Skip to content

create tauri ui #84

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mors119 merged 7 commits into from
Jun 19, 2026
Merged

create tauri ui #84

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e88b635
Create Tauri
mors119 Jun 19, 2026
540e5c6
Add tauri CI
mors119 Jun 19, 2026
8852fee
Add Member src-tauri
mors119 Jun 19, 2026
6952c0f
fix "crates/*" -> "cartes/dustfril-core"
mors119 Jun 19, 2026
a70ac8c
fix: tauri-src/Cargo.toml Path-core
mors119 Jun 19, 2026
0fae659
fix: CI
mors119 Jun 19, 2026
88b5e76
fix: CI dependencies
mors119 Jun 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 16 additions & 9 deletions .github/workflows/rust.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
name: Rust CI

on:
pull_request:
branches:
- main

push:
branches:
- main
branches: [main]
pull_request:
branches: [main]

permissions:
contents: read
Expand All @@ -25,16 +22,26 @@ jobs:
steps:
- name: 📥 Checkout sources
uses: actions/checkout@v6
with:
persist-credentials: false

- name: Install Linux dependencies
run: |
sudo apt update
sudo apt install -y \
pkg-config \
libglib2.0-dev \
libgtk-3-dev \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev

- name: 🦀 Install stable toolchain
uses: dtolnay/rust-toolchain@stable

- name: 📦 Cache cargo dependencies
uses: Swatinem/rust-cache@v2

- name: ✅ Cargo Check
run: cargo check --all

- name: 🚨 Cargo Fmt
run: cargo fmt --all -- --check

Expand Down
42 changes: 42 additions & 0 deletions .github/workflows/tauri.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Tauri Check

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
build:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
Comment thread
coderabbitai[bot] marked this conversation as resolved.
with:
persist-credentials: false

- name: Install Rust
uses: dtolnay/rust-toolchain@stable

- name: Install Node
uses: actions/setup-node@v4
Comment on lines +14 to +22

@coderabbitai coderabbitai Bot Jun 19, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify all workflow actions are SHA-pinned (40-hex)
rg -nP '^\s*-\s*uses:\s*[^@\s]+@([0-9a-f]{40}|.+\/.+@.+)$' .github/workflows/*.yml
rg -nP '^\s*-\s*uses:\s*[^@\s]+@(?![0-9a-f]{40}\b).+' .github/workflows/*.yml

Repository: FrilLab/dustfril

Length of output: 125

🏁 Script executed:

cat -n .github/workflows/tauri.yml | sed -n '10,25p'

Repository: FrilLab/dustfril

Length of output: 531

Pin GitHub Actions to full commit SHAs.

Lines 13, 16, and 19 use tag refs (@v4, @stable) instead of immutable commit SHAs. This leaves CI exposed to upstream tag retargeting/supply-chain compromise. Replace each with the full 40-character commit SHA for the corresponding version/tag.

🧰 Tools
🪛 zizmor (1.25.2)

[warning] 13-13: credential persistence through GitHub Actions artifacts (artipacked): does not set persist-credentials: false

(artipacked)

[error] 13-13: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

[error] 16-16: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

[error] 19-19: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/tauri.yml around lines 13 - 19, The GitHub Actions
workflow uses version tags (`@v4`, `@stable`) which are mutable and expose the CI to
supply-chain risks. Replace the tag references in the three action uses
statements (actions/checkout, dtolnay/rust-toolchain, and actions/setup-node)
with their corresponding full 40-character commit SHAs. Lookup the commit SHA
for each tagged version and replace the `@tag` notation with @<full-commit-sha> to
pin each action to an immutable commit reference.

Source: Linters/SAST tools

with:
node-version: 20

- name: Install system dependencies
run: |
sudo apt update
sudo apt install -y \
libgtk-3-dev \
libwebkit2gtk-4.1-dev \
libappindicator3-dev \
librsvg2-dev \
pkg-config

- name: Install frontend deps ci
working-directory: apps/dustfril-tauri
run: npm ci

- name: Check Tauri build (no bundle)
working-directory: apps/dustfril-tauri/src-tauri
run: cargo check
57 changes: 41 additions & 16 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,46 @@
# Generated by Cargo
# will have compiled files and executables
debug
target

# These are backup files generated by rustfmt
**/*.rs.bk
# Rust

# MSVC Windows builds of rustc generate these, which store debugging information
/target
**/*.rs.bk
*.pdb

# Generated by cargo mutants
# Contains mutation testing data
**/mutants.out*/

# RustRover
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
# Node / Frontend

node_modules
dist
dist-ssr
*.local
node_modules/.vite


# Tauri

src-tauri/target
src-tauri/gen


# Logs

*.log
npm-debug.log*
yarn-debug.log*
pnpm-debug.log*


# Editor

.vscode/*
!.vscode/extensions.json
.idea


# OS

.DS_Store


# Misc tools

**/mutants.out*/
Loading
Loading