ci: clean up CI workflows and fix WSL2 Docker on Windows#604
Merged
Conversation
The macOS runner image pre-taps aws/tap and azure/bicep. Homebrew now emits an "untrusted taps" warning on every `brew install` — including the `brew install bash` inside setup-rust-toolchain, which is why even the unit-tests job warns. We use nothing from those taps (softhsm/mitmproxy and bash all come from homebrew/core), so untap them once up front, before any brew call, in both macOS jobs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ock it brew refuses to untap a tap that has an installed formula without --force, so the previous one-liner untapped aws/tap but left azure/bicep (which ships bicep). The 2>/dev/null also hid the "Refusing to untap" error. Add --force, split to one tap per line so a future missing tap can't abort the other, and drop the stderr suppression so real failures surface. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
--force untapped azure/bicep but printed "even though it contains the following installed formulae or casks: bicep". Uninstall bicep (the only formula installed from these taps, and unused by us) first, then untap both taps cleanly without --force. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
setup-wsl v7 provisions the Ubuntu rootfs with systemd enabled, so `apt-get install docker.io` auto-starts docker.service, which holds /var/run/docker.pid and blocks our manual tcp-only dockerd (the one the Windows-side tests connect to). Stop the service and clear the pid file first. On a non-systemd image systemctl is absent, so this is a no-op. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Every test file gets its own Windows job, and all ~30 of them ran the WSL2 + dockerd setup (~1 min each), but only 4 test files use Docker. Add a needs_docker flag to the matrix (true for the Docker-backed test files) and gate the Setup WSL2 / Setup Docker steps on it, skipping the setup on the 26 Windows jobs that never touch Docker. Linux uses preinstalled Docker so the flag is a no-op there; macOS has no Docker steps. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lwshang
changed the title
lwshang
changed the title
--verbose is a cargo flag that prints the full rustc/clippy-driver command line for every crate compiled, flooding the log without adding any lint detail (diagnostics are printed regardless). Removing it keeps the actual clippy errors easy to find. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…Docker" This reverts commit 4bf2a63. The needs_docker gating rested on a wrong assumption. On Windows the local test network itself runs as a Docker container (the native network launcher ships only for darwin/linux), so Docker is the default network backend there -- see network/config.rs: "A Docker container (used on Windows or when explicitly configured)". That means essentially any test that starts a network needs the WSL2+Docker setup, not just the handful of Docker-network test files, so gating it broke many Windows jobs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lwshang
changed the title
There was a problem hiding this comment.
Pull request overview
This PR performs a maintenance cleanup of GitHub Actions CI to remove recurring warnings and to restore Windows WSL2-based Docker functionality after bumping the Vampire/setup-wsl action to v7.
Changes:
- Adds a macOS-only Homebrew “untap unused taps” step to eliminate “untrusted tap” warnings during any
brew install. - Updates CI action pins (
Vampire/setup-wslto v7.0.0 andt1m0thyj/unlock-keyringto v1.2.0) to address Node runtime deprecation warnings. - Fixes WSL2 Docker initialization by stopping systemd’s Docker units (when present) and removing the stale pid file before starting the tcp-only
dockerd.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/test.yml | Adds macOS Homebrew untap step, bumps action pins, and updates WSL setup to v7 for Windows jobs. |
| .github/workflows/checks.yml | Reduces lint log verbosity by removing cargo clippy --verbose. |
| .github/scripts/init-docker.sh | Stops systemd-managed Docker (if present) and clears pid file before launching tcp-only dockerd in WSL2. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Replace dfinity/setup-mops with a direct `curl … cli.mops.one/install.sh` call. For our usage the action just wrapped this same script with a Linux/macOS-only package cache and two Node 20 actions (setup-node@v4, cache@v4), which were the remaining "Node.js 20 deprecation" warning at the Complete job step. - Gate mops to non-Windows: the Motoko (moc) tests that need it are all #[cfg(unix)], so Windows never used it. - Fold each tool's verify (which + --version) into its install step, so mops and ic-wasm are one step each instead of two. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
marc0olo
approved these changes
Jun 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Maintenance pass on the CI workflows. The goal was clearing two classes of CI warnings; bumping
setup-wslto v7 then surfaced a Windows Docker regression, which is fixed here too.Silence CI warnings
Vampire/setup-wsl→ v7.0.0 andt1m0thyj/unlock-keyring→ v1.2.0 (Node 24 runtime);dfinity/setup-mops, which transitively pulled inactions/setup-node@v4+actions/cache@v4(both Node 20) — the warning still showing at the "Complete job" step. mops is now installed directly viacurl … cli.mops.one/install.sh(the same thing the action did for us, minus a Linux/macOS-only cache).aws/tapandazure/bicep, which Homebrew now flags on everybrew install(including the one insidesetup-rust-toolchain, so even the unit-tests job warned). We use neither, so before any brew call we uninstallbicep(the only installed formula from those taps) and untap both — cleanly, without--force(which untaps but re-warns).Fix: Docker daemon in WSL2 (regression from the setup-wsl v7 bump)
setup-wsl v7 provisions the Ubuntu rootfs with systemd enabled, so
apt-get install docker.ionow auto-startsdocker.service, which holds/var/run/docker.pidand blocked our manual tcp-onlydockerd(the daemon the Windows-side tests connect to).init-docker.shnow stops the systemd service and clears the pid file before launching the tcp daemon. On a non-systemd imagesystemctlis absent, so it's a no-op.Reduce noise & simplify
--verbosefrom thecargo clippylint step inchecks.yml— a cargo flag that prints the full rustc/clippy-driver command line for every compiled crate, flooding the log without adding any lint detail.which+--version) into its install step, so mops and ic-wasm are one step each instead of two. mops is also skipped on Windows, since the Motoko (moc) tests that need it are all#[cfg(unix)].An earlier commit tried gating WSL2+Docker setup to only the Windows jobs that "need" Docker, but on Windows the local test network itself runs as a Docker container, so nearly all tests need it — that change was reverted.
🤖 Generated with Claude Code