From 44b9b4e8df3a3fddb1dee7b6c7ee11d4efdbd877 Mon Sep 17 00:00:00 2001 From: forbes-0023 Date: Mon, 9 Feb 2026 12:59:21 -0600 Subject: [PATCH 1/3] fix: set NODE_EXTRA_CA_CERTS for artifact upload/download actions Node.js actions (checkout, cache, upload-artifact, download-artifact) use their own TLS stack and don't trust the system CA store. Setting NODE_EXTRA_CA_CERTS points Node to the system bundle which includes the Cloudflare origin CA. --- .gitea/workflows/build.yml | 1 + .gitea/workflows/release.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index cd65e72532..f9e239d263 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -20,6 +20,7 @@ jobs: CCACHE_SLOPPINESS: "include_file_ctime,include_file_mtime,pch_defines,time_macros" CCACHE_BASEDIR: ${{ github.workspace }} DEBIAN_FRONTEND: noninteractive + NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt steps: - name: Trust Cloudflare origin CA diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 7a42021948..cea4cd4c16 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -29,6 +29,7 @@ jobs: CFLAGS: "-O3" CXXFLAGS: "-O3" DEBIAN_FRONTEND: noninteractive + NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt steps: - name: Trust Cloudflare origin CA @@ -323,6 +324,7 @@ jobs: env: BUILD_TAG: ${{ github.ref_name || inputs.tag }} + NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt steps: - name: Trust Cloudflare origin CA From dfc32cabd663ab0a696625e12d40d80bb6b99174 Mon Sep 17 00:00:00 2001 From: forbes Date: Mon, 9 Feb 2026 16:05:22 -0600 Subject: [PATCH 2/3] fix(ci): fix ccache 0% hit rate and improve cache persistence MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root cause: compiler_check=mtime (default) invalidates the entire cache on every run because pixi installs fresh compiler binaries with new mtimes each time. The CI logs confirm 0/2579 cache hits (0.00%) despite successfully restoring a 225MB cache. Fix: set CCACHE_COMPILERCHECK=content to hash compiler binary content instead of mtime. Same compiler version = same content = cache hits. Also fix cache save strategy: use github.run_id for save keys so every build persists its ccache objects. Previously date-based keys with cache-hit guard meant the cache was only saved once per day — all subsequent compilations were thrown away. Changes: - Add CCACHE_COMPILERCHECK=content to build.yml, release.yml, build.sh - Use github.run_id in cache save keys (unique per run = always saves) - Remove date-based cache key computation step - Remove cache-hit != true guard on save step - Add ccache-build-main- fallback to release workflow restore-keys --- .gitea/workflows/build.yml | 11 ++++------- .gitea/workflows/release.yml | 12 +++++------- package/rattler-build/build.sh | 1 + 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index f9e239d263..ae0fe39642 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -18,6 +18,7 @@ jobs: CCACHE_COMPRESSLEVEL: "6" CCACHE_MAXSIZE: "4G" CCACHE_SLOPPINESS: "include_file_ctime,include_file_mtime,pch_defines,time_macros" + CCACHE_COMPILERCHECK: "content" CCACHE_BASEDIR: ${{ github.workspace }} DEBIAN_FRONTEND: noninteractive NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt @@ -68,16 +69,12 @@ jobs: export PATH="$HOME/.pixi/bin:$PATH" pixi --version - - name: Compute cache date key - id: cache-date - run: echo "date=$(date -u +%Y%m%d)" >> $GITHUB_OUTPUT - - name: Restore ccache id: ccache-restore uses: https://git.kindred-systems.com/actions/cache.git/restore@v4 with: path: /tmp/ccache-kindred-create - key: ccache-build-${{ github.ref_name }}-${{ steps.cache-date.outputs.date }} + key: ccache-build-${{ github.ref_name }}-${{ github.run_id }} restore-keys: | ccache-build-${{ github.ref_name }}- ccache-build-main- @@ -98,11 +95,11 @@ jobs: run: pixi run ccache -s - name: Save ccache - if: always() && steps.ccache-restore.outputs.cache-hit != 'true' + if: always() uses: https://git.kindred-systems.com/actions/cache.git/save@v4 with: path: /tmp/ccache-kindred-create - key: ccache-build-${{ github.ref_name }}-${{ steps.cache-date.outputs.date }} + key: ccache-build-${{ github.ref_name }}-${{ github.run_id }} - name: Run C++ unit tests continue-on-error: true diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index cea4cd4c16..50297850dd 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -24,6 +24,7 @@ jobs: CCACHE_COMPRESSLEVEL: "6" CCACHE_MAXSIZE: "4G" CCACHE_SLOPPINESS: "include_file_ctime,include_file_mtime,pch_defines,time_macros" + CCACHE_COMPILERCHECK: "content" CCACHE_BASEDIR: ${{ github.workspace }} BUILD_TAG: ${{ github.ref_name || inputs.tag }} CFLAGS: "-O3" @@ -78,18 +79,15 @@ jobs: export PATH="$HOME/.pixi/bin:$PATH" pixi --version - - name: Compute cache date key - id: cache-date - run: echo "date=$(date -u +%Y%m%d)" >> $GITHUB_OUTPUT - - name: Restore ccache id: ccache-restore uses: https://git.kindred-systems.com/actions/cache.git/restore@v4 with: path: /tmp/ccache-kindred-create - key: ccache-release-linux-${{ steps.cache-date.outputs.date }} + key: ccache-release-linux-${{ github.run_id }} restore-keys: | ccache-release-linux- + ccache-build-main- - name: Prepare ccache run: | @@ -109,11 +107,11 @@ jobs: run: pixi run ccache -s - name: Save ccache - if: always() && steps.ccache-restore.outputs.cache-hit != 'true' + if: always() uses: https://git.kindred-systems.com/actions/cache.git/save@v4 with: path: /tmp/ccache-kindred-create - key: ccache-release-linux-${{ steps.cache-date.outputs.date }} + key: ccache-release-linux-${{ github.run_id }} - name: Clean up intermediate build files run: | diff --git a/package/rattler-build/build.sh b/package/rattler-build/build.sh index e143c98acf..b723e75e3b 100644 --- a/package/rattler-build/build.sh +++ b/package/rattler-build/build.sh @@ -6,6 +6,7 @@ export CCACHE_COMPRESS="${CCACHE_COMPRESS:-true}" export CCACHE_COMPRESSLEVEL="${CCACHE_COMPRESSLEVEL:-6}" export CCACHE_MAXSIZE="${CCACHE_MAXSIZE:-4G}" export CCACHE_SLOPPINESS="${CCACHE_SLOPPINESS:-include_file_ctime,include_file_mtime,pch_defines,time_macros}" +export CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK:-content}" mkdir -p "$CCACHE_DIR" echo "ccache config: CCACHE_DIR=$CCACHE_DIR CCACHE_BASEDIR=$CCACHE_BASEDIR" ccache -z || true From 0745309559838010eb1454dc54dae613424c99a0 Mon Sep 17 00:00:00 2001 From: forbes Date: Mon, 9 Feb 2026 18:40:54 -0600 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20update=20silo=20submodule=20?= =?UTF-8?q?=E2=80=94=20save=20Modified=20attribute=20fix=20(#13)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pins silo to silo-mod@7cf5867 which fixes: - 'App.Document' object has no attribute 'Modified' error on every save (uses Gui.Document.Modified instead of App.Document.Modified) --- mods/silo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mods/silo b/mods/silo index 8937cb5e8b..7cf5867a7a 160000 --- a/mods/silo +++ b/mods/silo @@ -1 +1 @@ -Subproject commit 8937cb5e8be6163f63e00af403809b8e21109055 +Subproject commit 7cf5867a7ac16375fbffc69aeba8af436dec7523