Sets step_name on execution pointers when advancing to next steps,
compensation steps, and parallel branch children so that runtime
consumers can identify steps by name without lookup.
Adds WorkflowBuilder::add_step_typed<S>() for adding named, configured
steps directly — needed for parallel branch closures in the CLI.
Makes wire_outcome() public so callers can wire custom step graphs.
Adds StepBuilder::config() to attach arbitrary JSON configuration to
individual steps, readable at runtime via context.step.step_config.
Bumps version to 1.6.1.
Add wfe-server-protos and wfe-server to workspace members.
Update StepExecutionContext constructions with log_sink: None
in buildkit and containerd test files.
Shell step streaming: when LogSink is present, uses cmd.spawn() with
tokio::select! to interleave stdout/stderr line-by-line. Respects
timeout_ms with child.kill() on timeout. Falls back to buffered mode
when no LogSink.
Security: block sensitive env var overrides (PATH, LD_PRELOAD, etc.)
from workflow data injection. Proper error handling for pipe capture.
4 LogSink regression tests + 2 env var security regression tests.
LogSink trait for real-time step output streaming. Added to
StepExecutionContext as optional field (backward compatible).
Threaded through WorkflowExecutor and WorkflowHostBuilder.
Wired LifecyclePublisher.publish() into executor at 5 points:
StepStarted, StepCompleted, Error, Completed, Terminated.
Also added lifecycle events to host start/suspend/resume/terminate.
Full changelog covering v1.0.0, v1.4.0, and v1.5.0 releases.
Also fix containerd integration test default address to handle
Lima socket forwarding gracefully.
879 tests passing. 88.8% coverage on wfe-rustlang.
Lima wfe-test VM: Alpine with system containerd + BuildKit from apk,
TCP socat proxy for reliable gRPC transport, probes with sudo for
socket permission fixes. 2 core / 4GB / 20GB.
CI pipeline: add wfe-rustlang to feature-tests, package, and publish
steps. Container tests use TCP proxy (http://127.0.0.1:2500) instead
of Unix socket forwarding. Containerd tests set WFE_IO_DIR for shared
filesystem support.
Add rustlang feature flag to wfe-yaml with support for all cargo and
rustup step types (15 total), including cargo-doc-mdx.
Schema additions: output_dir, package, features, all_features,
no_default_features, release, profile, toolchain, extra_args,
components, targets, default_toolchain fields on StepConfig.
Integration tests for compiling all step types from YAML, and
containerd-based end-to-end tests for running Rust toolchain
inside containers from bare Debian images.
Four bugs fixed in the containerd gRPC executor:
- Snapshot parent: resolve image chain ID from content store instead of
using empty parent, which created rootless containers with no binaries
- I/O capture: replace FIFOs with regular files for stdout/stderr since
FIFOs don't work across virtiofs filesystem boundaries (Lima VMs)
- Capabilities: grant Docker-default capability set (SETUID, SETGID,
CHOWN, etc.) when running as root so apt-get and similar tools work
- Shell path: use /bin/sh instead of sh in process args since container
PATH may be empty
Also adds WFE_IO_DIR env var for shared filesystem support with remote
daemons, and documents the remote daemon setup in lib.rs.
External cargo tools (audit, deny, nextest, llvm-cov) auto-install
via cargo install if not found on the system. For llvm-cov, the
llvm-tools-preview rustup component is also installed automatically.
New cargo-doc-mdx step type generates MDX documentation from rustdoc
JSON output. Runs cargo +nightly rustdoc --output-format json, then
transforms the JSON into MDX files with frontmatter, type signatures,
and doc comments grouped by module. Uses the official rustdoc-types
crate for deserialization.
