Skip to content

ci(toolchain): pin nightly to 2026-07-11 while upstream nightly ICEs (REQ-267)#707

Merged
avrabe merged 3 commits into
mainfrom
fix/req-267-pin-nightly-toolchain
Jul 15, 2026
Merged

ci(toolchain): pin nightly to 2026-07-11 while upstream nightly ICEs (REQ-267)#707
avrabe merged 3 commits into
mainfrom
fix/req-267-pin-nightly-toolchain

Conversation

@avrabe

@avrabe avrabe commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

What

Pins the four dtolnay/rust-toolchain@nightly uses (Code Coverage, Miri safety-surface, Miri full, Fuzz) to @nightly-2026-07-11 — the last main run where the Miri job passed.

Why

Nightlies from 2026-07-14 onward ICE the compiler building rivet-core (rustc panic at rustc_ast/src/attr/mod.rs, exit 104), reddening every nightly job repo-wide and masking the Miri UB/safety signal. The core gates (Test/Clippy/Format) stayed green — so main was healthy, but every PR's CI read red and had to --admin-merge past the cluster. Pinning keeps these jobs enforcing on a working compiler instead of disabling them.

Unpin back to @nightly once a newer nightly stops ICEing (retry periodically). Kani's exit-143 failures are a separate runner-shutdown flake, untouched here.

CI-config only — no version bump (shipped binary unchanged).

Expected effect: Miri (safety) + Code Coverage go green on this PR; Kani may still show exit-143 (unrelated infra).

Refs: REQ-267

🤖 Generated with Claude Code

…(REQ-267)

Nightlies from 2026-07-14 on ICE the compiler while building rivet-core (rustc
panic in rustc_ast/src/attr/mod.rs, exit 104), reddening every nightly job
repo-wide — both Miri jobs, Code Coverage, and Fuzz — and masking the Miri
UB/safety signal. Core gates (Test/Clippy/Format) stayed green so main was
healthy, but CI read red and merges had to --admin past the cluster.

Pin all four `dtolnay/rust-toolchain@nightly` uses to `@nightly-2026-07-11`
(the last main run where the Miri job passed) so they keep ENFORCING on a
working compiler rather than being disabled. Unpin to @nightly once a newer
nightly stops ICEing. Kani's exit-143 failures are a separate runner-shutdown
flake, unaffected by this.

CI-config only — the shipped binary is unchanged, so no version bump.
Confirmed ci.yml parses and `rivet validate` PASS.

Refs: REQ-267
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

📐 Rivet artifact delta

Change Count
Added 1
Removed 0
Modified 0
Downstream impacted (depth ≤ 5) 0

Graph

graph LR
  REQ_267["REQ-267"]:::added
  classDef added fill:#d4edda,stroke:#28a745,color:#155724
  classDef removed fill:#f8d7da,stroke:#dc3545,color:#721c24
  classDef modified fill:#fff3cd,stroke:#ffc107,color:#856404
  classDef overflow fill:#e2e3e5,stroke:#6c757d,color:#495057,stroke-dasharray: 3 3
Loading
Added
  • REQ-267

📎 Full HTML dashboard attached as workflow artifact rivet-delta-pr-707download from the workflow run.

Posted by rivet-delta workflow. The graph shows only changed artifacts; open the HTML dashboard (above) for full context.

avrabe added 2 commits July 15, 2026 23:24
… git-ref

The previous commit pinned via `dtolnay/rust-toolchain@nightly-2026-07-11`,
but `@X` is the ACTION's git ref (branch/tag of dtolnay/rust-toolchain), so it
failed to resolve ("unable to find version nightly-2026-07-11"). Correct form
is `@master` with the dated toolchain as the `toolchain:` input; the two Miri
jobs keep their `components: miri`. Still REQ-267 (pin to last-good nightly
while upstream ICEs).

Trace: skip
…ly jobs (REQ-267)

Automated security review flagged `@master` as an unpinned third-party action.
Pin the 4 nightly jobs' action ref to a full commit SHA
(fa04a1451ff1842e2626ccb99004d0195b455a88, dtolnay/rust-toolchain 2026-06-30)
so the action code is deterministic; the dated toolchain (nightly-2026-07-11)
stays in the `with: toolchain:` input. `@master` was required (not `@stable`/
`@nightly`) because only the master branch honours an arbitrary `toolchain:`
override — SHA-pinning it removes the mutable-ref risk. (The rest of the file's
@stable/@nightly dtolnay refs are a pre-existing repo convention; a repo-wide
SHA-pin sweep is a separate hardening task.)

Trace: skip
@codecov

codecov Bot commented Jul 15, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@avrabe
avrabe merged commit bfb1efe into main Jul 15, 2026
30 checks passed
@avrabe
avrabe deleted the fix/req-267-pin-nightly-toolchain branch July 15, 2026 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant