ci(toolchain): pin nightly to 2026-07-11 while upstream nightly ICEs (REQ-267)#707
Merged
Conversation
…(REQ-267) Nightlies from 2026-07-14 on ICE the compiler while building rivet-core (rustc panic in rustc_ast/src/attr/mod.rs, exit 104), reddening every nightly job repo-wide — both Miri jobs, Code Coverage, and Fuzz — and masking the Miri UB/safety signal. Core gates (Test/Clippy/Format) stayed green so main was healthy, but CI read red and merges had to --admin past the cluster. Pin all four `dtolnay/rust-toolchain@nightly` uses to `@nightly-2026-07-11` (the last main run where the Miri job passed) so they keep ENFORCING on a working compiler rather than being disabled. Unpin to @nightly once a newer nightly stops ICEing. Kani's exit-143 failures are a separate runner-shutdown flake, unaffected by this. CI-config only — the shipped binary is unchanged, so no version bump. Confirmed ci.yml parses and `rivet validate` PASS. Refs: REQ-267
📐 Rivet artifact delta
Graphgraph LR
REQ_267["REQ-267"]:::added
classDef added fill:#d4edda,stroke:#28a745,color:#155724
classDef removed fill:#f8d7da,stroke:#dc3545,color:#721c24
classDef modified fill:#fff3cd,stroke:#ffc107,color:#856404
classDef overflow fill:#e2e3e5,stroke:#6c757d,color:#495057,stroke-dasharray: 3 3
Added
Posted by |
… git-ref
The previous commit pinned via `dtolnay/rust-toolchain@nightly-2026-07-11`,
but `@X` is the ACTION's git ref (branch/tag of dtolnay/rust-toolchain), so it
failed to resolve ("unable to find version nightly-2026-07-11"). Correct form
is `@master` with the dated toolchain as the `toolchain:` input; the two Miri
jobs keep their `components: miri`. Still REQ-267 (pin to last-good nightly
while upstream ICEs).
Trace: skip
…ly jobs (REQ-267) Automated security review flagged `@master` as an unpinned third-party action. Pin the 4 nightly jobs' action ref to a full commit SHA (fa04a1451ff1842e2626ccb99004d0195b455a88, dtolnay/rust-toolchain 2026-06-30) so the action code is deterministic; the dated toolchain (nightly-2026-07-11) stays in the `with: toolchain:` input. `@master` was required (not `@stable`/ `@nightly`) because only the master branch honours an arbitrary `toolchain:` override — SHA-pinning it removes the mutable-ref risk. (The rest of the file's @stable/@nightly dtolnay refs are a pre-existing repo convention; a repo-wide SHA-pin sweep is a separate hardening task.) Trace: skip
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Pins the four
dtolnay/rust-toolchain@nightlyuses (Code Coverage, Miri safety-surface, Miri full, Fuzz) to@nightly-2026-07-11— the last main run where the Miri job passed.Why
Nightlies from 2026-07-14 onward ICE the compiler building
rivet-core(rustc panic at rustc_ast/src/attr/mod.rs, exit 104), reddening every nightly job repo-wide and masking the Miri UB/safety signal. The core gates (Test/Clippy/Format) stayed green — so main was healthy, but every PR's CI read red and had to--admin-merge past the cluster. Pinning keeps these jobs enforcing on a working compiler instead of disabling them.Unpin back to
@nightlyonce a newer nightly stops ICEing (retry periodically). Kani's exit-143 failures are a separate runner-shutdown flake, untouched here.CI-config only — no version bump (shipped binary unchanged).
Expected effect: Miri (safety) + Code Coverage go green on this PR; Kani may still show exit-143 (unrelated infra).
Refs: REQ-267
🤖 Generated with Claude Code