feat: Add Rust and Cargo support for the BOSH stemcell#680
Conversation
|
Warning Review limit reached
Next review available in: 18 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughChangesA new Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: Pascal Zimmermann <pascal.zimmermann01@sap.com>
7d4dfc4 to
02fa145
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@stemcell_builder/stages/bosh_rust/apply.sh`:
- Around line 11-16: The rustup installation in apply.sh currently uses the
moving stable channel, which makes the stemcell non-reproducible. Update the
rustup-init invocation in the bosh_rust stage to pin an explicit Rust toolchain
version instead of --default-toolchain stable, using the existing apply.sh
script context around run_in_chroot and /tmp/rustup-init.sh. Ensure the chosen
version is fixed and consistent with the intended build environment.
- Around line 8-9: The download in apply.sh uses a predictable fixed path for
rustup-init.sh, which can be pre-created or raced via symlink/TOCTOU in the
chroot. Update the rustup bootstrap step to use a unique temporary file created
with mktemp (or equivalent) inside the chroot, then pass that generated path to
curl_five_times and any subsequent execution/cleanup logic. Keep the change
localized around the rustup-init download flow in apply.sh.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: d4122c8d-67ad-43ce-85b7-94a22d1d3990
📒 Files selected for processing (4)
bosh-stemcell/lib/bosh/stemcell/stage_collection.rbbosh-stemcell/spec/os_image/ubuntu_spec.rbstemcell_builder/stages/bosh_rust/apply.shstemcell_builder/stages/bosh_rust/config.sh
…table tmp path Signed-off-by: Pascal Zimmermann <pascal.zimmermann01@sap.com>
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@bosh-stemcell/spec/os_image/ubuntu_spec.rb`:
- Around line 551-569: The current rust toolchain spec in the ubuntu_spec.rb
checks only that /var/vcap/bosh/bin/cargo and /var/vcap/bosh/bin/rustc exist and
are executable, which can miss broken symlinks. Update the “bosh rust toolchain”
examples to include a functional smoke check on the rustc binary, using the
existing file/command spec style around the rustc assertion so it verifies that
invoking rustc succeeds (for example via a version check) rather than only
checking the symlink type.
In `@stemcell_builder/stages/bosh_rust/apply.sh`:
- Around line 14-19: The path handling in the `apply.sh` heredoc is redundant
and triggers the SC2295 warning because `basename` is applied after an
unnecessary `${rustup_installer#${chroot}}` prefix strip. Update the `installer`
assignment in the `run_in_chroot` script block to derive the filename directly
from `rustup_installer`, and keep the rest of the `chmod`/installer invocation
logic unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: d56d2058-88a9-4f53-9faf-65da64d226b7
📒 Files selected for processing (4)
bosh-stemcell/lib/bosh/stemcell/stage_collection.rbbosh-stemcell/spec/os_image/ubuntu_spec.rbstemcell_builder/stages/bosh_rust/apply.shstemcell_builder/stages/bosh_rust/config.sh
Signed-off-by: Pascal Zimmermann <pascal.zimmermann01@sap.com>
…spec Signed-off-by: Pascal Zimmermann <pascal.zimmermann01@sap.com>
What
Adds a new
bosh_rustOS image stage that installs the Rust toolchain (stable) and Cargo into the stemcell via rustup. After this change, every VM built from this stemcell hascargoandrustcavailable at/var/vcap/bosh/bin/.Why
BOSH releases that need to compile Rust code — for example, building git 2.55 from source using its new Cargo-based credential helper — currently require operators to install the Rust toolchain themselves during pre-start or packaging. Making it available in the base image removes that burden and enables a class of packages that depend on
cargoat build time.Example: git 2.55 from source
git 2.55 introduced
git-credential-oauth, a credential helper written in Rust, as part of its standard build. Without Cargo in the image,make installfails during the Rust compilation step:With this change, a BOSH release packaging git 2.55 from source works without any additional toolchain setup —
cargoandcc(already present viabuild-essential) are both available in the stemcell environment.How
A new stage
bosh_rustis registered inubuntu_os_stagesimmediately afterbase_ubuntu_packages(which installsca-certificates, required for rustup's TLS connections tosh.rustup.rsandstatic.rust-lang.org). The stage:rustup-init.shfromhttps://sh.rustup.rswith 5-retry resilience viacurl_five_timesRUSTUP_HOME=/var/vcap/bosh/rustupandCARGO_HOME=/var/vcap/bosh/cargo/var/vcap/bosh/bin/and symlinkscargoandrustcinto it so they're on the PATH BOSH jobs inheritThe toolchain stays under
/var/vcap/bosh/alongside other BOSH-managed binaries.--no-modify-pathis passed so rustup does not touch shell profiles inside the chroot.Test plan
Verified locally via
docker run --privileged bosh/os-image-stemcell-builder:jammy— 377 examples, 0 failures.bosh_ruststage/var/vcap/bosh/bin/cargoexists and is executable/var/vcap/bosh/bin/rustcexists and is executable/var/vcap/bosh/cargodirectory present (rustup toolchain home)/var/vcap/bosh/rustupdirectory present (rustup metadata home)