ci: 8-item Phase 2 playbook → hero_foundry release pipeline #29

Merged

mik-tf merged 2 commits from development_mik_release_assets into development

2026-05-04 22:04:16 +00:00

mik-tf commented

2026-05-04 22:04:06 +00:00

Owner

Summary

Layers session 56 fixes on top of session 53's 1cbf71a cluster A baseline. Brings hero_foundry to parity with the post-biz canonical release pipeline (the 8-item Phase 2 pre-flight playbook captured at hero_demo#54 c29136).

Validated end-to-end: v0.2.3-rc2 published 6 release assets with full Rust target-triple naming (3 binaries × 2 archs). Both runs green.

Changes

Workflow (.forgejo/workflows/build-linux.yaml):
- Asset names use full target triple (x86_64-unknown-linux-musl, aarch64-unknown-linux-gnu) per home#212.
- actions/checkout@v4 (drops manual git clone).
- python3 (in runner image) replaces jq (not in image) — playbook item 4.
- Explicit rustup target add ${{ matrix.target }} defensive step — playbook item 8.
Cargo / TLS (crates/hero_foundry_webdav_client/Cargo.toml):
- reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] } purges openssl-sys from the lockfile (3 → 0 entries) — playbook item 2.
Toolchain (scripts/build_lib.sh):
- Drops the apt install jq workaround (no longer needed once workflow uses python3).
- Keeps the rustup target add x86_64-unknown-linux-musl pre-install for E0463 prevention.
Workspace gate:
- cargo build --workspace --release green.
- One inline #[allow(clippy::too_many_arguments)] on merge_branches.
- Pre-existing clippy hygiene drift filed as #28 — mirrors hero_biz#22 deferral.
VERSION bump 0.2.2 → 0.2.3.

Test plan

cargo build --workspace --release — green (43.6s on warm cache).
Tag push v0.2.3-rc2 — both matrix legs green.
Release assets verified: 6 files, target-triple suffixes, both archs.
Consumer smoke test on heroci via service_foundry install --from-ci --version v0.2.3-rc2 (separate PR on hero_skills).

Tracker

Phase 2 META: lhumina_code/hero_demo#54
Pre-flight playbook: lhumina_code/hero_demo#54 (comment)

🤖 Generated with Claude Code

## Summary Layers session 56 fixes on top of session 53's `1cbf71a` cluster A baseline. Brings `hero_foundry` to parity with the post-biz canonical release pipeline (the 8-item Phase 2 pre-flight playbook captured at [hero_demo#54 c29136](https://forge.ourworld.tf/lhumina_code/hero_demo/issues/54#issuecomment-29136)). Validated end-to-end: `v0.2.3-rc2` published **6 release assets** with full Rust target-triple naming (3 binaries × 2 archs). Both runs green. ## Changes - **Workflow** (`.forgejo/workflows/build-linux.yaml`): - Asset names use full target triple (`x86_64-unknown-linux-musl`, `aarch64-unknown-linux-gnu`) per [home#212](https://forge.ourworld.tf/lhumina_code/home/issues/212). - `actions/checkout@v4` (drops manual git clone). - `python3` (in runner image) replaces `jq` (not in image) — playbook item 4. - Explicit `rustup target add ${{ matrix.target }}` defensive step — playbook item 8. - **Cargo / TLS** (`crates/hero_foundry_webdav_client/Cargo.toml`): - `reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }` purges `openssl-sys` from the lockfile (3 → 0 entries) — playbook item 2. - **Toolchain** (`scripts/build_lib.sh`): - Drops the `apt install jq` workaround (no longer needed once workflow uses python3). - Keeps the `rustup target add x86_64-unknown-linux-musl` pre-install for E0463 prevention. - **Workspace gate**: - `cargo build --workspace --release` green. - One inline `#[allow(clippy::too_many_arguments)]` on `merge_branches`. - Pre-existing clippy hygiene drift filed as [#28](https://forge.ourworld.tf/lhumina_code/hero_foundry/issues/28) — mirrors hero_biz#22 deferral. - **VERSION** bump 0.2.2 → 0.2.3. ## Test plan - [x] `cargo build --workspace --release` — green (43.6s on warm cache). - [x] Tag push `v0.2.3-rc2` — both matrix legs green. - [x] Release assets verified: 6 files, target-triple suffixes, both archs. - [ ] Consumer smoke test on heroci via `service_foundry install --from-ci --version v0.2.3-rc2` (separate PR on hero_skills). ## Tracker - Phase 2 META: https://forge.ourworld.tf/lhumina_code/hero_demo/issues/54 - Pre-flight playbook: https://forge.ourworld.tf/lhumina_code/hero_demo/issues/54#issuecomment-29136 🤖 Generated with [Claude Code](https://claude.com/claude-code)

mik-tf added 2 commits

2026-05-04 22:04:07 +00:00

ci: publish binaries to Releases assets (cluster A canonical-pattern fix)

Build Linux / build-linux (linux-amd64, false, x86_64-unknown-linux-musl) (push) Failing after 49s

Details

Build Linux / build-linux (linux-arm64, true, aarch64-unknown-linux-gnu) (push) Failing after 49s

Details

1cbf71a104

Mirrors the cluster A pilot landed at hero_browser PR #17. Restores
parity with hero_proc's build-linux.yaml canonical pattern. Single
squashed commit per option 2(b) of the audit plan.

Workflow changes (.forgejo/workflows/build-linux.yaml):
- Adds explicit Create Release step (race-tolerant POST→GET fallback).
- Adds Upload Release Assets step (loops $BINARIES from buildenv.sh,
  uploads to /api/v1/repos/.../releases/.../assets).
- Replaces broken publish_binaries helper call with inline pkg-registry
  upload using correct /api/packages/<owner>/generic/<project>/<v>/
  endpoint (publish_binaries used /api/crates/, which 404s) and
  tag-derived version.

build_lib.sh::setup_linux_toolchain changes:
- Pre-installs x86_64-unknown-linux-musl target (despiegk/builder image
  stopped shipping it; without this builds fail with E0463 "can't find
  crate for `core`").
- apt-installs jq (required by Create Release / Upload Release Assets
  curl chains; not in despiegk/builder image).

hero_foundry is structurally identical to hero_browser (matrix shape,
buildenv.sh location, setup_linux_toolchain function); single squashed
commit covers all 4 cluster-A bugs without needing per-rc iteration.

Tracker: lhumina_code/hero_demo#54
        #26
Pilot:   lhumina_code/hero_browser#17

Signed-off-by: mik-tf

ci: apply 8-item Phase 2 playbook to hero_foundry release pipeline

Build Linux / build-linux (x86_64-unknown-linux-musl, false, x86_64-unknown-linux-musl) (push) Successful in 17m24s

Details

Build Linux / build-linux (aarch64-unknown-linux-gnu, true, aarch64-unknown-linux-gnu) (push) Successful in 24m13s

Details

Build and Test / build (pull_request) Successful in 2m57s

Details

e664d91d55

Layers session 56 fixes on top of the 1cbf71a cluster A baseline (session
53). Brings hero_foundry to parity with the post-biz canonical workflow
(hero_biz#22 / hero_demo#54) before tagging v0.2.3 release candidates.

Workflow rewrite (.forgejo/workflows/build-linux.yaml):
  - Asset names use full Rust target triple
    (x86_64-unknown-linux-musl / aarch64-unknown-linux-gnu) per
    lhumina_code/home#212.
  - Checkout via actions/checkout@v4 (drops manual git clone).
  - Create Release uses python3 (in despiegk/builder image) instead of
    jq (not in image) — playbook item 4.
  - Setup toolchain step adds explicit `rustup target add` defensively;
    setup_linux_toolchain has been observed to silently skip the musl
    target on this runner, leading to E0463 — playbook item 8.

build_lib.sh:
  - Drops the apt install jq workaround added in 1cbf71a; no longer
    needed once workflow uses python3.
  - Keeps the rustup target add x86_64-unknown-linux-musl pre-install
    (still needed for E0463 prevention in setup_linux_toolchain).

Cargo (rustls / openssl-sys purge):
  - hero_foundry_webdav_client/Cargo.toml: reqwest now uses
    default-features = false, features = ["json", "rustls-tls"].
    Cargo tree -i openssl-sys confirms the 3 lockfile entries
    disappear — playbook item 2. Mirrors hero_biz_ui/Cargo.toml:54.

Workspace gate:
  - cargo build --workspace --release green.
  - Pre-existing clippy hygiene drift filed as
    #28
    (mirrors hero_biz#22 deferral). One inline allow added on
    merge_branches in hero_foundry_sdk for the 8-arg threshold.

VERSION bump 0.2.2 → 0.2.3 (next: tag v0.2.3-rc1).

Tracker: lhumina_code/hero_demo#54
Playbook: lhumina_code/hero_demo#54 (comment)

Signed-off-by: mik-tf