- Pin all jobs to ubuntu-22.04 runner
- Use curl -sfL with secrets.GITEATOKEN for checkout
- Switch checkout URL to https://gitea-lxc.moon-dragon.us
- Install rustup with --default-toolchain stable --profile minimal
- Add cargo bin to GITHUB_PATH instead of sourcing per-step
- Enforce clippy -D warnings
- Ignore RUSTSEC-2025-0134 in cargo audit
- Pass GITEA_TOKEN via env for release step
- Changed runs-on from 'linux' to 'ubuntu-latest' for all jobs
- Uses ubuntu-latest:docker://ubuntu:24.04 runner label
- Each job runs in a fresh Ubuntu 24.04 container
- Removed all PATH hacks, conditional sudo, and absolute paths
- Ubuntu containers run as root (no sudo needed)
- Standard commands work without PATH modifications
- Added GITHUB_REPOSITORY fallback for checkout
- act_runner host executor doesn't inherit PATH from workflow env or export
- All system commands now use absolute paths: /usr/bin/apt-get, /usr/bin/curl, etc.
- Removed all export PATH lines (were ineffective)
- Fixes 'apt-get: command not found' and 'curl: command not found' errors
- The global env: PATH variable doesn't propagate to act_runner shell scripts
- Added export PATH=... at the start of every run: block
- Fixes 'apt-get: command not found' and 'curl: command not found' errors
- Removed global PATH from env: section (was ineffective)
- Added global PATH env variable with all standard paths
- Fixes apt-get/curl 'command not found' errors in job execution context
- Fixed broken YAML where if: and run: merged on one line
- Cleaned up all per-step PATH exports (now global)
- Some jobs run as root (no sudo needed), others as echo user (sudo required)
- Added SUDO detection: SUDO=; [ 0 -ne 0 ] && SUDO=sudo
- Fixed remaining unfixed apt-get call in build-and-release job
- sudo not available in all execution contexts
- /root/.cache/act/ workspace indicates root user execution
- apt-get works directly without sudo when running as root
- rust-format job failed because curl was not available for checkout
- Added 'Install checkout dependencies' step (curl, ca-certificates) to all jobs
- Fixed duplicate steps block in rust-test job
- Merged build.yml into ci.yml - single source of truth
- Quality gates (format, clippy, test, audit, lint) run on every push/PR/tag
- Build & Release job only runs on v* tag pushes
- Build & Release depends on ALL quality gates passing
- Deleted build.yml - no more split workflow confusion
- Added rustfmt.toml, clippy.toml, eslint.config.js configs
