psa-systems/bunyip
8
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

BUNYIP-58: force real bunyip-api rebuild, guard against oci-build stub leak #76

Merged
nrupard merged 1 commit from fix/bunyip-58-oci-build-stub-leak into main 2026-06-08 20:56:44 +02:00
Conversation 0 Commits 1 Files changed 1 +16
nrupard commented 2026-06-08 20:55:42 +02:00
Owner
Copy link

Fixes BUNYIP-58. The bunyip-api/oci-build/Dockerfile stub-dependency cache could ship the fn main() {} stub instead of the real server: after COPY . ., host mtimes are older than the stub-built artifacts, so cargo judged the workspace up-to-date and skipped the rebuild. That is how v0.2.0 shipped a 557 KB stub binary that execs, returns 0 immediately, never starts the server, and restart-loops silently on nc-01 (no logs, because it never reaches init_tracing).

Changes

  • After COPY . ., find . -name '*.rs' -exec touch {} + so every source is newer than any cached artifact, forcing a real recompile regardless of host mtimes. More robust than the prior rm-the-fingerprints mitigation, which did not hold for v0.2.0.
  • A post-build size guard (own layer) fails the build when target/release/bunyip-api is under 5 MB. A stub is ~0.5 MB; the real server is tens of MB. A future regression now fails loud at build time instead of silently in production.

After merge

Rebuild and republish v0.2.0 (or publish v0.2.1 and repin the deploy compose), verifying the binary is tens of MB. Then nc-01 bunyip-api starts and serves /v1/health. Size-check the sibling PSA tags (bunyip-web, mokosh-server, mokosh-apps) too; bunyip-web's oci-build does not use the stub trick, but the deployed tags should be confirmed.

Verification

A freshly built image, run with no env, must exit non-zero with a missing-DATABASE_URL error (the real Config::from_env), not a silent exit 0.

#BUNYIP-58

Fixes BUNYIP-58. The `bunyip-api/oci-build/Dockerfile` stub-dependency cache could ship the `fn main() {}` stub instead of the real server: after `COPY . .`, host mtimes are older than the stub-built artifacts, so cargo judged the workspace up-to-date and skipped the rebuild. That is how `v0.2.0` shipped a 557 KB stub binary that execs, returns 0 immediately, never starts the server, and restart-loops silently on nc-01 (no logs, because it never reaches `init_tracing`). ## Changes - After `COPY . .`, `find . -name '*.rs' -exec touch {} +` so every source is newer than any cached artifact, forcing a real recompile regardless of host mtimes. More robust than the prior rm-the-fingerprints mitigation, which did not hold for v0.2.0. - A post-build size guard (own layer) fails the build when `target/release/bunyip-api` is under 5 MB. A stub is ~0.5 MB; the real server is tens of MB. A future regression now fails loud at build time instead of silently in production. ## After merge Rebuild and republish `v0.2.0` (or publish `v0.2.1` and repin the deploy compose), verifying the binary is tens of MB. Then nc-01 bunyip-api starts and serves `/v1/health`. Size-check the sibling PSA tags (bunyip-web, mokosh-server, mokosh-apps) too; bunyip-web's oci-build does not use the stub trick, but the deployed tags should be confirmed. ## Verification A freshly built image, run with no env, must exit non-zero with a missing-`DATABASE_URL` error (the real `Config::from_env`), not a silent exit 0. #BUNYIP-58
fix(oci-build): force real bunyip-api rebuild, guard against stub leak
All checks were successful
Create release / Create release from merged PR (pull_request) Has been skipped
Details
Check / fmt / clippy / build / test (pull_request) Successful in 1m45s
Details
73d2cf7e17 
The oci-build stub-dependency cache writes a `fn main() {}` stub, builds it to populate the dependency graph, then COPY . . the real source and rebuilds. COPY . . restores host mtimes older than the stub artifacts, so cargo could judge the workspace up-to-date and ship the stub. That is how v0.2.0 shipped a 557 KB stub that execs, returns 0, and never starts the server, restart-looping silently on nc-01.

Touch all *.rs after COPY . . so every source is newer than any cached artifact, forcing a real recompile regardless of host mtimes. Add a post-build size guard that fails the build when the binary is under 5 MB (a stub is ~0.5 MB, the real server is tens of MB), so a regression fails loud at build time instead of silently in production.

#BUNYIP-58

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
nrupard deleted branch fix/bunyip-58-oci-build-stub-leak 2026-06-08 20:56:44 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
psa-systems/bunyip!76
No description provided.