chore: release ic(x)-asset 0.28.1 and overhaul CI workflows#4508
Merged
chore: release ic(x)-asset 0.28.1 and overhaul CI workflows#4508
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace manual actions/cache@v4 blocks with actions-rust-lang/setup-rust-toolchain@v1 in unit.yml, lint.yml, fmt.yml, and e2e.yml. The old cache keys were all different across workflows so caches were never actually shared between them. Also stub out prepare-dfx-assets.yml: its original intent was to pre-warm Cargo caches for other workflows, but mismatched keys meant the caches were never reused. It also excluded the dfx-assets directory (the expensive downloaded binaries) from the cache, defeating its own purpose. The workflow is kept as a no-op stub because "prepare-dfx-assets:required" is a branch protection rule. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use explicit, up-to-date runner images across all workflows: - macOS: macos-15 (arm64) and macos-15-intel (x86_64) - Linux: ubuntu-24.04 and ubuntu-24.04-arm - Windows: windows-2025 Also drop the redundant ubuntu-22.04 / ubuntu-22.04-arm matrix entries in e2e.yml — they compiled the same Rust targets as their ubuntu-24.04 counterparts, so were just duplicating CI time. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove the redundant top-level target list — each target was already fully specified in the include entries, so the list was pure duplication. Using include-only matrix is sufficient and cleaner. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use OIDC-based authentication via rust-lang/crates-io-auth-action to publish dfx-core, ic-asset, icx-asset, and ic-certified-assets from CI instead of locally. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sort both actual and expected library lists through the same `sort` so locale differences across runner images cannot cause a mismatch. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Only release.yml retains macos-15-intel for building the precompiled binary. All other workflows (e2e, unit, lint) no longer run on Intel macOS since the repo will be deprecated soon. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set cache-shared-key: rust so that lint, unit, e2e, release, and publish workflows share compiled dependency artifacts. Disable caching for fmt since it doesn't compile anything. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The test fails on macOS CI runners because creating nested directories under dot-prefixed temp paths results in "Invalid argument" errors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Each of these tests runs multiple dfx start/stop cycles (~1 min each), making them very expensive in CI. The config-change detection logic is stable and this project is approaching deprecation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces the two-step cargo-binstall + ic-wasm install with a direct curl of the ic-wasm installer script, which is faster and avoids needing cargo-binstall as an intermediate dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
viviveevee
approved these changes
Mar 26, 2026
fmt doesn't produce target/ artifacts, so its cache would evict the real one shared by other workflows on the same runner. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This was a no-op stub kept only because "prepare-dfx-assets:required" was a branch protection rule. The admin will remove the required check. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Better reflects that this check gates dfx building on all platforms, not the release itself. The old branch protection rule will be updated by the admin. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove windows-2025 from e2e and lint matrices (unused) - Split Rust cache by build profile: debug for lint/unit, release for e2e/release - Disable cache for publish (cargo publish rebuilds from scratch) - Remove cargo clean from release build (incremental compilation already disabled) - Remove redundant --target flag and binary_path matrix variables (build for host) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Resolve Node.js 20 deprecation warnings by bumping: - actions/checkout v4 → v6 - actions/upload-artifact v4 → v7 - actions/download-artifact v4 → v8 - actions/cache v4 → v5 - actions/setup-python v5 → v6 - actions/github-script v6 → v8 - actions/create-github-app-token v2 → v3 - JamesIves/github-pages-deploy-action releases/v3 → v4 - dorny/paths-filter v3 → v4 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ic-assetandicx-assetto 0.28.1publish.yml) for publishing crates to crates.io via OIDC, replacing the manual local publish processpublish.yml(dfx binary release) torelease.ymlcanister_http_config_on_local_networktest on macOScargo-audituninstall with existence check in CI provisioningic-wasmvia installer script instead of cargo-binstallprepare-dfx-assetsstub workflowpublishable:requiredtobuild-dfx:requiredin the release workflowBranch protection rule changes
prepare-dfx-assets:requiredbuild-dfx:required(replaces the previously unenforcedpublishable:requiredcheck)Test plan
publish.ymlworkflow withic-assetandicx-assetselected to publish 0.28.1🤖 Generated with Claude Code