chore(deps): adopt upstream soldr/zccache/setup-soldr updates

[zackees]

Summary

Brings fbuild in line with the latest releases of soldr, zccache, and setup-soldr (all published 2026-05-22).

• rust-toolchain.toml — add profile = "minimal" to match soldr/zccache
• Cargo.toml — bump zccache-artifact 1.4.0 → 1.8 (API-compatible per semver; verified by cargo check)
• pyproject.toml — bump zccache>=1.2.13 → >=1.8.2
• 9 workflows — migrate deprecated target-cache: true → target-cache-profile: thin-v1 (the modern setup-soldr input)
• flag_escaping_lint.rs — extend allowed_files to cover the post-LOC-split submodules (methods.rs, build.rs, mod.rs); the lint was silently broken on main after the recent board.rs / orchestrator.rs splits

Deferred

running-process-core is not bumped. Published 3.4.x dropped the Containment enum and spawn_with_containment method that fbuild's git-pinned rev relies on; moving off the pin requires refactoring fbuild-core::{subprocess,containment} onto ContainedProcessGroup. Tracked separately.

Test plan

• uv run soldr cargo check --workspace --all-targets — clean
• uv run soldr cargo clippy --workspace --all-targets -- -D warnings — clean
• uv run soldr cargo test --workspace — 534 + supporting tests pass; the previously-broken flag_escaping_lint::escaped_quote_usage_is_restricted now passes too
• CI passes on Linux/macOS/Windows
• CI fmt + docs + msrv workflows succeed with the new setup-soldr inputs

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores

  • Updated GitHub Actions CI/CD workflows with optimized build caching across multiple jobs
  • Upgraded project dependencies including zccache and zccache-artifact packages
  • Updated Rust toolchain configuration to use minimal profile

• Tests

  • Enhanced test validation for escaped quote pattern handling in build flags

[coderabbitai]

Warning

Rate limit exceeded

@zackees has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 41 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 63107327-ab13-4822-b16a-ba2c38bdb4ad

📥 Commits

Reviewing files that changed from the base of the PR and between 0d29481 and 2f7f1a3.

📒 Files selected for processing (10)

• .github/workflows/acceptance-205.yml
• .github/workflows/bench-205.yml
• .github/workflows/check-macos.yml
• .github/workflows/check-ubuntu.yml
• .github/workflows/check-windows.yml
• .github/workflows/docs.yml
• .github/workflows/fmt.yml
• .github/workflows/msrv.yml
• .github/workflows/template_build.yml
• .github/workflows/template_native_build.yml

📝 Walkthrough

Walkthrough

This PR updates GitHub Actions workflow soldr cache configuration from a boolean flag to a named profile (thin-v1) across nine CI workflows, bumps Rust and Python package versions for zccache and zccache-artifact, adds a minimal Rust toolchain profile, and expands test allowlist coverage for escaped-quote patterns in split canonical source files.

Changes

Soldr Cache Profile, Dependency, and Configuration Updates

Layer / File(s)	Summary
GitHub Actions soldr target cache profile updates .github/workflows/acceptance-205.yml, check-macos.yml, check-ubuntu.yml, check-windows.yml, docs.yml, msrv.yml, template_build.yml, template_native_build.yml, bench-205.yml	All nine CI workflows change the soldr setup step from target-cache: true to target-cache-profile: thin-v1 in their action configurations.
Workspace and project dependency version bumps Cargo.toml, pyproject.toml	zccache-artifact workspace dependency is bumped from 1.4.0 to 1.8 with documentation of pinned pre-release rationale and upstream running-process-core API changes; parallel Python project dependency for zccache is upgraded from >=1.2.13 to >=1.8.2.
Rust toolchain profile and test allowlist expansion rust-toolchain.toml, crates/fbuild-build/tests/flag_escaping_lint.rs	Rust toolchain configuration adds profile = "minimal"; test allowlist for escaped-quote usage restrictions is expanded to recognize additional LOC-gated canonical source file locations (methods.rs, build.rs, mod.rs).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Possibly related PRs

• FastLED/fbuild#185: Modifies the same .github/workflows/msrv.yml zackees/setup-soldr step configuration in related toolchain/MSRV context.

Poem

A rabbit hops through workflows bright,
With cache profiles set to thin-v1's light,
Dependencies bumped from old to new,
Toolchain tuned with profiles too. 🐇✨
Fast builds and test coverage grew!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: updating dependencies (soldr, zccache, setup-soldr) with supporting workflow/toolchain configuration updates. It accurately reflects the changeset's primary focus.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/soldr-zccache-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/bench-205.yml (1)

38-43: ⚠️ Potential issue | 🟠 Major

Fix invalid setup-soldr inputs in .github/workflows/bench-205.yml (lines 38-43)

zackees/setup-soldr@v0 docs don’t list target-cache-profile; they list target-cache-mode (values: hot, full, off). Replace target-cache-profile: thin-v1 with the documented input (and value).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/bench-205.yml around lines 38 - 43, Replace the invalid
input key target-cache-profile used in the zackees/setup-soldr@v0 step with the
documented input target-cache-mode and set it to a valid value (e.g.,
target-cache-mode: hot); update the block where setup-soldr is configured (the
step named "Setup soldr") to use target-cache-mode: hot instead of
target-cache-profile: thin-v1.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Cargo.toml`:
- Line 68: The Cargo.toml currently references a non-existent crate version for
zccache-artifact ("1.8"); update the dependency declaration for zccache-artifact
to a published crates.io version (e.g., "1.3.9" or the exact version you want),
or if "1.8" is intentional, add/present the alternate registry or git/source
reference (and its exact URL/revision) so Cargo can resolve it; locate the
zccache-artifact entry in Cargo.toml and replace the version string or add a
registry/git specification accordingly.

---

Outside diff comments:
In @.github/workflows/bench-205.yml:
- Around line 38-43: Replace the invalid input key target-cache-profile used in
the zackees/setup-soldr@v0 step with the documented input target-cache-mode and
set it to a valid value (e.g., target-cache-mode: hot); update the block where
setup-soldr is configured (the step named "Setup soldr") to use
target-cache-mode: hot instead of target-cache-profile: thin-v1.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d8b2481c-52f2-43f2-a729-9e36af8cdc51

📥 Commits

Reviewing files that changed from the base of the PR and between 2f7a132 and 0d29481.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (13)

• .github/workflows/acceptance-205.yml
• .github/workflows/bench-205.yml
• .github/workflows/check-macos.yml
• .github/workflows/check-ubuntu.yml
• .github/workflows/check-windows.yml
• .github/workflows/docs.yml
• .github/workflows/msrv.yml
• .github/workflows/template_build.yml
• .github/workflows/template_native_build.yml
• Cargo.toml
• crates/fbuild-build/tests/flag_escaping_lint.rs
• pyproject.toml
• rust-toolchain.toml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

zccache-artifact 1.8 crates.io release notes

💡 Result:

I couldn’t find any crates.io “release notes” entry or changelog specifically for zccache-artifact v1.8 (e.g., “1.8.0” or “1.8.x”) in the sources I located. What I did find: - The crates.io page for the crate (overall listing) exists, but the version page details I found were for 1.3.8 and 1.3.9, not 1.8.x, and they don’t provide 1.8 release notes in the retrieved results. [1] - docs.rs for zccache_artifact describes the crate’s functionality (disk artifact cache, content-addressed storage, redb index), but it is API docs and not a versioned “1.8 release notes” changelog. [2] - GitHub compares I found are for tags like 1.3.8…1.3.9 and 1.4.7…1.4.8 (again not 1.8.x of zccache-artifact). [3][4] If you meant “zccache” (the overall project) v1.8.0 rather than the Rust crate “zccache-artifact” v1.8, the search results I saw were for PyPI zccache 1.8.0 (not crates.io release notes for zccache-artifact). [5] If you can share the exact version number you mean (e.g., zccache-artifact 1.8.0, 1.8.1, etc.) or a link to the crates.io version page, I can pull the release notes/changelog for that specific version.

Citations:

• 1: https://crates.io/crates/zccache-artifact
• 2: https://crates.io/crates/zccache-artifact/1.3.9
• 3: https://crates.io/crates/zccache-artifact/1.3.8/dependencies
• 4: https://pypi.org/project/zccache/1.8.0/
• 5: zackees/zccache@1.4.7...1.4.8

---

Fix dependency version: zccache-artifact = "1.8" appears not to exist on crates.io

• Looked up results did not show any zccache-artifact 1.8.x version details/release notes; the available retrieved version pages were for zccache-artifact 1.3.8/1.3.9.
• Update Cargo.toml (line 68) to the actually published zccache-artifact version, or provide the exact crates.io version/link (or confirm an alternate registry/source) if 1.8 is intentional.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Cargo.toml` at line 68, The Cargo.toml currently references a non-existent
crate version for zccache-artifact ("1.8"); update the dependency declaration
for zccache-artifact to a published crates.io version (e.g., "1.3.9" or the
exact version you want), or if "1.8" is intentional, add/present the alternate
registry or git/source reference (and its exact URL/revision) so Cargo can
resolve it; locate the zccache-artifact entry in Cargo.toml and replace the
version string or add a registry/git specification accordingly.

[zackees]

@coderabbitai resolving your two comments:

1. Cargo.toml:68 — zccache-artifact = "1.8" (Critical: "appears not to exist on crates.io")

This is a false positive. zccache-artifact 1.8.2 was published to crates.io today (2026-05-22):

$ curl -s https://crates.io/api/v1/crates/zccache-artifact | jq '.crate | {max_version, max_stable_version, updated_at}'
{
  "max_version": "1.8.2",
  "max_stable_version": "1.8.2",
  "updated_at": "2026-05-22T14:28:54.540420Z"
}

Cargo.lock resolves it cleanly, and the workspace check on all three OSes (Linux/macOS/Windows) passes on this PR. Your web search likely hit stale cache. No change needed.

2. .github/workflows/bench-205.yml:38-43 — replace target-cache-profile: thin-v1 with target-cache-mode: hot (Major)

This comment is stale — it was filed against commit 0d29481. I reverted that change two commits ago (commit 1bd3b2b) because the modernized target-cache-profile input triggered a different upstream regression (the new default-on prebuild-deps: cargo-chef introduced in zackees/setup-soldr#140). The current PR head uses the deprecated-but-functional target-cache: true everywhere, plus an explicit prebuild-deps: none to work around the cargo-chef issue. See commit 2f7f1a3.

Both items addressed — proceeding to merge.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# List review comments made by coderabbitai on PR `#253`
gh api repos/FastLED/fbuild/pulls/253/comments --paginate \
  | jq '[.[] | select(.user.login == "coderabbitai") | {id, path, body: .body[:120]}]'

Length of output: 3

---

🏁 Script executed:

#!/bin/bash
# Check review threads
gh api repos/FastLED/fbuild/pulls/253/reviews --paginate \
  | jq '[.[] | select(.user.login == "coderabbitai") | {id, state, body: .body[:120]}]'

echo "---ISSUE COMMENTS---"
gh api repos/FastLED/fbuild/issues/253/comments --paginate \
  | jq '[.[] | select(.user.login == "coderabbitai") | {id, body: .body[:200]}]'

Length of output: 27

---

@zackees: Thanks for the detailed clarification on both points — my previous comments appear to have already been resolved (likely auto-dismissed when the commits were pushed). To summarize:

1. zccache-artifact = "1.8" (false positive) — Confirmed, zccache-artifact 1.8.2 is live on crates.io as of today. My earlier flag was based on stale lookup data. No action needed.

2. bench-205.yml stale comment — Understood. The target-cache-profile: thin-v1 approach was reverted in commit 1bd3b2b due to the upstream prebuild-deps: cargo-chef regression introduced in zackees/setup-soldr#140, and the current head correctly uses target-cache: true + prebuild-deps: none as a workaround. The comment was filed against a superseded commit and should not have persisted.

🐇 ₍ᐢ..ᐢ₎ ♡

---

✏️ Learnings added

Learnt from: zackees
URL: https://github.com/FastLED/fbuild/pull/253

Timestamp: 2026-05-22T21:14:12.156Z
Learning: In the FastLED/fbuild repository, when checking crates.io availability for Rust workspace dependencies (e.g., in Cargo.toml), do not flag a crate version as missing based on cached/stale web search results. Always verify against the live crates.io API before raising a critical comment, especially for crates that may have been published very recently.

---

Learnt from: zackees
URL: https://github.com/FastLED/fbuild/pull/253

Timestamp: 2026-05-22T21:14:12.156Z
Learning: In the FastLED/fbuild repository, the `zackees/setup-soldr` action's `target-cache-profile: thin-v1` input can trigger a regression when the default-on `prebuild-deps: cargo-chef` is active (introduced in zackees/setup-soldr#140). The workaround is to use the deprecated-but-functional `target-cache: true` together with `prebuild-deps: none`. Do not suggest switching to `target-cache-profile` or `target-cache-mode` inputs without checking upstream setup-soldr changelog for regressions.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.