apunkt/omnigraph
1
0
Fork 0
mirror of https://github.com/ModernRelay/omnigraph.git synced 2026-06-12 01:45:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Merge pull request #178 from ModernRelay/ci/pin-rustfs-beta8

Browse source 
ci: pin RustFS to 1.0.0-beta.8
This commit is contained in:
Andrew Altshuler 2026-06-10 19:10:30 +03:00 committed by GitHub
commit e8833ef980
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 14 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/ci.yml vendored
View file

@ -306,14 +306,12 @@ jobs:
. -> target
- name: Start RustFS
# Pinned to 1.0.0-beta.3 (2026-05-14) — the last known-good tag.
# `rustfs/rustfs:latest` (1.0.0-beta.4, 2026-05-21) added a
# credentials-policy check that refuses to start when
# AWS_ACCESS_KEY_ID/SECRET_ACCESS_KEY are values it considers
# "default" (rustfsadmin/rustfsadmin in our case). Bumping to
# beta.4+ requires either rotating those creds to less-default
# values or setting RUSTFS_ALLOW_INSECURE_DEFAULT_CREDENTIALS=true
# — deliberate work, not an emergency. Pin first; upgrade later.
# Pinned to 1.0.0-beta.8 (2026-06-10). beta.4+ refuses "default"
# credentials (rustfsadmin/rustfsadmin) unless
# RUSTFS_ALLOW_INSECURE_DEFAULT_CREDENTIALS=true is set — fine for
# an ephemeral CI container. The three S3 suites were validated
# against the beta.8 binary locally before this bump. Keep the pin
# explicit (never `latest`) so upgrades are deliberate.
run: |
docker rm -f rustfs >/dev/null 2>&1 || true
docker run -d \
@ -322,7 +320,8 @@ jobs:
-p 9001:9001 \
-e RUSTFS_ACCESS_KEY="${AWS_ACCESS_KEY_ID}" \
-e RUSTFS_SECRET_KEY="${AWS_SECRET_ACCESS_KEY}" \
rustfs/rustfs:1.0.0-beta.3 \
-e RUSTFS_ALLOW_INSECURE_DEFAULT_CREDENTIALS=true \
rustfs/rustfs:1.0.0-beta.8 \
/data
- name: Install AWS CLI

14
scripts/local-rustfs-bootstrap.sh
View file

@ -6,14 +6,12 @@ SOURCE_REF="${SOURCE_REF:-main}"
RELEASE_CHANNEL="${RELEASE_CHANNEL:-edge}"
WORKDIR="${WORKDIR:-$PWD/.omnigraph-rustfs-demo}"
RUSTFS_CONTAINER_NAME="${RUSTFS_CONTAINER_NAME:-omnigraph-rustfs-demo}"
# Pinned to 1.0.0-beta.3 (2026-05-14) — the last known-good tag, matching CI
# (.github/workflows/ci.yml). `rustfs/rustfs:latest` (1.0.0-beta.4, 2026-05-21)
# added a credentials-policy check that refuses to start when the access/secret
# keys are values it considers "default" (rustfsadmin/rustfsadmin here). This
# script still works on beta.4+ because it passes
# RUSTFS_ALLOW_INSECURE_DEFAULT_CREDENTIALS=true below — so overriding
# RUSTFS_IMAGE to a newer tag is safe.
RUSTFS_IMAGE="${RUSTFS_IMAGE:-rustfs/rustfs:1.0.0-beta.3}"
# Pinned to 1.0.0-beta.8 (2026-06-10), matching CI (.github/workflows/ci.yml).
# beta.4+ has a credentials-policy check that refuses to start when the
# access/secret keys are values it considers "default" (rustfsadmin/rustfsadmin
# here); this script passes RUSTFS_ALLOW_INSECURE_DEFAULT_CREDENTIALS=true
# below, so overriding RUSTFS_IMAGE to another tag is safe.
RUSTFS_IMAGE="${RUSTFS_IMAGE:-rustfs/rustfs:1.0.0-beta.8}"
RUSTFS_DATA_DIR="${RUSTFS_DATA_DIR:-$WORKDIR/rustfs-data}"
BUCKET="${BUCKET:-omnigraph-local}"
PREFIX="${PREFIX:-repos/context}"