From c53095812577c48856ea2a35aefb221751585f8b Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 13:24:57 +0800 Subject: [PATCH 01/13] Update DockerSettings.yaml --- docker/DockerSettings.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml index 7b4a9af7..9a896999 100644 --- a/docker/DockerSettings.yaml +++ b/docker/DockerSettings.yaml @@ -6,7 +6,7 @@ vault_image_digest: "sha256:062fcf0d5dc37247dae61b0ee1ba5d20f9296e290d7ad1f6114e # https://github.com/tonistiigi/xx | https://hub.docker.com/r/tonistiigi/xx/tags xx_image_digest: "sha256:c64defb9ed5a91eacb37f96ccc3d4cd72521c4bd18d5442905b95e2226b0e707" rust_version: 1.93.1 # Rust version to be used -debian_version: trixie # Debian release name to be used +debian_version: bookworm # Debian release name to be used alpine_version: "3.23" # Alpine version to be used # For which platforms/architectures will we try to build images platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] From cd1dabe9e323c1bcfcea9ddb37358ff1f16f2e9f Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 13:47:59 +0800 Subject: [PATCH 02/13] Fix conditional tag handling in release workflow --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 193272b0..a2e84500 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -102,8 +102,9 @@ jobs: # 如果有旧 Tag,生成 "Tag-CommitHash" 格式 echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" else - echo "SOURCE_VERSION=${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" - echo "⚠️ No tags found in repository. Using version: dev-${SOURCE_COMMIT:0:8}" + echo "SOURCE_VERSION=${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" + echo "⚠️ No tags found in repository. Using version: dev-${SOURCE_COMMIT:0:8}" + fi fi # Login to Docker Hub From 2b6f59c235bf3a978eefd40f52a2f8a8267f1fda Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 13:52:22 +0800 Subject: [PATCH 03/13] Disable image output in release.yml Comment out image output configuration in release workflow --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a2e84500..fb995347 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -205,7 +205,7 @@ jobs: *.platform=linux/${{ matrix.arch }} ${{ env.TAGS }} *.output=type=local,dest=./output - *.output=type=image,push-by-digest=true,name-canonical=true,push=true + # *.output=type=image,push-by-digest=true,name-canonical=true,push=true - name: Extract digest SHA env: From 69a3e6d0d928a256caa1f9385c2d57009dd29354 Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 13:53:34 +0800 Subject: [PATCH 04/13] Comment out image output in release.yml Comment out the image output configuration in the release workflow. --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fb995347..14d8483c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -205,7 +205,6 @@ jobs: *.platform=linux/${{ matrix.arch }} ${{ env.TAGS }} *.output=type=local,dest=./output - # *.output=type=image,push-by-digest=true,name-canonical=true,push=true - name: Extract digest SHA env: From f6f2d670e9ffa99897cee16f585aa8276d2d4b19 Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 13:56:22 +0800 Subject: [PATCH 05/13] Update release.yml --- .github/workflows/release.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 14d8483c..158434f3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -200,8 +200,6 @@ jobs: files: docker/docker-bake.hcl targets: "${{ matrix.base_image }}-multi" set: | - *.cache-from=${{ env.BAKE_CACHE_FROM }} - *.cache-to=${{ env.BAKE_CACHE_TO }} *.platform=linux/${{ matrix.arch }} ${{ env.TAGS }} *.output=type=local,dest=./output From bf7a327e6c5ffc6ebe1442554ad10a1bd846c39f Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 14:55:56 +0800 Subject: [PATCH 06/13] Implement minimal artifact preparation and upload Add steps to prepare and upload a minimal artifact. --- .github/workflows/release.yml | 81 +++++++++++++++++++++++++++++++---- 1 file changed, 73 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 158434f3..541ddb30 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -162,13 +162,13 @@ jobs: run: | # # Check if there is a GitHub Container Registry Login and use it for caching - if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then - echo "BAKE_CACHE_FROM=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH}" | tee -a "${GITHUB_ENV}" - echo "BAKE_CACHE_TO=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH},compression=zstd,mode=max" | tee -a "${GITHUB_ENV}" - else - echo "BAKE_CACHE_FROM=" - echo "BAKE_CACHE_TO=" - fi + #if [[ -n "${HAVE_GHCR_LOGIN}" ]]; then + # echo "BAKE_CACHE_FROM=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH}" | tee -a "${GITHUB_ENV}" + # echo "BAKE_CACHE_TO=type=registry,ref=${GHCR_REPO}-buildcache:${BASE_IMAGE}-${NORMALIZED_ARCH},compression=zstd,mode=max" | tee -a "${GITHUB_ENV}" + #else + echo "BAKE_CACHE_FROM=" + echo "BAKE_CACHE_TO=" + #fi # - name: Generate tags @@ -182,7 +182,7 @@ jobs: # Output for use in next step { echo "TAGS<> "$GITHUB_ENV" @@ -199,6 +199,7 @@ jobs: source: . files: docker/docker-bake.hcl targets: "${{ matrix.base_image }}-multi" + no-cache: true set: | *.platform=linux/${{ matrix.arch }} ${{ env.TAGS }} @@ -247,6 +248,70 @@ jobs: name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-${{ env.NORMALIZED_ARCH }}-${{ matrix.base_image }} path: vaultwarden-${{ env.NORMALIZED_ARCH }} + # --- 新增:整理精简版文件 --- + - name: Prepare Minimal Artifact + env: + NORMALIZED_ARCH: ${{ env.NORMALIZED_ARCH }} + BASE_IMAGE: ${{ matrix.base_image }} + SOURCE_VERSION: ${{ env.SOURCE_VERSION }} + run: | + # 定义Artifact文件夹名称 + ARTIFACT_DIR="vaultwarden-${SOURCE_VERSION}-linux-${NORMALIZED_ARCH}-${BASE_IMAGE}-minimal" + mkdir -p "${ARTIFACT_DIR}" + + echo "Copying essential files..." + + # 1. 复制二进制文件并重命名 + if [ -f "./output/vaultwarden" ]; then + cp ./output/vaultwarden "${ARTIFACT_DIR}/vaultwarden" + echo "Copied binary." + else + echo "Error: Binary not found!" + ls -R ./output + exit 1 + fi + + # 2. 复制 web-vault 目录 + if [ -d "./output/web-vault" ]; then + cp -r ./output/web-vault "${ARTIFACT_DIR}/web-vault" + echo "Copied web-vault." + else + echo "Warning: web-vault not found." + fi + + # 3. 复制启动脚本和健康检查脚本 + for script in start.sh healthcheck.sh; do + if [ -f "./output/${script}" ]; then + cp "./output/${script}" "${ARTIFACT_DIR}/${script}" + chmod +x "${ARTIFACT_DIR}/${script}" + echo "Copied ${script}." + else + echo "Warning: ${script} not found." + fi + done + + # 4. (可选) 如果有 Rocket.toml 或其他配置文件也复制 + if [ -f "./output/Rocket.toml" ]; then + cp ./output/Rocket.toml "${ARTIFACT_DIR}/Rocket.toml" + fi + + # 显示最终文件大小 + echo "Artifact contents:" + ls -lhR "${ARTIFACT_DIR}" + du -sh "${ARTIFACT_DIR}" + + # 导出变量供下一步使用 + echo "ARTIFACT_DIR=${ARTIFACT_DIR}" >> "${GITHUB_ENV}" + + # --- 新增:上传精简包 --- + - name: Upload Minimal Artifact + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + with: + name: ${{ env.ARTIFACT_DIR }} + path: ${{ env.ARTIFACT_DIR }} + retention-days: 5 + # 如果文件超过 500MB 可能需要分片,但精简版通常很小 + merge-manifests: name: Merge manifests runs-on: ubuntu-latest From 1e3eea9c9935e05f5af4fea66f9f9b3300295529 Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 15:01:43 +0800 Subject: [PATCH 07/13] Modify SOURCE_VERSION assignment for no tags Update SOURCE_VERSION format in release workflow. --- .github/workflows/release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 541ddb30..f0c4aa4c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -102,8 +102,9 @@ jobs: # 如果有旧 Tag,生成 "Tag-CommitHash" 格式 echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" else - echo "SOURCE_VERSION=${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" - echo "⚠️ No tags found in repository. Using version: dev-${SOURCE_COMMIT:0:8}" + # echo "SOURCE_VERSION=${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" + # echo "⚠️ No tags found in repository. Using version: dev-${SOURCE_COMMIT:0:8}" + echo "SOURCE_VERSION=1.35.4-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" fi fi @@ -182,7 +183,7 @@ jobs: # Output for use in next step { echo "TAGS<> "$GITHUB_ENV" From ef92147e161216ec627b7976abb4e909f04b6b3e Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 15:45:42 +0800 Subject: [PATCH 08/13] Refactor release workflow to prepare and upload tarball --- .github/workflows/release.yml | 65 ++++++++++++++++------------------- 1 file changed, 30 insertions(+), 35 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f0c4aa4c..4b977b71 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -249,69 +249,64 @@ jobs: name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-${{ env.NORMALIZED_ARCH }}-${{ matrix.base_image }} path: vaultwarden-${{ env.NORMALIZED_ARCH }} - # --- 新增:整理精简版文件 --- - - name: Prepare Minimal Artifact + # --- 修改开始:整理文件并打包成 TAR --- + - name: Prepare and Tar Minimal Files env: NORMALIZED_ARCH: ${{ env.NORMALIZED_ARCH }} BASE_IMAGE: ${{ matrix.base_image }} SOURCE_VERSION: ${{ env.SOURCE_VERSION }} run: | - # 定义Artifact文件夹名称 - ARTIFACT_DIR="vaultwarden-${SOURCE_VERSION}-linux-${NORMALIZED_ARCH}-${BASE_IMAGE}-minimal" - mkdir -p "${ARTIFACT_DIR}" + # 定义临时文件夹名称 + TEMP_DIR="vaultwarden-${SOURCE_VERSION}-linux-${NORMALIZED_ARCH}-${BASE_IMAGE}" + mkdir -p "${TEMP_DIR}" - echo "Copying essential files..." + echo "Copying essential files to ${TEMP_DIR}..." - # 1. 复制二进制文件并重命名 + # 1. 复制二进制文件 if [ -f "./output/vaultwarden" ]; then - cp ./output/vaultwarden "${ARTIFACT_DIR}/vaultwarden" - echo "Copied binary." + cp ./output/vaultwarden "${TEMP_DIR}/vaultwarden" + chmod +x "${TEMP_DIR}/vaultwarden" else - echo "Error: Binary not found!" - ls -R ./output - exit 1 + echo "Error: Binary not found!" && exit 1 fi # 2. 复制 web-vault 目录 if [ -d "./output/web-vault" ]; then - cp -r ./output/web-vault "${ARTIFACT_DIR}/web-vault" - echo "Copied web-vault." + cp -r ./output/web-vault "${TEMP_DIR}/web-vault" else echo "Warning: web-vault not found." fi - # 3. 复制启动脚本和健康检查脚本 + # 3. 复制脚本文件 for script in start.sh healthcheck.sh; do if [ -f "./output/${script}" ]; then - cp "./output/${script}" "${ARTIFACT_DIR}/${script}" - chmod +x "${ARTIFACT_DIR}/${script}" - echo "Copied ${script}." - else - echo "Warning: ${script} not found." + cp "./output/${script}" "${TEMP_DIR}/${script}" + chmod +x "${TEMP_DIR}/${script}" fi done - # 4. (可选) 如果有 Rocket.toml 或其他配置文件也复制 - if [ -f "./output/Rocket.toml" ]; then - cp ./output/Rocket.toml "${ARTIFACT_DIR}/Rocket.toml" - fi + # 4. 打包成 .tar.gz + TARBALL_NAME="${TEMP_DIR}.tar.gz" + echo "Creating tarball: ${TARBALL_NAME}" + tar -czvf "${TARBALL_NAME}" "${TEMP_DIR}" - # 显示最终文件大小 - echo "Artifact contents:" - ls -lhR "${ARTIFACT_DIR}" - du -sh "${ARTIFACT_DIR}" + # 显示包大小 + ls -lh "${TARBALL_NAME}" + du -sh "${TEMP_DIR}" - # 导出变量供下一步使用 - echo "ARTIFACT_DIR=${ARTIFACT_DIR}" >> "${GITHUB_ENV}" + # 导出变量供上传步骤使用 + echo "TARBALL_NAME=${TARBALL_NAME}" >> "${GITHUB_ENV}" + echo "ARTIFACT_NAME=${TEMP_DIR}" >> "${GITHUB_ENV}" - # --- 新增:上传精简包 --- - - name: Upload Minimal Artifact + # --- 修改结束:上传 TAR 包 --- + - name: Upload Vaultwarden Tarball uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: - name: ${{ env.ARTIFACT_DIR }} - path: ${{ env.ARTIFACT_DIR }} + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.TARBALL_NAME }} retention-days: 5 - # 如果文件超过 500MB 可能需要分片,但精简版通常很小 + # 如果包很大,可以开启分片压缩 (可选) + # compression-level: 6 merge-manifests: name: Merge manifests From 38c500aa81f1ea67ca065e518994656339ac13f1 Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 16:24:04 +0800 Subject: [PATCH 09/13] Update release.yml --- .github/workflows/release.yml | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4b977b71..a63587ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -259,36 +259,13 @@ jobs: # 定义临时文件夹名称 TEMP_DIR="vaultwarden-${SOURCE_VERSION}-linux-${NORMALIZED_ARCH}-${BASE_IMAGE}" mkdir -p "${TEMP_DIR}" - + du -ah echo "Copying essential files to ${TEMP_DIR}..." - # 1. 复制二进制文件 - if [ -f "./output/vaultwarden" ]; then - cp ./output/vaultwarden "${TEMP_DIR}/vaultwarden" - chmod +x "${TEMP_DIR}/vaultwarden" - else - echo "Error: Binary not found!" && exit 1 - fi - - # 2. 复制 web-vault 目录 - if [ -d "./output/web-vault" ]; then - cp -r ./output/web-vault "${TEMP_DIR}/web-vault" - else - echo "Warning: web-vault not found." - fi - - # 3. 复制脚本文件 - for script in start.sh healthcheck.sh; do - if [ -f "./output/${script}" ]; then - cp "./output/${script}" "${TEMP_DIR}/${script}" - chmod +x "${TEMP_DIR}/${script}" - fi - done - # 4. 打包成 .tar.gz TARBALL_NAME="${TEMP_DIR}.tar.gz" echo "Creating tarball: ${TARBALL_NAME}" - tar -czvf "${TARBALL_NAME}" "${TEMP_DIR}" + tar -czvf "${TARBALL_NAME}" ./output/ # 显示包大小 ls -lh "${TARBALL_NAME}" From 216c00f1bb28ca26b98fabbb7aef915ac39c15f6 Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 16:50:24 +0800 Subject: [PATCH 10/13] Update artifact name format in release workflow --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a63587ae..0e376234 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -273,7 +273,7 @@ jobs: # 导出变量供上传步骤使用 echo "TARBALL_NAME=${TARBALL_NAME}" >> "${GITHUB_ENV}" - echo "ARTIFACT_NAME=${TEMP_DIR}" >> "${GITHUB_ENV}" + echo "ARTIFACT_NAME=${TEMP_DIR}-tar" >> "${GITHUB_ENV}" # --- 修改结束:上传 TAR 包 --- - name: Upload Vaultwarden Tarball From 8ea61d40cbf8084f3b2c9a77bc3ad70f3c2bccf7 Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 17:26:08 +0800 Subject: [PATCH 11/13] Update Debian base images in Dockerfile --- docker/Dockerfile.debian | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index 8796dedb..ce63350e 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -36,7 +36,7 @@ FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c64defb9ed5a91eacb37f ########################## BUILD IMAGE ########################## # hadolint ignore=DL3006 -FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.93.1-slim-trixie AS build +FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.93.1-slim-bookworm AS build COPY --from=xx / / ARG TARGETARCH ARG TARGETVARIANT @@ -161,7 +161,7 @@ RUN source /env-cargo && \ # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' # # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 -FROM --platform=$TARGETPLATFORM docker.io/library/debian:trixie-slim +FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ From 2eef62c5a5e75cff3b4160bed6b4e0c403d18a3d Mon Sep 17 00:00:00 2001 From: Jason Yang <18200748882@163.com> Date: Fri, 27 Feb 2026 17:29:39 +0800 Subject: [PATCH 12/13] Comment out artifact attestation and upload steps Commented out the steps for attesting binaries and uploading artifacts in the release workflow. --- .github/workflows/release.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0e376234..5e2d086d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -238,16 +238,16 @@ jobs: mv ./output/vaultwarden vaultwarden-"${NORMALIZED_ARCH}" # Upload artifacts to Github Actions and Attest the binaries - - name: Attest binaries - uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 - with: - subject-path: vaultwarden-${{ env.NORMALIZED_ARCH }} + #- name: Attest binaries + # uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 + # with: + # subject-path: vaultwarden-${{ env.NORMALIZED_ARCH }} - - name: Upload binaries as artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - with: - name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-${{ env.NORMALIZED_ARCH }}-${{ matrix.base_image }} - path: vaultwarden-${{ env.NORMALIZED_ARCH }} + #- name: Upload binaries as artifacts + # uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + # with: + # name: vaultwarden-${{ env.SOURCE_VERSION }}-linux-${{ env.NORMALIZED_ARCH }}-${{ matrix.base_image }} + # path: vaultwarden-${{ env.NORMALIZED_ARCH }} # --- 修改开始:整理文件并打包成 TAR --- - name: Prepare and Tar Minimal Files @@ -265,7 +265,7 @@ jobs: # 4. 打包成 .tar.gz TARBALL_NAME="${TEMP_DIR}.tar.gz" echo "Creating tarball: ${TARBALL_NAME}" - tar -czvf "${TARBALL_NAME}" ./output/ + tar -czvf "${TARBALL_NAME}" vaultwarden-${{ env.NORMALIZED_ARCH }} ./output/web-vault/ ./output/healthcheck.sh ./output/start.sh # 显示包大小 ls -lh "${TARBALL_NAME}" From ba5519167634ebe1e1f0fc10d610d10d1f405101 Mon Sep 17 00:00:00 2001 From: Stefan Melmuk <509385+stefan0xC@users.noreply.github.com> Date: Wed, 4 Mar 2026 06:58:39 +0100 Subject: [PATCH 13/13] apply policies only to confirmed members (#6892) --- src/db/models/org_policy.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/db/models/org_policy.rs b/src/db/models/org_policy.rs index 0607f146..96811a2b 100644 --- a/src/db/models/org_policy.rs +++ b/src/db/models/org_policy.rs @@ -269,7 +269,7 @@ impl OrgPolicy { continue; } - if let Some(user) = Membership::find_by_user_and_org(user_uuid, &policy.org_uuid, conn).await { + if let Some(user) = Membership::find_confirmed_by_user_and_org(user_uuid, &policy.org_uuid, conn).await { if user.atype < MembershipType::Admin { return true; }