From f1ff20c9578d64be01c4f72a837da34320dcabf6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 19:29:30 +0000 Subject: [PATCH 1/2] Bump rust-toolchain from 1.95.0 to 1.96.0 Bumps [rust-toolchain](https://github.com/rust-lang/rust) from 1.95.0 to 1.96.0. - [Release notes](https://github.com/rust-lang/rust/releases) - [Changelog](https://github.com/rust-lang/rust/blob/main/RELEASES.md) - [Commits](https://github.com/rust-lang/rust/compare/1.95.0...1.96.0) --- updated-dependencies: - dependency-name: rust-toolchain dependency-version: 1.96.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- rust-toolchain.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust-toolchain.toml b/rust-toolchain.toml index f25b5b1..0f87b44 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,2 +1,2 @@ [toolchain] -channel = "1.95.0" +channel = "1.96.0" From 64bd35eca0b7b208fc7f96279122b49cd3618531 Mon Sep 17 00:00:00 2001 From: Scott Andrews Date: Thu, 28 May 2026 16:31:27 -0400 Subject: [PATCH 2/2] Use rust:latest image and switch toolchains Rust can quickly switch the toolchain quickly. We can always pull the same up-to-date image and switch the toolchain as needed. Signed-off-by: Scott Andrews --- .github/workflows/dev-publish.yaml | 6 +++--- .github/workflows/manual-publish.yaml | 10 +++++----- .github/workflows/publish.yaml | 8 ++++---- .github/workflows/pull-request.yaml | 6 +++--- .github/workflows/push.yaml | 6 +++--- Dockerfile | 8 +++++--- 6 files changed, 23 insertions(+), 21 deletions(-) diff --git a/.github/workflows/dev-publish.yaml b/.github/workflows/dev-publish.yaml index ce58b94..2284706 100644 --- a/.github/workflows/dev-publish.yaml +++ b/.github/workflows/dev-publish.yaml @@ -16,7 +16,7 @@ jobs: name: Preflight runs-on: ubuntu-latest outputs: - rust-version: ${{ steps.versions.outputs.rust-version }} + rust-toolchain: ${{ steps.versions.outputs.rust-toolchain }} git-sha: ${{ steps.versions.outputs.git-sha }} git-sha-short: ${{ steps.versions.outputs.git-sha-short }} git-date: ${{ steps.versions.outputs.git-date }} @@ -27,7 +27,7 @@ jobs: run: | set -euo pipefail - echo "rust-version=$(yq -r '.toolchain.channel' rust-toolchain.toml)" | tee -a "${GITHUB_OUTPUT}" + echo "rust-toolchain=$(yq -r '.toolchain.channel' rust-toolchain.toml)" | tee -a "${GITHUB_OUTPUT}" git_commit=$(gh api repos/bytecodealliance/wasmtime/commits/${{ inputs.git-ref || 'refs/tags/dev' }} --template '{{.sha}} {{.commit.committer.date}}') git_sha="$(echo "${git_commit}" | cut -d' ' -f1)" @@ -46,7 +46,7 @@ jobs: needs: preflight uses: ./.github/workflows/publish.yaml with: - rust-version: "${{ needs.preflight.outputs.rust-version }}" + rust-toolchain: "${{ needs.preflight.outputs.rust-toolchain }}" wasmtime-git-sha: ${{ needs.preflight.outputs.git-sha }} repository: dev tag: dev-${{ needs.preflight.outputs.git-sha }} diff --git a/.github/workflows/manual-publish.yaml b/.github/workflows/manual-publish.yaml index 629cbc8..bb94e8b 100644 --- a/.github/workflows/manual-publish.yaml +++ b/.github/workflows/manual-publish.yaml @@ -24,8 +24,8 @@ on: description: force overwriting an existing image type: boolean default: false - rust-version: - description: rust version to build + rust-toolchain: + description: rust toolchain to build with type: string jobs: @@ -34,7 +34,7 @@ jobs: name: Preflight runs-on: ubuntu-latest outputs: - rust-version: ${{ steps.versions.outputs.rust-version }} + rust-toolchain: ${{ steps.versions.outputs.rust-toolchain }} wasmtime-git-sha: ${{ steps.versions.outputs.wasmtime-git-sha }} additional-tags: ${{ steps.versions.outputs.additional-tags }} steps: @@ -44,7 +44,7 @@ jobs: run: | set -euo pipefail - echo "rust-version=${{ inputs.rust-version || '$(yq -r ''.toolchain.channel'' rust-toolchain.toml)' }}" | tee -a "${GITHUB_OUTPUT}" + echo "rust-toolchain=${{ inputs.rust-toolchain || '$(yq -r ''.toolchain.channel'' rust-toolchain.toml)' }}" | tee -a "${GITHUB_OUTPUT}" wasmtime_git_sha="$(gh api "repos/bytecodealliance/wasmtime/commits/${{ inputs.wasmtime-git-ref }}" --template '{{.sha}}')" echo "wasmtime-git-sha=${wasmtime_git_sha}" | tee -a "${GITHUB_OUTPUT}" @@ -64,7 +64,7 @@ jobs: needs: preflight uses: ./.github/workflows/publish.yaml with: - rust-version: "${{ needs.preflight.outputs.rust-version }}" + rust-toolchain: "${{ needs.preflight.outputs.rust-toolchain }}" wasmtime-crate: "${{ inputs.wasmtime-crate }}" wasmtime-git-sha: "${{ needs.preflight.outputs.wasmtime-git-sha }}" repository: "${{ inputs.repository }}" diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 6f5098e..2c4d26e 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -10,8 +10,8 @@ on: description: wasmtime git sha to build required: true type: string - rust-version: - description: rust version to build + rust-toolchain: + description: rust toolchain to build with required: true type: string repository: @@ -115,7 +115,7 @@ jobs: --build-arg "wasmtime_git_rev=${{ inputs.wasmtime-git-sha }}" \ --build-arg "cargo_auditable_version=${{ needs.preflight.outputs.cargo-auditable-version }}" \ --build-arg "from_base=${{ needs.preflight.outputs.base }}@${{ needs.preflight.outputs.base-digest }}" \ - --build-arg "from_build=rust:${{ inputs.rust-version }}" \ + --build-arg "rust_toolchain=${{ inputs.rust-toolchain }}" \ --label org.opencontainers.image.authors="Bytecode Alliance " \ --label org.opencontainers.image.base.digest="${{ needs.preflight.outputs.base-digest }}" \ --label org.opencontainers.image.base.name="${{ needs.preflight.outputs.base }}" \ @@ -280,7 +280,7 @@ jobs: "${{ env.repository }}@${{ needs.test.outputs.digest }}" \ "${tag}" done <<< "${additional_tags}" - - name: Primary tags + - name: Primary tag run: | crane tag \ "${{ env.repository }}@${{ needs.test.outputs.digest }}" \ diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index ed32393..6fcdeab 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -11,7 +11,7 @@ jobs: permissions: pull-requests: read outputs: - rust-version: ${{ steps.versions.outputs.rust-version }} + rust-toolchain: ${{ steps.versions.outputs.rust-toolchain }} wasmtime-stable-changed: ${{ steps.filter.outputs.wasmtime-stable }} wasmtime-stable-git-sha: ${{ steps.versions.outputs.wasmtime-stable-git-sha }} wasmtime-stable-version: ${{ steps.versions.outputs.wasmtime-stable-version }} @@ -50,7 +50,7 @@ jobs: run: | set -euo pipefail - echo "rust-version=$(yq -r '.toolchain.channel' rust-toolchain.toml)" | tee -a "${GITHUB_OUTPUT}" + echo "rust-toolchain=$(yq -r '.toolchain.channel' rust-toolchain.toml)" | tee -a "${GITHUB_OUTPUT}" # stable wasmtime_stable_version="$(cd versions/stable ; yq -p toml -oj -r '.package[] | select(.name == "wasmtime-cli") | .version' Cargo.lock)" @@ -115,7 +115,7 @@ jobs: force: ${{ needs.preflight.outputs.common-changed == 'true' }} uses: ./.github/workflows/publish.yaml with: - rust-version: "${{ needs.preflight.outputs.rust-version }}" + rust-toolchain: "${{ needs.preflight.outputs.rust-toolchain }}" wasmtime-crate: "${{ matrix.wasmtime-crate }}" wasmtime-git-sha: "${{ matrix.wasmtime-git-sha }}" tag: "${{ matrix.tag }}" diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index 9b1746d..5b8956b 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -12,7 +12,7 @@ jobs: name: Preflight runs-on: ubuntu-latest outputs: - rust-version: ${{ steps.versions.outputs.rust-version }} + rust-toolchain: ${{ steps.versions.outputs.rust-toolchain }} wasmtime-stable-git-sha: ${{ steps.versions.outputs.wasmtime-stable-git-sha }} wasmtime-stable-version: ${{ steps.versions.outputs.wasmtime-stable-version }} wasmtime-stable-version-major: ${{ steps.versions.outputs.wasmtime-stable-version-major }} @@ -36,7 +36,7 @@ jobs: run: | set -euo pipefail - echo "rust-version=$(yq -r '.toolchain.channel' rust-toolchain.toml)" | tee -a "${GITHUB_OUTPUT}" + echo "rust-toolchain=$(yq -r '.toolchain.channel' rust-toolchain.toml)" | tee -a "${GITHUB_OUTPUT}" # stable wasmtime_stable_version="$(cd versions/stable ; yq -p toml -oj -r '.package[] | select(.name == "wasmtime-cli") | .version' Cargo.lock)" @@ -114,7 +114,7 @@ jobs: lts-1 uses: ./.github/workflows/publish.yaml with: - rust-version: "${{ needs.preflight.outputs.rust-version }}" + rust-toolchain: "${{ needs.preflight.outputs.rust-toolchain }}" wasmtime-crate: "${{ matrix.wasmtime-crate }}" wasmtime-git-sha: "${{ matrix.wasmtime-git-sha }}" tag: "${{ matrix.tag }}" diff --git a/Dockerfile b/Dockerfile index f143173..2c06bcc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ -ARG from_build from_base -FROM ${from_build} AS build -ARG wasmtime_crate wasmtime_git_rev cargo_auditable_version +ARG from_base +FROM rust:latest AS build +ARG wasmtime_crate wasmtime_git_rev cargo_auditable_version rust_toolchain RUN \ + set -euo pipefail ; \ + rustup default "${rust_toolchain}" ; \ cargo install --locked "cargo-auditable@${cargo_auditable_version}" ; \ if [ "${wasmtime_crate}" = "" ] ; then \ # work around https://github.com/rust-secure-code/cargo-auditable/issues/124#issuecomment-1693428978