ci(driver-deps): fork-friendly vmouse fetch via public mirror + non-fatal mode#662
Merged
Conversation
…atal mode Fork PRs (e.g. external CVE backports) cannot access org-scoped secrets, so the private repo AlkaidLab/ZakoVirtualMouse download for the vmouse driver fails and aborts CMake configure with FATAL_ERROR. This blocked CI on PR #659 (CVE-2025-54081) even though the patch itself was unrelated to the driver pipeline. Two layered fixes: 1. Public mirror first (cmake/packaging/FetchDriverDeps.cmake): - New cache var VMOUSE_PUBLIC_REPO (default AlkaidLab/zako-vmouse-release). - _fetch_vmouse() now tries the public mirror via plain browser_download_url (no auth) before falling back to the private repo's GitHub API path. Public mirror release tag and asset filenames must match VMOUSE_DRIVER_VERSION. 2. Graceful degradation (DRIVER_DEPS_REQUIRED option): - New option DRIVER_DEPS_REQUIRED (default ON, preserves existing behavior). - When OFF, missing driver files become WARNING instead of FATAL_ERROR, per-driver _CHECK_DRIVER_AVAILABLE cache var is set, and packaging skips the affected driver entirely. - windows.cmake gates each driver's install(FILES ...) on its availability flag. - sunshine.iss.in adds 'skipifsourcedoesntexist' to the vmouse driver wildcard so Inno doesn't abort when the dir is empty. 3. Workflow (.github/workflows/main.yml): - Build Windows step now passes -DDRIVER_DEPS_REQUIRED=${DRIVER_DEPS_REQUIRED}, which evaluates to OFF only when github.event_name == 'pull_request' && head repo is a fork. All other triggers (push, internal PR, release) stay ON. Net effect: fork PRs configure/build/package successfully (just without the vmouse component); internal PRs and release builds are unchanged.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
🧰 Additional context used📓 Path-based instructions (1)cmake/**⚙️ CodeRabbit configuration file
Files:
🔇 Additional comments (4)
Summary by CodeRabbit
Walkthrough为 Windows CI 与打包流程添加 DRIVER_DEPS_REQUIRED 开关(fork PR 可设为 OFF),FetchDriverDeps 优先尝试公共镜像再回退私有仓库,并通过 per-driver 可用性标志条件化安装或跳过驱动文件,安装脚本在源缺失时跳过条目。 更改内容驱动依赖可选化与公共镜像回退
Sequence DiagramsequenceDiagram
participant GHA as GitHub Actions
participant CMake as CMake 配置
participant FetchDeps as FetchDriverDeps.cmake
participant Check as _check_driver
participant Installer as windows.cmake / Inno Setup
GHA->>CMake: 设置 DRIVER_DEPS_REQUIRED (OFF for fork, ON otherwise)
CMake->>FetchDeps: 调用 FetchDriverDeps 并传入 DRIVER_DEPS_REQUIRED
FetchDeps->>FetchDeps: 尝试从 VMOUSE_PUBLIC_REPO 下载 vmouse 资产
alt 公共镜像下载成功
FetchDeps->>Check: 补齐后继续
else 公共镜像失败且无 GITHUB_TOKEN
FetchDeps->>Check: 发出 WARNING 并返回
else 公共镜像失败且有 GITHUB_TOKEN
FetchDeps->>FetchDeps: 回退到私有仓库通过 GitHub API 下载
end
FetchDeps->>Check: 对每个驱动调用 _check_driver,设置 *_DRIVER_AVAILABLE 标志或触发 FATAL/WARNING
Check->>Installer: Installer 根据 *_DRIVER_AVAILABLE 条件化安装或跳过文件
Installer->>Installer: Inno Setup 跳过缺失源目录的 vmouse 条目 (skipifsourcedoesntexist)
相关 PR
🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@cmake/packaging/FetchDriverDeps.cmake`:
- Around line 331-334: The current _check_driver calls only verify ZakoVDD.dll
and thus report availability even when driver package files are missing; update
the checks to require the full installer set by either extending _check_driver
to accept multiple expected file paths or by invoking it with all required files
(ZakoVDD.dll, the .inf, .cat and .cer) for both VDD_DRIVER_DIR and
VDD_WIN10_DRIVER_DIR, and ensure the availability flags VDD_DRIVER_AVAILABLE and
VDD_WIN10_DRIVER_AVAILABLE only become true if every required file exists so
install(FILES ...) won't fail later.
🪄 Autofix (Beta)
✅ Autofix completed
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 0ba8c7cb-b4ce-4739-bb4c-f444916ac3f0
📒 Files selected for processing (4)
.github/workflows/main.ymlcmake/packaging/FetchDriverDeps.cmakecmake/packaging/sunshine.iss.incmake/packaging/windows.cmake
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Windows
🧰 Additional context used
📓 Path-based instructions (1)
cmake/**
⚙️ CodeRabbit configuration file
cmake/**: CMake 构建系统文件。审查跨平台兼容性、现代 CMake 实践。
Files:
cmake/packaging/sunshine.iss.incmake/packaging/windows.cmakecmake/packaging/FetchDriverDeps.cmake
🔇 Additional comments (4)
.github/workflows/main.yml (1)
197-201: LGTM!Also applies to: 211-211
cmake/packaging/FetchDriverDeps.cmake (1)
35-36: LGTM!Also applies to: 47-48, 149-179, 301-326
cmake/packaging/windows.cmake (1)
68-83: LGTM!Also applies to: 90-97
cmake/packaging/sunshine.iss.in (1)
231-231: LGTM!
|
Note Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it. Fixes Applied SuccessfullyFixed 1 file(s) based on 1 unresolved review comment. Files modified:
Commit: The changes have been pushed to the Time taken: |
Fixed 1 file(s) based on 1 unresolved review comment. Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
qiin2333
added a commit
that referenced
this pull request
May 19, 2026
…atal mode (#662) * ci(driver-deps): fork-friendly vmouse fetch via public mirror + non-fatal mode Fork PRs (e.g. external CVE backports) cannot access org-scoped secrets, so the private repo AlkaidLab/ZakoVirtualMouse download for the vmouse driver fails and aborts CMake configure with FATAL_ERROR. This blocked CI on PR #659 (CVE-2025-54081) even though the patch itself was unrelated to the driver pipeline. Two layered fixes: 1. Public mirror first (cmake/packaging/FetchDriverDeps.cmake): - New cache var VMOUSE_PUBLIC_REPO (default AlkaidLab/zako-vmouse-release). - _fetch_vmouse() now tries the public mirror via plain browser_download_url (no auth) before falling back to the private repo's GitHub API path. Public mirror release tag and asset filenames must match VMOUSE_DRIVER_VERSION. 2. Graceful degradation (DRIVER_DEPS_REQUIRED option): - New option DRIVER_DEPS_REQUIRED (default ON, preserves existing behavior). - When OFF, missing driver files become WARNING instead of FATAL_ERROR, per-driver _CHECK_DRIVER_AVAILABLE cache var is set, and packaging skips the affected driver entirely. - windows.cmake gates each driver's install(FILES ...) on its availability flag. - sunshine.iss.in adds 'skipifsourcedoesntexist' to the vmouse driver wildcard so Inno doesn't abort when the dir is empty. 3. Workflow (.github/workflows/main.yml): - Build Windows step now passes -DDRIVER_DEPS_REQUIRED=${DRIVER_DEPS_REQUIRED}, which evaluates to OFF only when github.event_name == 'pull_request' && head repo is a fork. All other triggers (push, internal PR, release) stay ON. Net effect: fork PRs configure/build/package successfully (just without the vmouse component); internal PRs and release builds are unchanged. * fix: apply CodeRabbit auto-fixes Fixed 1 file(s) based on 1 unresolved review comment. Co-authored-by: CodeRabbit <noreply@coderabbit.ai> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Fork PRs (e.g. external CVE backports like #659) cannot access org-scoped secrets in GitHub Actions. CMake configure downloads the vmouse driver from the private repo
AlkaidLab/ZakoVirtualMouseand aborts withFATAL_ERRORwhen noGITHUB_TOKENis available, blocking the entire Windows build:Observed on run 26000570915 (PR #659, unrelated CVE backport).
Fix
1. Public mirror first
VMOUSE_PUBLIC_REPO(defaultAlkaidLab/zako-vmouse-release)._fetch_vmouse()first tries the public mirror via plainbrowser_download_url(no auth); falls back to the private API path only ifGITHUB_TOKENis set.2. Graceful degradation (
DRIVER_DEPS_REQUIREDoption)DRIVER_DEPS_REQUIRED(defaultON— preserves existing behavior).OFF, per-driver missing files becomeWARNINGand a<NAME>_DRIVER_AVAILABLEcache flag is set toFALSE.windows.cmakegates each driver'sinstall(FILES ...)block on its availability flag.sunshine.iss.inaddsskipifsourcedoesntexistto the vmouse driver wildcard.3. Workflow
Build Windowsnow passes-DDRIVER_DEPS_REQUIRED=${DRIVER_DEPS_REQUIRED}, evaluating toOFFonly for PRs from forks. All other triggers stayON.Effect
Validation
Locally exercised both paths:
-DDRIVER_DEPS_REQUIRED=ONwith vmouse cached → normal config-DDRIVER_DEPS_REQUIRED=OFFwith no token, public mirror empty → WARNING, configure completesFollow-up
Populate
AlkaidLab/zako-vmouse-releasewith the v1.2.0 assets (or whateverVMOUSE_DRIVER_VERSIONpoints to) so fork PRs get a full installer.