chore(ci): move cargo-* tools + lychee from CI installers to mise.toml#20210
Open
chore(ci): move cargo-* tools + lychee from CI installers to mise.toml#20210
Conversation
sebastianst
reviewed
Apr 21, 2026
Base automatically changed from
ci/mise-rust-toolchain-consolidation
to
develop
April 21, 2026 14:00
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## develop #20210 +/- ##
========================================
Coverage 11.4% 11.4%
========================================
Files 669 669
Lines 72658 72658
========================================
+ Hits 8332 8340 +8
+ Misses 64182 64174 -8
Partials 144 144
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Move Rust components (clippy, rustfmt, llvm-tools-preview) and cross-compile targets (riscv32imac-unknown-none-elf, wasm32-unknown-unknown, wasm32-wasip1) into mise.toml so developers and CI share one source of truth. Remove the rust-install-toolchain command from both main.yml and rust-ci.yml along with all 9 call sites — every invocation was installing the same 1.94.0 toolchain mise already provides, the only real work was adding the now-declared components/targets. Also drop the rust-msrv workflow entry (functionally identical to rust-build since MSRV equals the mise default). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mise.toml declares the cross-compile targets but they're not reliably installed in CI — the previous pipeline only passed the wasm builds because a stale cache restored /data/mise-data/.rustup with targets seeded by a pre-refactor run. A Cargo.lock change evicted the cache and the builds broke with "can't find crate for \`core\`" on wasm32-wasip1 and wasm32-unknown-unknown. Restore the inline \`rustup target add\` that the previous rust-install-toolchain command used to run, matching what just check-no-std already does for riscv32imac. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Pin cargo-deny, zepter, typos, cargo-udeps, cargo-hack, cargo-llvm-cov, and lychee in mise.toml so they're version-locked and available to contributors locally instead of being fetched per-job via cargo binstall or curl. Drop the corresponding install-cargo-binstall + cargo binstall fallbacks from rust-ci.yml, the inline lychee curl install, and the now-unused install-cargo-binstall command definitions in both main.yml and rust-ci.yml. Also drop the cargo-nextest binstall fallback — mise already pins nextest via the github:nextest-rs/nextest entry. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mise marked the ubi backend deprecated in favor of github, which adds provenance verification (GitHub artifact attestations, SLSA) and fewer runtime dependencies. Swap every `ubi:` entry — both the new cargo-* pins added in the previous commit and the pre-existing forge/cast/anvil, just, codecov-uploader, goreleaser-pro, gotestsum, mockery, svm-rs, kontrol, and binary_signer aliases. Unlike ubi, the github backend doesn't auto-strip tag prefixes, so add `version_prefix = "v"` for tools whose release tags are v-prefixed (verified via `gh release list`). cargo-deny and casey/just are the only entries that stay prefix-less. Translate ubi's `[exe=X]` to github's equivalent `[bin=X]` for the multi-binary foundry archive and for goreleaser-pro and svm-rs. Drop the kurtosis pin and alias — no other tool in the repo resolves it via mise (rollup-boost and op-service testutils invoke it from the system install path). Verified locally with `mise install` against every entry. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The mise docs and the vm-compat install hint still pointed users at the deprecated ubi: backend. Update them to github: so documented guidance matches mise.toml. Also note that github: requires explicit version_prefix for v-prefixed tags. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
nonsense
force-pushed
the
nonsense/ci/more-consolidation
branch
2 times, most recently
from
62e8fed to
8324702
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow up to: #20207
TODO:
ubikurtosislockfile- in a follow-up PR.