: git-checkout
    with:
      repository: https://github.com/shssoichiro/oxipng
      tag: v${{package.version}}
      expected-commit: bc8c36456858fe4678460bdea520a4ec0bc50dc4

  - uses: cargo/build
    with:
      output: ${{package.name}}
      cargo-auditable: true

  - uses: strip

• Explanation:

  1. Added explicit runtime dependencies based on the scan output
  2. Added build environment packages explicitly
  3. Added CARGO_HOME and CARGO_NET_OFFLINE for build reproducibility
  4. Enabled cargo-auditable for better security tracking

• Additional Notes:

  • The build succeeds but could be more robust with explicit dependencies
  • Consider adding more comprehensive tests
  • Security scanning with cargo-audit might be valuable
  • Runtime dependencies match the scanning output

• References:

Would you like me to explain any part of these suggestions in more detail?

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Feb 14, 2025
@OddBloke OddBloke self-assigned this Feb 14, 2025
@OddBloke OddBloke force-pushed the wolfictl-11f93d4d-3bed-4fcb-880b-c5c79399ede4 branch from 2809406 to 8a0ce5c Compare February 18, 2025 17:08
@OddBloke OddBloke marked this pull request as draft February 18, 2025 17:08
@OddBloke
Copy link
Member

Converted to Draft as I'm iterating on an arm build failure in CI

@OddBloke OddBloke force-pushed the wolfictl-11f93d4d-3bed-4fcb-880b-c5c79399ede4 branch from 8a0ce5c to 5232087 Compare February 18, 2025 17:47
wolfi-bot and others added 2 commits February 18, 2025 13:03
@wolfi-bot @OddBloke
oxipng/9.1.4 package update
3118b76 
Signed-off-by: wolfi-bot <[email protected]>
@OddBloke
oxipng: remove spurious RUSTFLAGS
e2cf443 
These don't seem to have an impact on build success/failure, and point
at a non-existent path.
@OddBloke OddBloke force-pushed the wolfictl-11f93d4d-3bed-4fcb-880b-c5c79399ede4 branch from 5232087 to e2cf443 Compare February 18, 2025 18:03
@OddBloke OddBloke added help wanted Extra attention is needed interrupt labels Feb 18, 2025
@OddBloke OddBloke marked this pull request as ready for review February 18, 2025 18:14
@OddBloke
Copy link
Member

We've escalated this internally as it's a toolchain type issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@OddBloke OddBloke

Labels
ai/skip-comment Stop AI from commenting on PR automated pr help wanted Extra attention is needed interrupt request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@OddBloke @wolfi-bot